`
andrawu
  • 浏览: 9663 次
社区版块
存档分类
最新评论

使用ClassLoader对Java源码加解密

阅读更多

//样例

package com.epoch.core.security;

import java.io.*;
import java.security.PublicKey;
import java.security.Signature;

public class DSLoader extends ClassLoader {

    private static final byte c[] = {
            -84,-19,0,5,115,114,0,20,106,97,
            118,97,46,115,101,99,117,114,105,116,
            121,46,75,101,121,82,101,112,-67,-7,
            79,-77,-120,-102,-91,67,2,0,4,76,
            0,9,97,108,103,111,114,105,116,104,
            109,116,0,18,76,106,97,118,97,47,
            108,97,110,103,47,83,116,114,105,110,
            103,59,91,0,7,101,110,99,111,100,
            101,100,116,0,2,91,66,76,0,6,
            102,111,114,109,97,116,113,0,126,0,
            1,76,0,4,116,121,112,101,116,0,
            27,76,106,97,118,97,47,115,101,99,
            117,114,105,116,121,47,75,101,121,82,
            101,112,36,84,121,112,101,59,120,112,
            116,0,3,68,83,65,117,114,0,2,
            91,66,-84,-13,23,-8,6,8,84,-32,
            2,0,0,120,112,0,0,1,-68,48,
            -126,1,-72,48,-126,1,44,6,7,42,
            -122,72,-50,56,4,1,48,-126,1,31,
            2,-127,-127,0,-3,127,83,-127,29,117,
            18,41,82,-33,74,-100,46,-20,-28,-25,
            -10,17,-73,82,60,-17,68,0,-61,30,
            63,-128,-74,81,38,105,69,93,64,34,
            81,-5,89,61,-115,88,-6,-65,-59,-11,
            -70,48,-10,-53,-101,85,108,-41,-127,59,
            -128,29,52,111,-14,102,96,-73,107,-103,
            80,-91,-92,-97,-97,-24,4,123,16,34,
            -62,79,-69,-87,-41,-2,-73,-58,27,-8,
            59,87,-25,-58,-88,-90,21,15,4,-5,
            -125,-10,-45,-59,30,-61,2,53,84,19,
            90,22,-111,50,-10,117,-13,-82,43,97,
            -41,42,-17,-14,34,3,25,-99,-47,72,
            1,-57,2,21,0,-105,96,80,-113,21,
            35,11,-52,-78,-110,-71,-126,-94,-21,-124,
            11,-16,88,28,-11,2,-127,-127,0,-9,
            -31,-96,-123,-42,-101,61,-34,-53,-68,-85,
            92,54,-72,87,-71,121,-108,-81,-69,-6,
            58,-22,-126,-7,87,76,11,61,7,-126,
            103,81,89,87,-114,-70,-44,89,79,-26,
            113,7,16,-127,-128,-76,73,22,113,35,
            -24,76,40,22,19,-73,-49,9,50,-116,
            -56,-90,-31,60,22,122,-117,84,124,-115,
            40,-32,-93,-82,30,43,-77,-90,117,-111,
            110,-93,127,11,-6,33,53,98,-15,-5,
            98,122,1,36,59,-52,-92,-15,-66,-88,
            81,-112,-119,-88,-125,-33,-31,90,-27,-97,
            6,-110,-117,102,94,-128,123,85,37,100,
            1,76,59,-2,-49,73,42,3,-127,-123,
            0,2,-127,-127,0,-71,-5,-67,29,36,
            122,97,-81,-108,-91,84,-121,-6,-4,32,
            -80,-9,32,-20,-128,-95,-2,-22,-17,-18,
            39,104,-99,-55,108,-51,-59,44,76,-90,
            -1,-68,-72,32,72,-21,-41,-74,45,1,
            -54,-81,4,-98,49,-53,79,-58,-110,57,
            27,122,40,-113,-25,-8,12,40,-16,123,
            94,-118,-58,88,-12,120,68,117,48,-46,
            -87,-71,16,-114,-103,-20,-102,116,69,-8,
            -128,60,103,27,-116,-36,-25,-102,-102,-21,
            108,-54,-11,-93,51,121,-87,-35,-111,105,
            -79,89,-21,97,127,-117,-29,79,109,18,
            73,120,10,-26,-25,-114,-64,-116,-67,57,
            3,-17,-17,116,0,5,88,46,53,48,
            57,126,114,0,25,106,97,118,97,46,
            115,101,99,117,114,105,116,121,46,75,
            101,121,82,101,112,36,84,121,112,101,
            0,0,0,0,0,0,0,0,18,0,
            0,120,114,0,14,106,97,118,97,46,
            108,97,110,103,46,69,110,117,109,0,
            0,0,0,0,0,0,0,18,0,0,
            120,112,116,0,6,80,85,66,76,73,
            67
    };
   
