Eclipse Community Forums: Rich Client Platform (RCP)

Home » Eclipse Projects » Rich Client Platform (RCP) » Obfuscating Plug-ins

Wed, 02 August 2006 10:31

Eclipse User

I was wondering what issues I would run into if I tried to use an
obfuscator like yGuard on the plug-ins I am developing so I don't
effectively give away the source code. Can RCP handle obfuscated plug-ins?

Bruce

Re: Obfuscating Plug-ins [message #453564 is a reply to message #453555]

Wed, 02 August 2006 12:47

Eclipse User

Hi Bruce,

It is possible to obfuscate an RCP application. I'm currently developing a
trading application called Market Contours that is made up of over 20
plugins, and obfuscation works fine.

The trick is to have a tool that loads all of your plugins (jars) into
memory and then obfuscates them in one pass. My experience with most tools
is that they force you to specify only one jar at a time, and then expect
you to do "incremental" obfuscation to do multiple jars. This quickly
becomes a nightmare with RCP apps.

There may be open-source obfuscators that do this (I haven't checked in a
while), but I wound up using a commercial product called Zelix KlassMaster
and have been happy with the results. I've also made available the build
scripts and config files I use to obfuscate my application, which you can
download here:

http://www.marketcontours.com/techblog/obfuscation

Obfuscating an RCP application is pretty straightforward. You'll need to
exclude at least the following:

- The base Eclipse and third-party plugins on which your app is built.
- Package names and classes referenced in a manifest file.
- Classes that extend the NLS to provide string localization.

Good luck with your project.

--- Patrick Paulin
patrick@marketcontours.com
www.marketcontours.com

Bruce Alspaugh wrote:

> I was wondering what issues I would run into if I tried to use an
> obfuscator like yGuard on the plug-ins I am developing so I don't
> effectively give away the source code. Can RCP handle obfuscated plug-ins?

> Bruce

Re: Obfuscating Plug-ins [message #453574 is a reply to message #453564]

Thu, 03 August 2006 04:32

Eclipse User

Similarly to Patrick, I obfuscate my own RCP app and it works fine. I
use the free and open source proguard, which comes with a GUI tool you
can use to build a config file very quickly and easily, which you can
then reference from an Ant task as part of your standard build. To get
started, there is a standard config you can copy for obfuscating a
"library", which is what a plugin effectively is.

The only issues I found were memory. You need to include in the
obfuscation run a reference to all external jars that may reference your
plugin code indirectly via common superclasses, which means all other
platform plugins must be loaded into memory during the run. The
Proguard documentation suggests JVM arguments to resolve this and they
worked fine for me.

I also tried decompiling the obfuscated code to see what it looked like,
and was pleased to see that most decompilers just gave up completely on
the more complex classes. Simple classes managed to decompile, but as
required all non-public and non-protected elements were transformed into
meaningless symbols.

I might also add that I tried yguard too (another free and open source
tool), but this crashed with a NullPointerException which I found
impossible to debug.

Keith

Previous Topic:	popup checkbox
Next Topic:	Perspective Resize

Goto Forum:

-=] Back to Top [=-

Current Time: Sat Jul 12 09:42:37 EDT 2025

.:: Contact :: Home ::.

Breadcrumbs

Sign up to our Newsletter