//样例
package com.epoch.core.security;
import java.io.*;
import java.security.PublicKey;
import java.security.Signature;
public class DSLoader extends ClassLoader {
private static final byte c[] = {
-84,-19,0,5,115,114,0,20,106,97,
118,97,46,115,101,99,117,114,105,116,
121,46,75,101,121,82,101,112,-67,-7,
79,-77,-120,-102,-91,67,2,0,4,76,
0,9,97,108,103,111,114,105,116,104,
109,116,0,18,76,106,97,118,97,47,
108,97,110,103,47,83,116,114,105,110,
103,59,91,0,7,101,110,99,111,100,
101,100,116,0,2,91,66,76,0,6,
102,111,114,109,97,116,113,0,126,0,
1,76,0,4,116,121,112,101,116,0,
27,76,106,97,118,97,47,115,101,99,
117,114,105,116,121,47,75,101,121,82,
101,112,36,84,121,112,101,59,120,112,
116,0,3,68,83,65,117,114,0,2,
91,66,-84,-13,23,-8,6,8,84,-32,
2,0,0,120,112,0,0,1,-68,48,
-126,1,-72,48,-126,1,44,6,7,42,
-122,72,-50,56,4,1,48,-126,1,31,
2,-127,-127,0,-3,127,83,-127,29,117,
18,41,82,-33,74,-100,46,-20,-28,-25,
-10,17,-73,82,60,-17,68,0,-61,30,
63,-128,-74,81,38,105,69,93,64,34,
81,-5,89,61,-115,88,-6,-65,-59,-11,
-70,48,-10,-53,-101,85,108,-41,-127,59,
-128,29,52,111,-14,102,96,-73,107,-103,
80,-91,-92,-97,-97,-24,4,123,16,34,
-62,79,-69,-87,-41,-2,-73,-58,27,-8,
59,87,-25,-58,-88,-90,21,15,4,-5,
-125,-10,-45,-59,30,-61,2,53,84,19,
90,22,-111,50,-10,117,-13,-82,43,97,
-41,42,-17,-14,34,3,25,-99,-47,72,
1,-57,2,21,0,-105,96,80,-113,21,
35,11,-52,-78,-110,-71,-126,-94,-21,-124,
11,-16,88,28,-11,2,-127,-127,0,-9,
-31,-96,-123,-42,-101,61,-34,-53,-68,-85,
92,54,-72,87,-71,121,-108,-81,-69,-6,
58,-22,-126,-7,87,76,11,61,7,-126,
103,81,89,87,-114,-70,-44,89,79,-26,
113,7,16,-127,-128,-76,73,22,113,35,
-24,76,40,22,19,-73,-49,9,50,-116,
-56,-90,-31,60,22,122,-117,84,124,-115,
40,-32,-93,-82,30,43,-77,-90,117,-111,
110,-93,127,11,-6,33,53,98,-15,-5,
98,122,1,36,59,-52,-92,-15,-66,-88,
81,-112,-119,-88,-125,-33,-31,90,-27,-97,
6,-110,-117,102,94,-128,123,85,37,100,
1,76,59,-2,-49,73,42,3,-127,-123,
0,2,-127,-127,0,-71,-5,-67,29,36,
122,97,-81,-108,-91,84,-121,-6,-4,32,
-80,-9,32,-20,-128,-95,-2,-22,-17,-18,
39,104,-99,-55,108,-51,-59,44,76,-90,
-1,-68,-72,32,72,-21,-41,-74,45,1,
-54,-81,4,-98,49,-53,79,-58,-110,57,
27,122,40,-113,-25,-8,12,40,-16,123,
94,-118,-58,88,-12,120,68,117,48,-46,
-87,-71,16,-114,-103,-20,-102,116,69,-8,
-128,60,103,27,-116,-36,-25,-102,-102,-21,
108,-54,-11,-93,51,121,-87,-35,-111,105,
-79,89,-21,97,127,-117,-29,79,109,18,
73,120,10,-26,-25,-114,-64,-116,-67,57,
3,-17,-17,116,0,5,88,46,53,48,
57,126,114,0,25,106,97,118,97,46,
115,101,99,117,114,105,116,121,46,75,
101,121,82,101,112,36,84,121,112,101,
0,0,0,0,0,0,0,0,18,0,
0,120,114,0,14,106,97,118,97,46,
108,97,110,103,46,69,110,117,109,0,
0,0,0,0,0,0,0,18,0,0,
120,112,116,0,6,80,85,66,76,73,
67
};
static Class a;
private static DSLoader d;
private static PublicKey e;
