PDA

View Full Version : Help on java obfuscating?



Camaro'
12-10-2010, 10:17 PM
I can't seem to get proguard to obfuscate my program completely, it misses most of the file :(

http://proguard.sourceforge.net/

I am obfuscating my file because I'm selling a RSBot script and don't want people reverse engineering it.

Any help is appreciated .. :(

mastaraymond
12-10-2010, 10:34 PM
Obfuscating is so overrated.

Camaro'
12-10-2010, 10:36 PM
Obfuscating is so overrated.

I know, but then people are going to remove my auth system :(

lordsaturn
12-10-2010, 10:39 PM
have a auth check in every single funct in the script? or have the script query your server for commands it needs to run

MylesMadness
12-10-2010, 10:41 PM
Trust me, if I've learned anything in the last month, its that no amount of obfuscating will keep people from cracking java scripts.

Troll
12-10-2010, 10:47 PM
Why dont you make it go to a sever for ID's and the sever checks a auth code for it to work if what eveyone else is saying about it being a waste is ture?

Shuttleu
12-10-2010, 10:52 PM
have the script query your server for commands it needs to run
i think this would be a good idea

~shut

Train
12-10-2010, 11:09 PM
Await for http://scripts.powerbot.org/ to come out.

Camaro'
12-11-2010, 01:44 AM
have a auth check in every single funct in the script? or have the script query your server for commands it needs to run

What would stop the user from removing either of those from the script?

I have a list of mac addresses on my server that are allowed to run the script, and the script checks to see if your mac address is on that list, and if it is not the script won't run. The problem is people are going to remove it.

TomTuff
12-11-2010, 01:55 AM
what saturn says. It's what robotz in disguise does, and they can't be cracked (or at least haven't been yet afaik).

TRiLeZ
12-11-2010, 02:36 AM
This is what I'm gonna do for my for my paid-for scripts:

Make a loader to load the actual script jar from your website, using custom request properties, which the server will check
Make your server give the loader the url to the script jar, using custom request properties
Make every method verify it's legit
Use reflection to call methods, and make the script get the method names from the server
Edit: Also use it to get/put fields, and make the script get the field names from the server



WIN.

Camaro'
12-11-2010, 02:47 AM
I'll try that, thanks for everyones posts.

mastaraymond
12-11-2010, 12:30 PM
This is what I'm gonna do for my for my paid-for scripts:

Make a loader to load the actual script jar from your website, using custom request properties, which the server will check
Make your server give the loader the url to the script jar, using custom request properties
Make every method verify it's legit
Use reflection to call methods, and make the script get the method names from the server
Edit: Also use it to get/put fields, and make the script get the field names from the server



WIN.
Still easily crackable? Just check the the data java sends to your server..

So that means you'll have to use HTTPS or something for the data connection, but even that is probably crackable.

I can only say; if people are foolish enough to buy a RSBot script they wouldn't know a thing about Java and therefore probably don't crack it.. And if they do, there are still thousand of other RSBot users around who don't have access to the cracked version.

lordsaturn
12-11-2010, 01:10 PM
Just do what jagex does and release updates with scrambled code every hour.

Nadeem
12-11-2010, 05:28 PM
This is what I'm gonna do for my for my paid-for scripts:

Make a loader to load the actual script jar from your website, using custom request properties, which the server will check
Make your server give the loader the url to the script jar, using custom request properties
Make every method verify it's legit
Use reflection to call methods, and make the script get the method names from the server
Edit: Also use it to get/put fields, and make the script get the field names from the server



WIN.

I could only imagine how slow your script would be lol

best would be to just write your script as hard to understand possible..that should filter out the noobs ;)


~NS

TRiLeZ
12-11-2010, 08:49 PM
Still easily crackable? Just check the the data java sends to your server..

So that means you'll have to use HTTPS or something for the data connection, but even that is probably crackable.

I can only say; if people are foolish enough to buy a RSBot script they wouldn't know a thing about Java and therefore probably don't crack it.. And if they do, there are still thousand of other RSBot users around who don't have access to the cracked version.

Java will always be crackable, but this will make it hard for people to crack, especially if the script is obfuscated. If it were to be obfuscated, you wouldn't be able to compile a decompiled version, before deobfucating it, so someone's best bet would be to use bytecode to change stuff up. However, you could make the script/loader check the jar's hashcode to verify it hasn't been modified, same thing with the loader jar. You could also change up all of the method / variable names everytime you update the script.


I could only imagine how slow your script would be lol

best would be to just write your script as hard to understand possible..that should filter out the noobs ;)


~NS

Once one thing is loaded from the server, you won't be needing to load it again.