I am creating a client-server application in which I have to make sure that the client has the exact same file I give them.
I was thinking about sending a hash or jar size to the server, but that can easily be bypassed with reverse engineering the code.
Is there a way to ensure that they have the same file yet they can't hack it?
Short answer: No.
Longer answer: Most likely no, at least not without e.g. having access to their hardware and locking it down some way, like with modern gaming consoles. Take PC software, especially games, as an example. Pretty much every game ships with copy protection, yet they all can be found for download free of charge in certain areas of the internet, with copy protection removed. Yes, most of them can't be used for online play anymore, but that's mostly because you need an account that you'd only get when buying the game. Then there are modifications to online games that will give you an advantage over other players, even though there are counter measurements by the game companies, like additional software that is running on the player's computer, scanning for suspicious activity. It's a race between the "hackers" and game vendors, but neither side can win. And we're talking about software made my multi-million dollar companies that should have the resources to make their software hacking proof, if it were possible.
For the case of Java applications, it's comparably easy to modify them, even if you're using obfuscation techniques or signing, as Java byte code simply is much easier to analyze, understand and turn back into Java source files than machine code generated by C/C++ compilers.
Related
Im thinking about creating spring boot application that i would like to comercialize some day.
I planned to build a Jar that i would allow to download, and once client launched it locally and provided some license key, it becomes useable.
I have some doubts about this distribution strategy especially in the meaning of the safety of the code and licensing.
If i provided a Jar, anybody may try reverse engeenering on it - so its easy to be hacked or cracked.
Turning it into executable is more user friendly, also possibly may hide the code better, but still i think its relatively easy to be reverse engineered.
It made me think about obfuscation. If i completely messed up the app before prod build, it would be a way harder to understand or change the code. It may seem okay in the matter of "copying and modifying" the app, but still i think it would be easy to locate licensing limitations in the source files. For example: limit for 5 users can be easilly located in sources by value "5" or the message the user sees, and even if code looks awfull, this lines can be removed, project compiled again, breaking the limitation and wasting my entire effort.
It will be small application, I want to provide clients the instalator, and let them set it up personally. I dont want to be responsible for settting it up in the cloud for the client (without publishing instalator or Jar), as clients may not be interested in cloud based access.
Could You advise me some wise solution for this situaltion?
Thanks in Advance ! :)
The short answer is that there is no way to prevent reverse engineering if someone can run the software on hardware that they control.
The only way to 100% prevent reverse engineering is to ONLY run the software on a platform that you control ... and that can prevent them from getting a copy of the executables.
There are a couple of ways that can make reverse engineering harder:
Use an obfuscator on your JAR files. It will make it harder for someone to read the decompiled code. There are 3rd-party obfuscator products you could use.
Use jpackage (or a 3rd-party tool) to create a native executable for your application.
But beware that modifying an application to disable a license check is much simpler than full reverse engineering. A determined software engineer (or hacker) will be able to do that, given enough time and incentive.
Look at this problem another way:
There are many people and companies making money out of writing and supporting software without resorting to license keys, obfuscation and so on.
Conversely, there are probably millions of aspiring software entrepreneurs who never even turn their clever idea into a worthwhile (saleable) product.
Conversely, there are millions of apps (e.g. in Android app stores) that are simply not worth the effort protecting from IP theft.
Don't get lost in the problem protecting your IP before you have actually created it. And don't overrate its (hypothetical) value.
Some background.
I am currently working on a distributed system in Java. The code is mostly all hand rolled, and consists of a client server frame work and an application to be served. The application is for running a turn based system.
The design issues.
The application is supposed to be almost completely configurable. The base of the program is a processor that will process objects in a linked list style, moving from one object in the chain to the next until the processing is done. I have already written a simple blackjack game with it, nothing fancy just something to implement the API. The problem i am having is that i am unsure as to the granularity of the objects. I know i do not want to write a programing language style architecture, example, classes to represent add, subtract, and other languages constructs, but i want the architecture to be flexible enough so that a user can specify a program, within its capabilities, in a file and have this construct instantiate the proper classes link them and then run the sudo-program.
Any suggestions and/or ideas would be helpful.
Thanks in advance,
Zix
This kind of thing is pretty tough, mostly because the requirements are so broad. When we look at successful, real-world platforms that are highly flexible and configurable it's too easy to think they they started that way, or that you could design them from the beginning to be that way.
This is not the case.