public DSLoader(ClassLoader classloader) {
super(classloader);
}
public DSLoader() {
}
static final Class a(String s) {
try {
return Class.forName(s);
} catch (ClassNotFoundException ex) {
throw new NoClassDefFoundError(ex.getMessage());
}
}
public static synchronized Class getClass(String s) {
if (d == null)
d = new DSLoader((a != null ? a
: (a = a("com.epoch.core.security.DSLoader")))
.getClassLoader());
try {
return d.load(s,true);
} catch (ClassNotFoundException ex) {
throw new NoClassDefFoundError(ex.getMessage());
}
}
private static PublicKey a() throws IOException, ClassNotFoundException {
if (e == null) {
ObjectInputStream in = new ObjectInputStream(
new BufferedInputStream(new ByteArrayInputStream(c)));
e = (PublicKey)in.readObject();
in.close();
}
return e;
}
protected synchronized Class load(String s,boolean resolve) throws ClassNotFoundException {
try {
ClassLoader classloader;
classloader = (a != null ? a
: (a = a("com.epoch.core.security.DSLoader")))
.getClassLoader();
Object obj = null;
Class clazz;
if ((clazz = findLoadedClass(s)) != null)
return clazz;
String s1 = s.replace('.', '/').concat(".class");
ObjectInputStream objectinputstream;
byte abyte0[] = (byte[]) (objectinputstream = new ObjectInputStream(
classloader.getResourceAsStream(s1))).readObject();
byte abyte1[] = (byte[]) objectinputstream.readObject();
objectinputstream.close();
if (abyte0 != null && abyte1 != null) {
PublicKey publickey = a();
String s2;
Signature signature;
(signature = Signature.getInstance(s2 = new String(new byte[] {
68, 83, 65 }))).initVerify(publickey);//DSA
signature.update(abyte0);
if (signature.verify(abyte1)){
clazz = defineClass(s, abyte0, 0, abyte0.length);
}
}
// 必需的步骤2:如果上面没有成功
// 我们尝试用默认的ClassLoader装入它
if (clazz == null)
clazz = findSystemClass(s);
// 必需的步骤3:如有必要,则装入相关的类
if (resolve && clazz != null)
resolveClass( clazz );
return clazz;
} catch (Exception ex) {
ex.printStackTrace();
return null;
}
}
}
//=====================================================================================
package com.epoch.core.security;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.ObjectOutputStream;
import java.io.ObjectInputStream;
import java.io.FileOutputStream;
import java.io.FileInputStream;
import java.security.*;
import com.epoch.core.util.FileUtil;
public class DSManager {
private static final byte c[] = {
-84,-19,0,5,115,114,0,20,106,97,
118,97,46,115,101,99,117,114,105,116,
121,46,75,101,121,82,101,112,-67,-7,
79,-77,-120,-102,-91,67,2,0,4,76,
0,9,97,108,103,111,114,105,116,104,
109,116,0,18,76,106,97,118,97,47,
108,97,110,103,47,83,116,114,105,110,
103,59,91,0,7,101,110,99,111,100,
101,100,116,0,2,91,66,76,0,6,
102,111,114,109,97,116,113,0,126,0,
1,76,0,4,116,121,112,101,116,0,
27,76,106,97,118,97,47,115,101,99,
117,114,105,116,121,47,75,101,121,82,