    static Class a;

    private static DSLoader d;

    private static PublicKey e;

    public DSLoader(ClassLoader classloader) {
        super(classloader);
    }

    public DSLoader() {
    }

    static final Class a(String s) {
        try {
            return Class.forName(s);
        } catch (ClassNotFoundException ex) {
            throw new NoClassDefFoundError(ex.getMessage());
        }
    }

    public static synchronized Class getClass(String s) {
        if (d == null)
            d = new DSLoader((a != null ? a
                    : (a = a("com.epoch.core.security.DSLoader")))
                    .getClassLoader());
        try {
            return d.load(s,true);
        } catch (ClassNotFoundException ex) {
            throw new NoClassDefFoundError(ex.getMessage());
        }
    }

    private static PublicKey a() throws IOException, ClassNotFoundException {
        if (e == null) {
            ObjectInputStream in = new ObjectInputStream(
                    new BufferedInputStream(new ByteArrayInputStream(c)));
            e = (PublicKey)in.readObject();
            in.close();
        }
        return e;
    }

   
    protected synchronized Class load(String s,boolean resolve) throws ClassNotFoundException {
        try {
            ClassLoader classloader;
            classloader = (a != null ? a
                    : (a = a("com.epoch.core.security.DSLoader")))
                    .getClassLoader();
            Object obj = null;
            Class clazz;
            if ((clazz = findLoadedClass(s)) != null)
                return clazz;
            String s1 = s.replace('.', '/').concat(".class");
            ObjectInputStream objectinputstream;
            byte abyte0[] = (byte[]) (objectinputstream = new ObjectInputStream(
                    classloader.getResourceAsStream(s1))).readObject();
            byte abyte1[] = (byte[]) objectinputstream.readObject();
            objectinputstream.close();
            if (abyte0 != null && abyte1 != null) {
                PublicKey publickey = a();
                String s2;
                Signature signature;
                (signature = Signature.getInstance(s2 = new String(new byte[] {
                        68, 83, 65 }))).initVerify(publickey);//DSA
                signature.update(abyte0);
                if (signature.verify(abyte1)){
                    clazz = defineClass(s, abyte0, 0, abyte0.length);
                }
            }
           // 必需的步骤2:如果上面没有成功
           // 我们尝试用默认的ClassLoader装入它
         if (clazz == null)
            clazz = findSystemClass(s);

         // 必需的步骤3:如有必要,则装入相关的类
         if (resolve && clazz != null)
             resolveClass( clazz );
           
            return clazz;
        } catch (Exception ex) {
            ex.printStackTrace();
            return null;
        }
    }

}


//=====================================================================================

package com.epoch.core.security;

import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.ObjectOutputStream;
import java.io.ObjectInputStream;
import java.io.FileOutputStream;
import java.io.FileInputStream;

import java.security.*;

import com.epoch.core.util.FileUtil;

