#source code

Does anyone have any ideas on encryption (or something) to prevent source code theft and alteration on Java/kt?

<@&1008423204219531294> please have a look, thanks.

how are u deploying ur product to end users?

as jar?

as exe?

not at all (services running on ur server or cloud)?

unless you are not sharing your code at all preventing that is impossible

you can make it harder with proguard

but you are only making it harder

all you can really do is make the client as dumb as possible, and have a server verify everything

jar

It's like a plugin for a server and needs to protect the source code

proguard is all you have

What do you mean by "alteration"?
Like, you can just calculate a hash for your program, and whenever you use it you can calculate the hash again and check it against the hash you got when you created the program.

It's not technically 100% safe, but the odds are like 2^(-128) or 2^(-256) depending on the hashing algorithm

Sorry I don't know much about English, I'm Chinese so learning English is not so common

ty

That does not answer my question

All code is open source if you're smart enough.

Do not trust anything in client side.

encryption (or something)
The term is "obfuscation" and it really works only if no one is actually interested in your code.

not sure if its an option for u. but u can consider NOT deploying as JAR to ur end users

but instead for example put ur code against graalvm to create a native exe file

(one that isnt just a wrapper for a jvm+jar like jpackage creates)

with a proper native exe people will have a hard time messing with ur code as they are down to assembly then

and cant for example decompile it back to java source anymore

otherwise yeah, obfuscator like pro guard is ur best choice. an obfuscator renames all ur variables, classes, adds fake methods, fake classes, fake connections between ur code, ... to make the code really hard to understand by a human

and it can also employ some tricks that will let all commonly used decompilers fail

but if someone experienced at cracking/reverse engineering sits down they will get through it eventually (see for example minecraft where exactly this happened before they "opened" to modding)

for assembly thats not impossible either (see for example the various cracks that exist to bypass software licenses and similar), but its made much harder to a level where only professionals+lots of time will be able to mess with ur code

minecraft server, not an option

ah, fair

👍

well they said "plugin for a server" - i'm just assuming MC

a proper native exe people will have a hard time messing with ur code

Unless they really WANT to mess with your code, then it will be reverse-engineered.
FFS, we have "mods" for the games that were published when no one even knew of the word "mod".

There is no way (that I can think of) you can perfectly protect source code. You must have seen the recent news that Bytedance has stolen source code from Meishe.

There is no way (that I can think of) you can perfectly protect source code.
Let the actual source code be on a server and only let the clients provide inputs and retrieve results from the server.

Is it a good idea? No.

Yeah that's the only way that I can think of😂

My understanding of alteration is I have your source code in hand and I make a lot changes, so in the future even on the court the judge will not say I have stolen your code.

Just like how I cheated in a college assignment but of course I was caught. The professor was like, come on Im a computer scientist and you think changing some variable names will work?! 😂

Very luckily he didn't fail me the whole course, but just gave me a zero on that assignment.

Yeah, I got "busted" before, too.
Story is a little sillier however, cause I wasn't the one plagiarising, but I just gave some code (1st homework, 3 lines of code) to my study partner at the time, so that he could see an example of how it could work.
Unfortunately one of these lines was a URL with a specific token.
He, without informing me, uploaded that code and yeah... since copying is just as forbidden as sharing... I got the F (worst part is that he didn't even get punished, because he didn't do a homework presentation, thus wasn't eligible for the 0.3 grade bonus, thus it did not count as fraud).

Even worse, I only found out about that when I was called in by some of the IT-Security people, at the end of the semester, after I've already spent all the energy on the weekly homeworks, etc., only to find out that I rather shouldn't have spent that time

Oh man that was harsh

I'm just infinitely happy that IT-Security wasn't one of my mandatory subjects, but only a compulsory elective subject.
Because of that I could just say: Okay, fuck this course, and, okay, I've wasted some time and didn't get 5 ECTS, but hey, whatever.
If it were a mandatory subject, then I would be forced to write it again, and I would need to pass on that attempt (i.e. get at least 4.0 or better). If you wouldn't get a passing grade, that's it for your study, you get exmatriculated, i.e. thrown out.

*Because it's a compulsory elective subject I don't have to write it, but had I wanted to write it, then the same rule of failing grade => exmatriculation would apply

So yeah, I just didn't want to go into an exam with that pressure

I mean, not really. It's just consequent.
That's a mandatory 3rd semester class (for people who enrolled after me) so there was about 1k students enrolled in the course .
They said in the very first lesson that sharing code is just as bad as copying and both the sharer and recipient will get punished equally (also because it's not easy to verify who of the two actually did the code)

Lesson learned for me: Don't help people from my own uni