101,112,36,84,121,112,101,59,120,112,
116,0,3,68,83,65,117,114,0,2,
91,66,-84,-13,23,-8,6,8,84,-32,
2,0,0,120,112,0,0,1,-68,48,
-126,1,-72,48,-126,1,44,6,7,42,
-122,72,-50,56,4,1,48,-126,1,31,
2,-127,-127,0,-3,127,83,-127,29,117,
18,41,82,-33,74,-100,46,-20,-28,-25,
-10,17,-73,82,60,-17,68,0,-61,30,
63,-128,-74,81,38,105,69,93,64,34,
81,-5,89,61,-115,88,-6,-65,-59,-11,
-70,48,-10,-53,-101,85,108,-41,-127,59,
-128,29,52,111,-14,102,96,-73,107,-103,
80,-91,-92,-97,-97,-24,4,123,16,34,
-62,79,-69,-87,-41,-2,-73,-58,27,-8,
59,87,-25,-58,-88,-90,21,15,4,-5,
-125,-10,-45,-59,30,-61,2,53,84,19,
90,22,-111,50,-10,117,-13,-82,43,97,
-41,42,-17,-14,34,3,25,-99,-47,72,
1,-57,2,21,0,-105,96,80,-113,21,
35,11,-52,-78,-110,-71,-126,-94,-21,-124,
11,-16,88,28,-11,2,-127,-127,0,-9,
-31,-96,-123,-42,-101,61,-34,-53,-68,-85,
92,54,-72,87,-71,121,-108,-81,-69,-6,
58,-22,-126,-7,87,76,11,61,7,-126,
103,81,89,87,-114,-70,-44,89,79,-26,
113,7,16,-127,-128,-76,73,22,113,35,
-24,76,40,22,19,-73,-49,9,50,-116,
-56,-90,-31,60,22,122,-117,84,124,-115,
40,-32,-93,-82,30,43,-77,-90,117,-111,
110,-93,127,11,-6,33,53,98,-15,-5,
98,122,1,36,59,-52,-92,-15,-66,-88,
81,-112,-119,-88,-125,-33,-31,90,-27,-97,
6,-110,-117,102,94,-128,123,85,37,100,
1,76,59,-2,-49,73,42,3,-127,-123,
0,2,-127,-127,0,-71,-5,-67,29,36,
122,97,-81,-108,-91,84,-121,-6,-4,32,
-80,-9,32,-20,-128,-95,-2,-22,-17,-18,
39,104,-99,-55,108,-51,-59,44,76,-90,
-1,-68,-72,32,72,-21,-41,-74,45,1,
-54,-81,4,-98,49,-53,79,-58,-110,57,
27,122,40,-113,-25,-8,12,40,-16,123,
94,-118,-58,88,-12,120,68,117,48,-46,
-87,-71,16,-114,-103,-20,-102,116,69,-8,
-128,60,103,27,-116,-36,-25,-102,-102,-21,
108,-54,-11,-93,51,121,-87,-35,-111,105,
-79,89,-21,97,127,-117,-29,79,109,18,
73,120,10,-26,-25,-114,-64,-116,-67,57,
3,-17,-17,116,0,5,88,46,53,48,
57,126,114,0,25,106,97,118,97,46,
115,101,99,117,114,105,116,121,46,75,
101,121,82,101,112,36,84,121,112,101,
0,0,0,0,0,0,0,0,18,0,
0,120,114,0,14,106,97,118,97,46,
108,97,110,103,46,69,110,117,109,0,
0,0,0,0,0,0,0,18,0,0,
120,112,116,0,6,80,85,66,76,73,
67
};
public static boolean generatekey() {
try {
KeyPairGenerator keygen = KeyPairGenerator.getInstance("DSA");
keygen.initialize(1024);
KeyPair keys = keygen.genKeyPair();
PublicKey pubKey = keys.getPublic();
PrivateKey priKey = keys.getPrivate();
ObjectOutputStream out = new ObjectOutputStream(
new FileOutputStream("myprikey.dat"));
out.writeObject(priKey);
out.close();
out = new ObjectOutputStream(new FileOutputStream("mypubkey.dat"));
out.writeObject(pubKey);
out.close();
byte[] pubs = FileUtil.getFileBytes("mypubkey.dat");
StringBuffer sb = new StringBuffer();
for(int i=0;i<pubs.length;i++){
if(i>0 && i%10==0)
sb.append("\n");
sb.append(pubs[i]+",");
}
FileUtil.createFile("mypubkey.txt",sb.toString().length()>0?
