Problems with Java class file encryption

Besides obfuscation, class file encryption is an easily conceivable code protection approach. Many schemes encrypt class files using agents and decrypt them during class loading. However, these schemes neglect a crucial point: the additional mechanisms provided by the JVM.

JVM Attachment Mechanism

In order to facilitate the analysis and monitoring of the running status of the program, ordinary JVMs are equipped with attachments. Users can use tools like jhsdb to attach to the JVM process and view and analyze its memory data. These memory data are also properly organized according to the data structure in the source file, which can be understood as a built-in backdoor mechanism of the JVM.

The following article introduces how to use the JVM attach mechanism to read and save class file information from memory.

In addition to using the jhsdb tool provided by JDK, you can also use Alibaba'sArthasAnalyze running Java processes.


Due to the existence of JVM attachment mechanism, all so-called encrypted codes that have not detached from normal JVM can be easily read using attachment tools, so this is the most ineffective protection solution.