The reality is more about picking a subset of problems. In your case, not just a turn-based games in general, or even turn-based card games, but blackjack, followed by some other game (bridge, poker, whatever), and then you build upon that.
Let your application (and its features) grow based on actual needs, and not the set of problems you think you will need to solve. Focus on the problems that are in front of you as you try to build actual games. Over time, you'll figure which parts to abstract (and which parts not to abstract), and in the mean time you'll actually have something to show for it.
Go the other way, and you'll have an interesting idea, an API no one uses to solve actual problems, and a bunch of code but no games. Don't fool yourself into thinking that no one has tried to build the platform for turn-based games. It's been tried 1,000 times. The reason it doesn't really exist is because building platforms without clear goals (i.e. a set of requirements leading to a finished game) leads you to software without a clear use.
That means they don't get used, games don't get built, you never hear about them, and therefore they aren't successful. Successful, flexible platforms have a long list of successful applications built using them, at many stages throughout their lifetime.
I am trying to write my own DAW, mostly just to learn about the mathematics of how signals are processed to get effects, but also for fun. (A rather large undertaking, but I have the time at the moment). I would like for it to work something like Propellerhead's Record as in the rack especially.
I'm running on a Mac, so I'm thinking of using Audio Units for the different parts, then Core Audio for the scaffolding parts. So, the whole thing would be written in C or Obj-C.
However, I haven't used either Audio Units or Core-Audio before, and the internet hasn't been any help for learning.
Does anyone know where I could learn about these?
Or would Java (The only other language I'd feel comfortable using) be better, or is there something I've completely missed while trying to find the "easy" way to do this?
Thanks,
Jon
if you want to write a DAW:
at minimum, get your feet wet with an existing project. if i were to personally choose a project, i'd contribute to Ardour.
the signal processing in a DAW is relatively simple. you'll have to work with mixers, files, and graphics. if you're already comfortable writing apps, then you probably won't learn much (beyond the basics). of course, you could find an existing project and extend it with features which relate to what you want to learn; you could write plugs or visualizations for it.
if prefer to work with signal processing:
AU or VST plugins will be a good intro - there are many existing projects which you may reference. eventually, you'll get tired of waiting for a host to load to test your program.
language:
objc is not usable for realtime audio rendering.
java is very unusual for this application. there are actually wrappers for AUs and CoreAudio... but can't name one commercial Java AU for OS X.
most audio shops (that I know of) are using C++ - not C. (Hardware is different). this really seems like an odd omission from your list - most DAWs and plugins use C++, and that is the language you'd find the most examples in. if you're already comfortable with C and Java, I'd recommend coming to terms with C++ because that's the standard language in the industry when targeting desktops.
Look at the cross platform C++ library JUCE, it is open source with the option to license the code (price isn't bad).
Plenty of professional DAW and VST developers use it, I'm one of em.
https://www.juce.com/
Warning, this library is a lot of fun to play with. It renewed my interest in C++, which was no small feat.
you are right-on in assuming that core-audio and audiounits could form the basis for a system (that may not need to be a fully-fledged DAW but may have some combination of multi-track audio recording, editing, playback, etc...) much easier than worrying about cross-platform concerns, massive all-encompassing frameworks like Juce, or ASIO and other os-bypassing hacks. i think you will find that audio programming is a specialized discipline and most folks here on stackoverflow are ill prepared to offer useful advice.
Java is rather unsuitable, as is C#, as are interpreted languages FOR AUDIO, in particular for multichannel audio, DSP, etc. due to time contraints and the need to work on a rather low-level for many critical loops.
you will find the documents you need on developer.apple.com (you'll have to make a login) and you can find shell-examples for your interest directly inside of xcode examples...
good luck
We are going to create Jar Store the way like App Store works, but for Java Developers.
Everyone will able to submit and sell custom .jar library which solves some little problem, but solves it very good to save other developer's work time.
The only undecided question is how to prevent .jar copying or publishing bought .jar to the Net.
EDIT: This can probably achieved by using strong copyright policy? Suggest please!
EDIT 2: I imagine Steve Jobs asking:
How we can prevent iPhone Apps from copying?
— You can't it's just a files on the iPhone which can be easily copied by anyone.
Whoa! Did we just go through a 12-year time warp?
This is exactly what JavaBeans was intended to do, back in 1996-7.
It was intended to solve a technical challenge of pluggable, re-usable code, which would of course engender a vibrant and lucrative third-party marketplace of drop-in components. People would make,sell, buy, and consume these re-usable pieces of code.