sb.toString().substring(0,sb.toString().length()-1):"");
return true;
} catch (Exception e) {
e.printStackTrace();
return false;
}
}
public static void generateSign(String src,String obj){
try {
ObjectInputStream in = new ObjectInputStream(new FileInputStream("myprikey.dat"));
PrivateKey priKey = (PrivateKey) in.readObject();
in.close();
byte[] plan = FileUtil.getFileBytes(src); //要签名的信息
//用私钥对信息生成数字签名
Signature signet = Signature.getInstance("DSA");
signet.initSign(priKey);
signet.update(plan);
byte[] signed = signet.sign(); //对信息的数字签名
//把信息和数字签名保存在一个文件中
ObjectOutputStream out = new ObjectOutputStream(new FileOutputStream(obj));
out.writeObject(plan);
out.writeObject(signed);
out.close();
} catch (Exception e) {
e.printStackTrace();
}
}
public static void checkSign(String name){
try {
ObjectInputStream in = (ObjectInputStream)new ObjectInputStream(
new ByteArrayInputStream(c));
PublicKey pubKey = (PublicKey) in.readObject();
in.close();
in = new ObjectInputStream(new FileInputStream(name));
byte[] bytes0 = (byte[]) in.readObject();
byte[] bytes1 = (byte[]) in.readObject();
in.close();
Signature signature = Signature.getInstance("DSA");
signature.initVerify(pubKey);
signature.update(bytes0);
if (signature.verify(bytes1)) {
System.out.println("签名正常");
} else
System.out.println("非签名正常");
} catch (Exception e) {
e.printStackTrace();
}
}
public static void main(String[] args) {
if(args.length<1)return;
if(args[0].equalsIgnoreCase("key")){
if((args.length>1 && (args[1].equalsIgnoreCase("y") || args[1].equalsIgnoreCase("yes"))
|| ((new File("myprikey.dat")).exists() == false))) {
if (generatekey() == false) {
System.out.println("生成密钥对败");
return;
}
}
return ;
}
if(args[0].equalsIgnoreCase("sign")){
generateSign("d:/com/test/DSTest.class",
"d:/com/test/DSTest.class");
}
if(args[0].equalsIgnoreCase("check")){
checkSign("d:/com/test/DSTest.class");
}
}
}
//==============================================================================
package com.test;
public interface T {
public void test(String str);
}
//===============================================================================
package com.test;
public class DSTest implements T{
public void test(String str){
System.out.println("coming::"+str);
}
public static void main(String[] args) {
new DSTest().test("test");
}
}
//==============================================================================
package com.epoch.core.security;
import com.test.T;
public class Test {
public void test(){
try{
T a = (T)( DSLoader.getClass("com.test.DSTest")).newInstance();
a.test("hello world");
}catch(Exception ex){
ex.printStackTrace();
}
}
public static void main(String[] args){
new Test().test();
}
}
相关推荐
该项目是一款基于ClassLoader扩展的Spring Boot JAR安全加密运行工具源码,包含74个文件,其中69个为Java源文件,1个为Git忽略文件,1个为LICENSE文件,1个为Markdown文件,1个为XML文件,以及1个Go语言文件。...
总的来说,防止Java源码被偷窥的关键在于理解并利用Java的ClassLoader机制,结合加密技术,可以在不改变程序功能的前提下增强源码的安全性。通过自定义ClassLoader并实现即时解密,可以有效地保护代码免受反编译器的...
### 一种改进的加密JAVA源码的方法 #### 概述 随着JAVA作为一种广泛使用的编程语言在各个领域的普及,如何有效地保护JAVA源代码成为了开发者极为关注的话题。本文介绍了一种改进的加密方法,旨在克服现有加密手段...
对于标题“Java SE: ClassLoader in depth”和描述中提到的“源码”、“工具”,实际上在给出的内容部分并没有任何与Java ClassLoader深入相关的技术信息。所提供的内容实际上是一份公司入职报到的指南,与Java编程...
5. **调用`defineClass`方法**:使用`ClassLoader`的`defineClass`方法,将解密后的字节码转换为`java.lang.Class`对象。这个方法会执行验证、准备和解析阶段。 6. **返回Class对象**:最后,返回`defineClass`方法...
