A Safer Journey for Java Applications

A Safer Journey for
Java Applications
Guenther Fischer
Senior Consultant, Licensing and Protection
Dr. Simon Kunz
Java Security Expert
AxProtector Java

Agenda
 Overview of Java
 Introduction: Security and protection technologies for Java
 AxProtector Java
 Current security mechanisms
 Java 9 support
©2018, WIBU-SYSTEMS AG. All rights reserved. - A Safer Journey for Java Applications 2

Overview of Java

Java and the JVM/JRE
 Java: Programming language developed by Sun in 1995
 The JVM is an abstract machine
 The instruction set is called Java Byte Code
 Compiled Java programs consist of many class files that contain Byte Code (not
native code)
 JARS are ZIP archives with an additional manifest
 Byte Code is interpreted and executed by Java Virtual Machine (JVM) at runtime
 Byte Code is easy to reverse engineer
 Classes are always loaded as a whole by the JVM

Java – Write Once, Run Anywhere (WORA)
©2018, WIBU-SYSTEMS AG. All rights reserved. - A Safer Journey for Java Applications
Java Program (.java)
Interpreter (JVM)
Java Compiler
JAVAC
Java Byte Code (.class /.jar)
Windows
Interpreter (JVM)
Linux
Interpreter (JVM)
macOS
…
5

Java Architecture
Classloader
Java Program
*.class Files
Bytec Code Verifier
Interpreter (JVM)
Host Operating System
(Windows, Linux, macOS,..)
Java API
*.class Files
6

Java Byte Code / Native Code Combination
Java Runtime
(Java)
Java Virtual Machine
(Native Code)
JNI
(Native Code)
C/C++ can be used with JNI (Java Native Interface)
7

Introduction: Security and
Protection Technologies for Java

Java and Security
 Java classes are:
 Easy to extract
 Easy to replace (even system classes)
 Easy to modify
 The Java Byte Code is not a “secret”
 Fact!
 Everything written in Java is usually unsecure!

Protection Goals
 Protection against piracy (licensing)
 IP protection against reverse engineering
 Protection against industrial espionage
 Protection against code exploitation
 Integrity protection of data and code
 Protection of sensitive product data (competitive advantage)

The Arsenal of Cyber-Attackers (Java Decompiler .jar/.class -> .java)

Multiple Sources of Information

Possible Options
 Obfuscation
 Java2Exe (JET Engine) or Exe4j
 Translation into native code
 Possible other encryption methods with native tools
 Encrypting Java Byte Code
 Other methods
 Example with CodeMeter Core API

Java Obfuscation Tools (ClassMaster/Allatori/ProGuard….)

Java Obfuscation Tools (ClassMaster/Allatori/ProGuard….)
Java2Exe/JAR2EXE
 Excelsior JET Engine/Regex Jar2Exe
15

Principle of Java2Exe/Jar2Exe/Exe4J
JavaCode
JavaByteCode
NativerCode
JAVAC
Compiler
Excelsior
JET
Compiler
Exe4J
Compiler
16

Additional Encryption-based Protection
JavaCode
JavaByteCode
NativerCode
Encrypted
NativeCode
JAVAC
Compiler
Excelsior
JET
Compiler
AxProtector
Native
Exe4J
Compiler
17

Current Security Mechanisms of
AxProtector Java

Encryption
 Encryption of the executable code before delivery
 Decryption of required classes / methods at runtime in memory
Encryption
Unprotected
Application
Decryption
AxEngine
AxEngine
19

Unencrypted Code (CAFEBABE)
Magic Number Version
Constant Pool
Access Flag
this Class
super Class
Interfaces
Fields
Methods
Attributes
20

Code Protected with AxProtector Java
Magic Number Version
Constant Pool
Access Flag
this Class
super Class
Interfaces
Fields
Methods
Attributes
21

AxProtector Java
 AxProtector Java
 Java 1.6
 Java 1.7
 Java 1.8
 Java 9
 Java Applications
 Java Applets
 Java Servlets

AxProtector Java – Operational Principles
 AxProtector Java automatic protection mechanisms at class / method level encrypt the Byte Code
 Flexible licensing options
 Each class is automatically decrypted while loading. For this, you need to initiatize AxProtector Runtime:
 Java applications with main class => Automatically replaced by wrappers (com.wibu.xpm.Wrapper)
 manual loading by EntryPoint