public class DSManager {
    private static final byte c[] = {
            -84,-19,0,5,115,114,0,20,106,97,
            118,97,46,115,101,99,117,114,105,116,
            121,46,75,101,121,82,101,112,-67,-7,
            79,-77,-120,-102,-91,67,2,0,4,76,
            0,9,97,108,103,111,114,105,116,104,
            109,116,0,18,76,106,97,118,97,47,
            108,97,110,103,47,83,116,114,105,110,
            103,59,91,0,7,101,110,99,111,100,
            101,100,116,0,2,91,66,76,0,6,
            102,111,114,109,97,116,113,0,126,0,
            1,76,0,4,116,121,112,101,116,0,
            27,76,106,97,118,97,47,115,101,99,
            117,114,105,116,121,47,75,101,121,82,
            101,112,36,84,121,112,101,59,120,112,
            116,0,3,68,83,65,117,114,0,2,
            91,66,-84,-13,23,-8,6,8,84,-32,
            2,0,0,120,112,0,0,1,-68,48,
            -126,1,-72,48,-126,1,44,6,7,42,
            -122,72,-50,56,4,1,48,-126,1,31,
            2,-127,-127,0,-3,127,83,-127,29,117,
            18,41,82,-33,74,-100,46,-20,-28,-25,
            -10,17,-73,82,60,-17,68,0,-61,30,
            63,-128,-74,81,38,105,69,93,64,34,
            81,-5,89,61,-115,88,-6,-65,-59,-11,
            -70,48,-10,-53,-101,85,108,-41,-127,59,
            -128,29,52,111,-14,102,96,-73,107,-103,
            80,-91,-92,-97,-97,-24,4,123,16,34,
            -62,79,-69,-87,-41,-2,-73,-58,27,-8,
            59,87,-25,-58,-88,-90,21,15,4,-5,
            -125,-10,-45,-59,30,-61,2,53,84,19,
            90,22,-111,50,-10,117,-13,-82,43,97,
            -41,42,-17,-14,34,3,25,-99,-47,72,
            1,-57,2,21,0,-105,96,80,-113,21,
            35,11,-52,-78,-110,-71,-126,-94,-21,-124,
            11,-16,88,28,-11,2,-127,-127,0,-9,
            -31,-96,-123,-42,-101,61,-34,-53,-68,-85,
            92,54,-72,87,-71,121,-108,-81,-69,-6,
            58,-22,-126,-7,87,76,11,61,7,-126,
            103,81,89,87,-114,-70,-44,89,79,-26,
            113,7,16,-127,-128,-76,73,22,113,35,
            -24,76,40,22,19,-73,-49,9,50,-116,
            -56,-90,-31,60,22,122,-117,84,124,-115,
            40,-32,-93,-82,30,43,-77,-90,117,-111,
            110,-93,127,11,-6,33,53,98,-15,-5,
            98,122,1,36,59,-52,-92,-15,-66,-88,
            81,-112,-119,-88,-125,-33,-31,90,-27,-97,
            6,-110,-117,102,94,-128,123,85,37,100,
            1,76,59,-2,-49,73,42,3,-127,-123,
            0,2,-127,-127,0,-71,-5,-67,29,36,
            122,97,-81,-108,-91,84,-121,-6,-4,32,
            -80,-9,32,-20,-128,-95,-2,-22,-17,-18,
            39,104,-99,-55,108,-51,-59,44,76,-90,
            -1,-68,-72,32,72,-21,-41,-74,45,1,
            -54,-81,4,-98,49,-53,79,-58,-110,57,
            27,122,40,-113,-25,-8,12,40,-16,123,
            94,-118,-58,88,-12,120,68,117,48,-46,
            -87,-71,16,-114,-103,-20,-102,116,69,-8,
            -128,60,103,27,-116,-36,-25,-102,-102,-21,
            108,-54,-11,-93,51,121,-87,-35,-111,105,
            -79,89,-21,97,127,-117,-29,79,109,18,
            73,120,10,-26,-25,-114,-64,-116,-67,57,
            3,-17,-17,116,0,5,88,46,53,48,
            57,126,114,0,25,106,97,118,97,46,
            115,101,99,117,114,105,116,121,46,75,
            101,121,82,101,112,36,84,121,112,101,
            0,0,0,0,0,0,0,0,18,0,
            0,120,114,0,14,106,97,118,97,46,
            108,97,110,103,46,69,110,117,109,0,
            0,0,0,0,0,0,0,18,0,0,
            120,112,116,0,6,80,85,66,76,73,
            67
    };

    public static boolean generatekey() {
        try {
            KeyPairGenerator keygen = KeyPairGenerator.getInstance("DSA");
            keygen.initialize(1024);
            KeyPair keys = keygen.genKeyPair();
            PublicKey pubKey = keys.getPublic();
            PrivateKey priKey = keys.getPrivate();

            ObjectOutputStream out = new ObjectOutputStream(
                    new FileOutputStream("myprikey.dat"));
            out.writeObject(priKey);
            out.close();

            out = new ObjectOutputStream(new FileOutputStream("mypubkey.dat"));
            out.writeObject(pubKey);
            out.close();
           
            byte[] pubs = FileUtil.getFileBytes("mypubkey.dat");
            StringBuffer sb = new StringBuffer();
            for(int i=0;i<pubs.length;i++){
                if(i>0 && i%10==0)
                    sb.append("\n");                   
                sb.append(pubs[i]+",");
            }
  