Then, that fantasy was replicated when server-side Java grew in popularity. The idea behind numerous companies was that they'd act as brokers and commercial exchanges for re-usable pieces of code. The names of these companies escape me now. There were many.
Most of them faded, and some of them evolved their business model away from acting as an commercial exchange, and towards selling software directly. In particular, they moved toward selling the thing they had hoped to run their business on (their "ERP"), as a piece of software that enterprises could use internally - a component repository supporting re-use within an enterprise.
Darn! The names of the big companies that made this transition escape me now.
An interesting question is, why did App Store succeed (wildly!) while the vision for JavaBeans stores, or stores for enterprise Javva components, never caught on.
I have my theories but... not least among the reasons is the phenomenon of "open source" - where you can get pretty darn good re-usable components for free. Before you go tilting at this windmill, I suggest you study some industry history!
For this to work you need to have content. Really good content. With excellent documentation.
I would imagine this is the first obstacle you need to tackle.
With this business idea copyright protection in both technical and legal way must be you core competences since this is the main part for your added value.
If you prevent something from copying, how are people supposed to distribute their software? I'm not writing enterprise solutions to run only on my notebook.
you can't don't even spend any more time on trying.
rephrase your question to
I want to restrict someone copying a
plain text file.
Same problem with a .jar file. You can put all the legal restrictions you want, but it won't stop anyone from making a copy of your file if they are able to use it. Go ask the RIAA how effective they are at stopping the copying of .mp3 files.
I would also offer what do you think you can offer than the Open Source community doesn't already offer in the Java world? The Java ecosystem is very mature and very full featured from a library stand point. I can't imagine that anything you offer, that might be the least bit innovative, some open source project won't spring up and create a free open source version of.
For a product in long run (may be 0.5-1 million users) is it good to use java instead of .net from the cost/profitability perspective. To elaborate more..consider web farm scenario in which one will have to purchase windows + Sql server + some antivirus licenses for .net applications. But for java it's almost free. What points should I consider?
PS: I am a .net person by heart
I would expect bandwidth to cost more than software licences is you're reasonably successful - although obviously that will depend somewhat on the kind of app, and I haven't run any figures.
Are you just starting this up yourself, with little firm idea that it will take off? If so, I suggest you go with whatever makes your life easier to start with. If things take off, you'll either have enough money to pay for the licences easily, or you'll quite possibly need to rewrite the app anyway. Writing an app which provably scales to a million users is likely to cause you a lot more grief than writing one which scales to 10,000. Get the app out there early, get feedback ASAP, and you can do what it takes if it ever becomes truly successful.
Go with what you know. With that many users price may not be important.
The first thing you should consider is the fact that you are a .net person. Java syntax is very similar, but it will take you time to learn (more importantly, become good enough to write an app this large) in a language you don't know as well. You should consider whether the savings are worth that time to you.
Also, keep in mind that there are many (legal) ways to get cheap (sometimes free) copies of the Microsoft software that you need, or the "lite" versions of the software that you need... which may be enough to get you going until your venture starts making money. So explore those before making a decision too.
License fee's cost less than a weeks pay for a development team.
Go with what you will be most productive in, and you'll save money.
Btw, WebSphere costs $1600 per CPU...Java isn't always free.
If you're a .net person, then stay with c#.net.
Whenever this topic comes up, I'm reminded of the part of yahoo that used to be written in lisp, and used lisp very effectively in its design.
http://www.algo.be/cl/TEE-lisp/3212824097309629/index.htm
Like others have said, it doesn't matter much what platform you choose, as long as you can use that platform well.
If you're talking about purely buying hardware it depends. You could run a Java web app for simply the cost of the machines if you decide to use open source software. However you could go with Oracle as your database and Weblogic as your App Server and then pay for it.
But most importantly, you say yourself you're a .net guy - so you'd have to have the intangible cost of however long it would take you to get to the point where you actually know what you are doing with Java. The syntax is very close, sure, but you have to learn which Java frameworks you want to use, which APIs you want to use, how to deploy to whatever App Server you choose, etc.
Joel wrote about this in Language Wars
How do you decide between C#, Java, PHP, and Python? The only real difference is which one you know better. If you have a serious Java guru on your team who has build several large systems successfully with Java, you're going to be a hell of a lot more successful with Java than with C#, not because Java is a better language (it's not, but the differences are too minor to matter) but because he knows it better. Etc.