Encryption at Class or Method Level
Encryption at class level
The class is encrypted as a whole
The class is completely loaded and decrypted when used
class
Method 1
Method 2
Method 3
AxProtector
class
Method 1
Method 2
Method 3
24

Encryption at method level
Methods are extracted as new classes
Methods are loaded and decrypted only when used
Different license lists for individual methods (IxProtector) are possible
class
Ref 1
Ref 2
Ref 3
class
Method 1
class
Method 2
class
Method 3
referenced
class
Method 1
Method 2
Method 3
25

Encryption at class and method level
class
Ref 1
Ref 2
Ref 3
class
Method 1
class
Method 2
class
Method 3
referenced
class
Method 1
Method 2
Method 3
Example: Basic License Feature-based License
26

The Three Types of Encryption Configuration
 Annotations in source code
 AxProtector GUI
 xml configuration file

Annotations in Source Code
 @Protected (licenseList=0)
 @Unprotected
 @EntryPoint

AxProtector GUI

xml – Configuration File

Traps in a Java Application
 If a class or method defined as a trap is decrypted, the license is locked:
Firm Access Counter  0
 Inserting traps automatically or manually

Manual insertion using annotations:
class
Ref 1
Ref 2
Ref 3
class
Method 1
class
Method 2
class
Method 3
referenced
class
Method 1
Method 2
Method 3
trap
@Trap
private static void Method3() {
}
32
Sample referencing:
if (tax > 100%) {
Method3()
}

Automatic insertion using the command line option
Example: Option
-trap1:70
adds to approx. 70% of the encrypted methods traps class
Ref 1
Ref 2
Ref 3
class
Method 1
class
Method 2
class
Method 3
class
Method 1
Method 2
Method 3
Ref 4
class
Method 4
AxProtector summary output:
33

Encryption of the Constant Pool (Option –caa1)
 Constant entries in the constant pool related to the data types of the string, int and long remain encrypted all the way
through
 Decryption is done as needed
Clear text:
 Keys change dynamically
String a = “Hello World!”;
String a = “ut3ilspNQ”;
a = decrypt(a);
Native Function Call
Byte Code
Constant Pool
Java Class
34

Encryption of the Method Control Flow (Option –caa2)
class
Ref 1
Ref 2
Ref 3
class
XYZ
class
YZF
class
LQZ
class
Method 1
Method 2
Method 3
Encrypts the references to the extracted methods
Program flow can no longer be read
35

Obfuscation of Names
 Applicable to:
• Classes
• Methods
• Fields
• Packages
• Local Variables
 Individually controllable for classes and methods
 Applicable to encrypted and unencrypted classes / methods
Example:
36

Obfuscation of Individual Names with AxProtector GUI
Example:
37

Integrity Verification
 Protection against tampering .class files
 Individually applicable for classes and methods
 Applicable to encrypted and unencrypted
classes / methods

CodeMoving
 CodeMoving: Encrypted code is only decrypted and executed in the
CmDongle
 Only with Universal Firm Code (UFC)
 Only with CmDongles 3-xxx, no CmActLicense
 Only locally, not via LAN
Method Code
Result
39

CodeMoving
 CodeMoving code currently needs to be written in C.
 The functionality of CodeMoving is already available
 R&D is currently working on how to automate the code translation
Java
AddIntegers.c
No program logic in java code.
 Automatically replaced by AxProtector with CodeMoving call
40

Java 9 Support

Support of Java 9
 Introduction of the Jigsaw module system
 Jar files can be created in a modular way: Modular Jars with additional rights management
 AxProtector Java supports the encryption of modular Jars
Module.jar
AxProtector
Module.jar
com.wibu.xpm.jar
42

Germany: +49-721-931720
USA: +1-425-7756900
China: +86-21-55661790
http://www.wibu.com
info@wibu.com
Many thanks for your kind attention!

A Safer Journey for Java Applications

More Related Content

Similar to A Safer Journey for Java Applications (20)

More from team-WIBU (20)

Recently uploaded (20)

A Safer Journey for Java Applications