- 在Java中,可以通过对原始的`.class`文件进行加密来保护源码。这可以通过自定义的工具(如EncryptClasses)完成,该工具接受一个密钥文件和要加密的类文件作为输入,将加密后的类文件替换原有的未加密版本。 2. ...
3. **自定义类加载器**:通过扩展Java的`ClassLoader`类来实现自定义的类加载逻辑,在加载类文件前对其进行解密。 #### 四、具体实施步骤 ##### 1. 选择加密算法 - **对称加密算法**(如AES):速度快,适用于...
此外,熟悉ClassLoader还能提升对Java安全模型的理解,因为类加载与权限控制紧密相关。 总之,ClassLoader是Java运行时环境中的关键组件,理解其工作原理和如何自定义ClassLoader对于提高开发者的技术深度和解决...
总结Xjar 是一个针对Spring Boot JAR包的安全加密工具,它通过加密JAR内的资源和使用自定义ClassLoader实现程序的加密启动和动态解密运行,有效地防止了源码泄露和反编译攻击。使用Xjar,开发者无需修改原有代码,只...
本话题将深入探讨如何对Android APK文件进行代码加密,以及源码的相关知识。 一、Android APK 文件结构 Android 应用程序以APK(Android Package)的形式发布,它实际上是一个包含应用程序代码、资源、manifest文件...
参考《Java的加密解密的艺术》。 http-component 该模块部分代码来自官方文档和Baeldung博客。 proxy-classloader 用到了Jdk动态代理,以及Classloader。 resource 该模块主要用于Class和Classloader如何获取资源。 ...
这样做的好处是,攻击者在没有解密壳的情况下难以直接访问到原始的Dalvik字节码或Java源代码,从而增加了逆向工程的难度。 在源码中,我们可能会看到以下几个关键组件: 1. **壳程序(Shell)**:这是APK加壳的...
针对这个问题,有一种解决方案就是使用"SpringBoot JAR安全加密运行工具",如描述中提到的,这种工具能够支持对原生JAR文件进行加密,确保应用的源码不被轻易获取或反编译。 首先,我们需要理解JAR(Java Archive)...
这是一套旨在提高Java应用安全性的技术措施,通过加解密技术以及加密狗等硬件的结合,达到了保护Java class文件不易被反编译和非法篡改的目的。通过JNI和C语言,也展示了跨语言编程技术在安全领域的应用。
JavaLauncher源码分析 在Java开发领域,启动器(Launcher)是程序运行的关键部分,它负责加载类、初始化环境以及执行应用程序。对于"Minecraft Launcher"这样的游戏启动器来说,其重要性更是不言而喻,因为它不仅要...
源代码可能包含对这些加密库的使用示例,如RSA、AES、DES等,用于数据加密和解密,数字签名,以及消息认证码(MAC)的生成。 4. 网络安全:Java的网络编程接口(java.net)支持安全套接层(SSL/TLS)协议,用于安全...
基于对JAR包内资源的加密以及拓展ClassLoader来构建的一套程序加密启动, 动态解密运行的方案, 避免源码泄露以及反编译. 功能特性 无代码侵入, 只需要把编译好的JAR包通过工具加密即可. 完全内存解密, 降低源码以及...
高并发编程第三阶段11讲 AtomicXXXFieldUpdater源码分析及使用场景分析.mp4 高并发编程第三阶段12讲 sun.misc.Unsafe介绍以及几种Counter方案性能对比.mp4 高并发编程第三阶段13讲 一个JNI程序的编写,通过...
当接收到POST请求时,冰蝎会使用AES算法解密请求中的数据,然后利用自定义的ClassLoader实例化一个类,该类的`equals`方法接收`pageContext`,从而间接访问HTTP请求的各种上下文对象,实现远程控制。 冰蝎源码分析...
高并发编程第三阶段11讲 AtomicXXXFieldUpdater源码分析及使用场景分析.mp4 高并发编程第三阶段12讲 sun.misc.Unsafe介绍以及几种Counter方案性能对比.mp4 高并发编程第三阶段13讲 一个JNI程序的编写,通过...