            FileUtil.createFile("mypubkey.txt",sb.toString().length()>0?
                    sb.toString().substring(0,sb.toString().length()-1):"");
           
            return true;
        } catch (Exception e) {
            e.printStackTrace();
            return false;
        }
    }


    public static void generateSign(String src,String obj){
        try {
            ObjectInputStream in = new ObjectInputStream(new FileInputStream("myprikey.dat"));
            PrivateKey priKey = (PrivateKey) in.readObject();
            in.close();

            byte[] plan = FileUtil.getFileBytes(src); //要签名的信息
           
            //用私钥对信息生成数字签名
            Signature signet = Signature.getInstance("DSA");
            signet.initSign(priKey);
            signet.update(plan);
            byte[] signed = signet.sign(); //对信息的数字签名
            //把信息和数字签名保存在一个文件中
            ObjectOutputStream out = new ObjectOutputStream(new FileOutputStream(obj));
            out.writeObject(plan);
            out.writeObject(signed);
            out.close();
        } catch (Exception e) {
            e.printStackTrace();
        }       
    }

    public static void checkSign(String name){
        try {

            ObjectInputStream in = (ObjectInputStream)new ObjectInputStream(
                    new ByteArrayInputStream(c));           
            PublicKey pubKey = (PublicKey) in.readObject();
            in.close();

            in = new ObjectInputStream(new FileInputStream(name));
            byte[] bytes0 = (byte[]) in.readObject();
            byte[] bytes1 = (byte[]) in.readObject();
            in.close();

            Signature signature = Signature.getInstance("DSA");
            signature.initVerify(pubKey);
            signature.update(bytes0);
            if (signature.verify(bytes1)) {
                System.out.println("签名正常");
            } else
                System.out.println("非签名正常");
        } catch (Exception e) {
            e.printStackTrace();
        }
    }
   
    public static void main(String[] args) {
        if(args.length<1)return;
       
        if(args[0].equalsIgnoreCase("key")){
            if((args.length>1 && (args[1].equalsIgnoreCase("y") || args[1].equalsIgnoreCase("yes"))
                    || ((new File("myprikey.dat")).exists() == false))) {
                if (generatekey() == false) {
                    System.out.println("生成密钥对败");
                    return;
                }
            }
            return ;
        }
       
        if(args[0].equalsIgnoreCase("sign")){
            generateSign("d:/com/test/DSTest.class",
                    "d:/com/test/DSTest.class");
        }

        if(args[0].equalsIgnoreCase("check")){
            checkSign("d:/com/test/DSTest.class");
        }
       
    }
}


//==============================================================================

package com.test;

public interface T {
    public void test(String str);
}

//===============================================================================
package com.test;

public class DSTest implements T{
   
    public void test(String str){
        System.out.println("coming::"+str);       
    }
   
    public static void main(String[] args) {
        new DSTest().test("test");
    }
}

//==============================================================================
package com.epoch.core.security;

import com.test.T;

public class Test {
   
    public void test(){
        try{
            T a = (T)( DSLoader.getClass("com.test.DSTest")).newInstance();
            a.test("hello world");
        }catch(Exception ex){
            ex.printStackTrace();
        }       
    }
   
    public static void main(String[] args){
        new Test().test();
    }
}

 

 

分享到:
评论

相关推荐

    基于ClassLoader扩展的Spring Boot JAR安全加密运行工具设计源码

    该项目是一款基于ClassLoader扩展的Spring Boot JAR安全加密运行工具源码,包含74个文件,其中69个为Java源文件,1个为Git忽略文件,1个为LICENSE文件,1个为Markdown文件,1个为XML文件,以及1个Go语言文件。...

    如何有效防止Java程序源码被人偷窥.doc

    总的来说,防止Java源码被偷窥的关键在于理解并利用Java的ClassLoader机制,结合加密技术,可以在不改变程序功能的前提下增强源码的安全性。通过自定义ClassLoader并实现即时解密,可以有效地保护代码免受反编译器的...

    一种改进的加密JAVA源码的方法.pdf

    ### 一种改进的加密JAVA源码的方法 #### 概述 随着JAVA作为一种广泛使用的编程语言在各个领域的普及,如何有效地保护JAVA源代码成为了开发者极为关注的话题。本文介绍了一种改进的加密方法,旨在克服现有加密手段...

    Java SE: ClassLoader in depth

    对于标题“Java SE: ClassLoader in depth”和描述中提到的“源码”、“工具”,实际上在给出的内容部分并没有任何与Java ClassLoader深入相关的技术信息。所提供的内容实际上是一份公司入职报到的指南,与Java编程...

    Java加壳源码-自定义类加载器

    5. **调用`defineClass`方法**:使用`ClassLoader`的`defineClass`方法,将解密后的字节码转换为`java.lang.Class`对象。这个方法会执行验证、准备和解析阶段。 6. **返回Class对象**:最后,返回`defineClass`方法...

    防止Java程序源码被人盗用的应用实例.doc

    - 在Java中,可以通过对原始的`.class`文件进行加密来保护源码。这可以通过自定义的工具(如EncryptClasses)完成,该工具接受一个密钥文件和要加密的类文件作为输入,将加密后的类文件替换原有的未加密版本。 2. ...

