Geek Answers Handbook

How can I control the use of a custom jar library?

I need a way to significantly protect my jar library in order to allow registered applications to use it in their projects and to prohibit the use of applications that have not been approved by me.

This is fine if I hardcode the stuff in lib for each distribution. I currently have a confused jar.

What are good approaches to limit the use of jars?

One idea was to block lib for a specific package, so if a developer tries to use it in another project, they cannot. But I'm not sure if they can easily provide a custom fake context to make it work ...

+1
source share
3 answers

For me, the best approach is if you want your library to remain autonomous (without involving a network to check or download fragments of the library, I mean), it would be mandatory to use an initializer class that will receive a token from the client application.

It will be crackable , since the token test will be executed by your lib: one can change the lib in the way, it will just skip this test, but it will be difficult due to obfuscation, But this is probably enough if you are not using your library without registration, this is a really important issue.

  • So you will have something like:

    boolean Initializer.initLib(String passcode)

This will prevent lib from working if passcodenot true.

You can make obfuscation more effective by avoiding this:

public void initLib(String passcode) {
    if (passcode == A_GIVEN_PUBLIC_STATIC_THAT_STORESTHE_CODE) {
         // do the proper initializations 
    }
    else {
         throw new RuntimeException("Bad passcode, sorry!");
    }
}

But instead:

public void initLib(String passcode) {
    final char[] PASS_ENCRYPTED  = "f5uhjgf56ik8kv214d5".toCharArray();
    final char[] PASS_MINUSMASK  = "bc".toCharArray();
    final int    PASS_SHIFT      = 11;
    final int    PASS_MASK_MINUS = 2;

    for (int ctr = 0; ctr < PASS_MINUSMASK.length; ++ctr) {  
        final char next = PASS_ENCRYPTED[PASS_SHIFT + ctr - PASS_MASK_MINUS];

        if (passcode.charAt(ctr) != next - (PASS_MINUSMASK[ctr] - 'a')) {
            // make the lib unusable by some inits. But it should look as a proper initialization
            return;
        }
    }    

    // make the lib usable by some inits.
}

, , . ( "" ), , .

  • : ?

, , , - , , . IMEI - .

, . .

, , . , "" , , , . " ", (, , ), , .

+2

, , ?

+1

When you create an Android application with a bank, this bank is compiled into the application and becomes part of it. You cannot just copy the jar from the package and use it elsewhere. If I do not understand the question, this should not be a problem that you need to worry about.

0
source

More articles:


All Articles