How Protector4J works?

Issues of the current Java code protection solution

Before understanding how Protector4J works, let's first learn the issues that exist in other Java code protection solutions.

Code obfuscation

Due to the high semantic nature of JVM bytecode, it is very easy to analyze and read. With dynamic debugging, its execution logic can be easily analyzed, so obfuscation is not a reliable protection solution.

For more information please refer to the article:

Class file encryption

Due to the existence of JVM attachment mechanism, all so-called encrypted code that has not been detached from normal JRE can be easily get via attachment tools. Therefore, this is the most ineffective protection solution.

For more information, please refer to the article:

VMP Protection

Virtualization protection is the most secure form of code protection, but due to its severe impact on performance, it can only be applied to critical code in a program. Other code still remains at risk of exposure. By targeting other parts of the code, the cracker still can obtain functional information of the virtualized code.

Please refer to the article for specific details:

AOT Compilation

AOT compilation's configuration and compilation is very difficult, and there is a high probability of compilation failure. Even if the compilation is successful, the code logic is only transformed from bytecode representation to machine code representation, and its inherent logic still exists without any special protection. If one can understand its compilation and execution mechanism, readable code can still be reverse-engineered.

For more information, please refer to the article:

How Protector4J works?

We defined a private compression package format: JARX

To protect Java code, we created a private compressed document format called JARX and integrated it into the JVM runtime. A JAR file processed by Protector4J is transformed into the JARX format.

We made deep customization and modification to the JVM

Through in-depth study of the JVM, we have made deep customizations and modifications to it. We have removed all additional mechanisms and applied a lot of hardening and optimization at the binary security level. This prevents crackers from using existing methods to export your class information. We believe that with the current strength, the encrypted application protected by Protector4J has a high level of security. However, the battle between cracking and anti-cracking is always a constant improvement. We will continue to improve our encryption and protection solutions to constantly enhance the security of the application.