[Causes]

The company needs to encrypt a web project and sell it.

As everyone knows, class is a good decompiler.

So we need to encrypt the class file first.

Then use your own classloader to decrypt and load.

[Steps]

There are about two steps:

1. Encryption of class files

2. Write and decrypt class files and load classloader

3. Add this classloader to tomcat, that is, make Tomcat callable to this classloader

[Encryption]

1. Thoughts

Byte stream reads class file for simple shift

2. Realization

A small program was made to read all class file byte streams in a folder and to encrypt them with + 2 bits.

3. Description

swing is done using myeclipse plug-ins, which may be messy

4. Code & Download

Encryption program source code and program packaged into jar file uploaded to Here Double-click can be used.

[classloader]

1. Code:

package com.uikoo9.loader;

import java.io.ByteArrayOutputStream;
import java.io.FileInputStream;
import java.io.IOException;

import org.apache.catalina.loader.WebappClassLoader;

/**
 * Customized classloader
 * Decrypts files and loads them
 * @author uikoo9
 */
public class UClassLoader extends WebappClassLoader{
	
	/**
	 * default constructor
	 */
	public UClassLoader() {
		super();
	}

	/**
	 * default constructor
	 * @param parent
	 */
	public UClassLoader(ClassLoader parent) {
		super(parent);
	}

	/* (non-Javadoc)
	 * @see org.apache.catalina.loader.WebappClassLoader#findClass(java.lang.String)
	 */
	public Class<?> findClass(String name) throws ClassNotFoundException {
		if(name.contains("uikoo9")){
			return findClassEncrypt(name);
		}else{
			return super.findClass(name);
		}
	}
	
	/**
	 * Find class
	 * @param name
	 * @return
	 * @throws ClassNotFoundException
	 */
	private Class<?> findClassEncrypt(String name) throws ClassNotFoundException{
		byte[] classBytes = null;
		try {
			System.out.println("++++++" + name);
			classBytes = loadClassBytesEncrypt(name);
		} catch (Exception e) {
			e.printStackTrace();
		}

		Class<?> cl = defineClass(name, classBytes, 0, classBytes.length);
		if (cl == null)
			throw new ClassNotFoundException(name);
		return cl;
	}
	
	/**
	 * Loading encrypted class byte stream
	 * @param name
	 * @return
	 * @throws IOException
	 */
	private byte[] loadClassBytesEncrypt(String name) throws IOException {
		String basepath = "Z:/program/workspaces/_work_03_bzb/WebRoot/WEB-INF/classes/";// Project physical address
		String cname = basepath + name.replace('.', '/') + ".uikoo9";
		System.out.println(cname);
		FileInputStream in = new FileInputStream(cname);
		try {
			ByteArrayOutputStream buffer = new ByteArrayOutputStream();
			int ch;
			while ((ch = in.read()) != -1) {
				buffer.write((byte)(ch - 2));
			}
			in.close();
			return buffer.toByteArray();
		} finally {
			in.close();
		}
	}
}

[Join tomcat]

1.context.xml

Find contex.xml under tomcat and add the following code between context s:

            <Loader loaderClass="com.uikoo9.loader.UClassLoader" delegate="true"></Loader>

Where loader Class is written by itself, delegate= "true" means only decrypting non-system class es and jar s.

2. Add loader

Put your own loader class file under tomcat Lib

[Start]

1. Encrypt all files under classes by using encryption program. After encryption, all class file suffixes become uikoo9, and you can modify the source code by yourself.

2. Delete the original classes folder and copy the encrypted classes folder into it.

3. Modify context.xml

4. Add loader.class under tomcat Lib

5. Start tomcat

After the experiment is no problem, if you have any questions, please leave a message.