Jump to content
Excelsior Forums
Sign in to follow this  
klimbimblabla

Need strong protection

Recommended Posts

Hello.

My program needs strong protection against manipulation.

The program generates hash values over a list of files and compares the result with the correct values.

My program can be protected via obfuscator and static compilation - yes - but what about the xjre?

Let's say the attacker changes the xjre (for example uses his own FileInputStream and reads files from a different location).

So, is there a way to protect the whole xjre from being modified? Or isn't this possible?

Regards,

Joey

Share this post


Link to post
Share on other sites

xjre (Excelsior JET Runtime) is already protected, since all Java SE platform code (including java.io.FileInputStream) is compiled statically.

Share this post


Link to post
Share on other sites

Thanks for the answer.

So there's no way to specify a bootclasspath? I think the endorsed dir won't change the FileInputStream behaviour....

And I'm not possible to generate a xjre by my own, right?

Share this post


Link to post
Share on other sites

There is a way to specify a bootclasspath aka Endorsed Standard Override mechanism.

You can do it via JetSetup utility by creating a new profile using endorsed jars. 

However, you can do it on development system only, there is no way to specify it on production system.

Even if an attacker gets JET, creates a profile with overriding some classes and replaces xjre with just created one, JET Runtime will reject such xjre (it checks that application and xjre are from the same profile).

For more details about bootclasspath support in JET, read JET User's Guide Chapter "Installation and setup" Section "Profiles/Creating a profile".

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×