    运用加密技术保护Java源代码

    3. **自定义类加载器**:通过扩展Java的`ClassLoader`类来实现自定义的类加载逻辑,在加载类文件前对其进行解密。 #### 四、具体实施步骤 ##### 1. 选择加密算法 - **对称加密算法**(如AES):速度快,适用于...

    ClassLoader总结

    此外,熟悉ClassLoader还能提升对Java安全模型的理解,因为类加载与权限控制紧密相关。 总之,ClassLoader是Java运行时环境中的关键组件,理解其工作原理和如何自定义ClassLoader对于提高开发者的技术深度和解决...

    使用xjar 对Spring-Boot JAR 包加密运行工具,避免源码泄露以及反编译

    总结Xjar 是一个针对Spring Boot JAR包的安全加密工具,它通过加密JAR内的资源和使用自定义ClassLoader实现程序的加密启动和动态解密运行,有效地防止了源码泄露和反编译攻击。使用Xjar,开发者无需修改原有代码,只...

    android apk文件代码加密 源码

    本话题将深入探讨如何对Android APK文件进行代码加密,以及源码的相关知识。 一、Android APK 文件结构 Android 应用程序以APK(Android Package)的形式发布,它实际上是一个包含应用程序代码、资源、manifest文件...

    java8源码-javase:Java

    参考《Java的加密解密的艺术》。 http-component 该模块部分代码来自官方文档和Baeldung博客。 proxy-classloader 用到了Jdk动态代理,以及Classloader。 resource 该模块主要用于Class和Classloader如何获取资源。 ...

    apk加壳源码.zip

    这样做的好处是,攻击者在没有解密壳的情况下难以直接访问到原始的Dalvik字节码或Java源代码,从而增加了逆向工程的难度。 在源码中,我们可能会看到以下几个关键组件: 1. **壳程序(Shell)**:这是APK加壳的...

    SpringBootJAR安全加密运行工具支持的原生JAR

    针对这个问题,有一种解决方案就是使用"SpringBoot JAR安全加密运行工具",如描述中提到的,这种工具能够支持对原生JAR文件进行加密,确保应用的源码不被轻易获取或反编译。 首先,我们需要理解JAR(Java Archive)...

    java资料夹

    这是一套旨在提高Java应用安全性的技术措施,通过加解密技术以及加密狗等硬件的结合,达到了保护Java class文件不易被反编译和非法篡改的目的。通过JNI和C语言,也展示了跨语言编程技术在安全领域的应用。

    javaLauncher源码-Nick0-s-Launcher:MinecraftLauncher-完全重新编码-Java+完整源代码

    JavaLauncher源码分析 在Java开发领域,启动器(Launcher)是程序运行的关键部分,它负责加载类、初始化环境以及执行应用程序。对于"Minecraft Launcher"这样的游戏启动器来说,其重要性更是不言而喻,因为它不仅要...

    JAVA2安全书的源代码

    源代码可能包含对这些加密库的使用示例,如RSA、AES、DES等,用于数据加密和解密,数字签名,以及消息认证码(MAC)的生成。 4. 网络安全:Java的网络编程接口(java.net)支持安全套接层(SSL/TLS)协议,用于安全...

    xjar:Spring Boot JAR 安全加密运行工具,支持的原生JAR

    基于对JAR包内资源的加密以及拓展ClassLoader来构建的一套程序加密启动, 动态解密运行的方案, 避免源码泄露以及反编译. 功能特性 无代码侵入, 只需要把编译好的JAR包通过工具加密即可. 完全内存解密, 降低源码以及...

    汪文君高并发编程实战视频资源下载.txt

     高并发编程第三阶段11讲 AtomicXXXFieldUpdater源码分析及使用场景分析.mp4  高并发编程第三阶段12讲 sun.misc.Unsafe介绍以及几种Counter方案性能对比.mp4  高并发编程第三阶段13讲 一个JNI程序的编写,通过...

    中间件内存马注入&冰蝎连接(附更改部分代码)1

    当接收到POST请求时,冰蝎会使用AES算法解密请求中的数据,然后利用自定义的ClassLoader实例化一个类,该类的`equals`方法接收`pageContext`,从而间接访问HTTP请求的各种上下文对象,实现远程控制。 冰蝎源码分析...

    汪文君高并发编程实战视频资源全集

     高并发编程第三阶段11讲 AtomicXXXFieldUpdater源码分析及使用场景分析.mp4  高并发编程第三阶段12讲 sun.misc.Unsafe介绍以及几种Counter方案性能对比.mp4  高并发编程第三阶段13讲 一个JNI程序的编写,通过...

Global site tag (gtag.js) - Google Analytics