Protect Jar/War Project with Java VME Protection Mode

Introduction

Virbox Protector Standalone support to protect the Java applications, include Jar, War archives and class file and related data resource.

Virbox Protector supports developer to protect Java project with 2 kinds of protection mode: Java VME and Java BCE (2 different kind of Virbox Protector license required)

--With Virbox Java VME protection mode, The bytecode of the Java's method will be transformed into self-defined bytecode which executed in Java Virtual Machine environment, with Virtualization, all of bytecode executed in the JVM will be convert into the instructions executed in private VM, and provides most secured environment for Java project's execution and effective to defend the retrieving and cracking by latest decompiler available in the market. Java VME is suitable for the developer who require to protect their IP/code with highly security.

When developer use the Virbox Protector VME mode to protect your Java Projects, developer may drag your JAR Archives or WAR Archives into Virbox Protector GUI tools and click to select those functions which you want to protect/encrypt, select the "Protection Mode" to be the "Virtualization", and then click the "Button" of "Protect Selected Project". then the JAR or WAR archives will be protected by Java VME mode.

--With Virbox Java BCE protection mode, The bytecode of each method of Java class file will be protected and encrypted, the bytecode will be only decrypted in execution; the execution and decryption rely on relevant java agent.

When developer use the Virbox Protector BCE Mode to protect your Java Project, developer may drag the Folder which contain the JAR or WAR archives into the Virbox Protector GUI tools, click to "Protect Selected Projects" to protect your JAR or WAR projects, after the protection completed, the Encrypted JAR, WAR archives and sjt_agent.jar will be generated.

Java VME mode doesn't support following scenario:

Java VME mode doesn't support to protect the embeded JAR or WAR project;
For those JAR archive which use the springframeworks, it doesn't support to protect the .class file which located in the org/springframework/boot/loader, it support to protect the kernel .class file only (for example, to protect the .class file located in BOOT-INF/classes。
The method doesn't support to be protected with virtualization includes: Java Constructor, Destructor and and the method which used the Reflection.

if developer want to protect/encrypt above 2 scenarios JAR or WAR project, you may select the Java VME mode to protect your Java Project.

The Difference Between Java VME and Java BCE

The Encryption technology is different:
With VME mode, it supports to protect/encrypt the Java Method with Virtualization mode,
With the Java BCE Mode, it supports to protect/encrypt the Java bytecode of each method of Java class file, when executed, the encrypted bytecode will be decrypted dynamically in Java agent.
The execution is different:
With VME protection mode, the execution of protected JAR/WAR archive is same as previous unprotected JAR archives;
With BCE protection mode, the execution of protect JAR/WAR archives need to rely on the sjt_agent.jar;
The Encryption Operation is different:
With Java VME protection, developer may drag and encrypt the JAR archive directly;
With Java BCE protection, developer need to put the JAR/WAR into a folder and drag a whole Java folder to protect it.
With VME Protection mode, The Encrypted JAR or WAR archives supports the referenced by other projects; and not supported with BCE protection mode;
With VME Protection modes, The encrypted JAR or WAR archives support to be compiled to be execution file to execute directly. and not for the encrypted JAR or WAR archives by BCE mode

Virbox Protector Standalone supports to protect Java application (Jar, War, or Java SDK both in GUI tool and CLI tool.

Protection Sample & Environment

Here we use Virbox Protector Standalone GUI tools to show the protection process, and also introduce the protection process by use of Virbox Protection CLI tool. Developer may freely to select Virbox Protector GUI or CLI tool to protect their Java project with VME mode.

A Jar archive used as a sample to show the whole protection process step by step; and the protection process to War Archive is same as Jar Project process. Developer may refer the Jar Protection process to protect War Project for test and evaluation also.

the Operation environment is windows.

The version of Virbox Protector GUI tools is 2.5.0 trial edition.

Protect your Jar project in 5 steps

Import the Jar/War project: drag the JAR/WAR Archives into the Virbox Protector directly;
Set the configuration of "Function Options": Protect the Jar/War functions (methods) with "Virtualization";
Set the configuration of "Protection Options", Protect the jar/war in general:
Click to start "Protection" Process;
Backup the source Jar/War project, and save the configuration files etc.
Note: Use SDK Label to mark specified functions(method) before protect the method

Prerequisites

Sign-up Virbox Protector and install the Virbox Protector;

Open Virbox Protector and sign in with your account;

Above pre-requisition is for test/evaluation Virbox Protector only.

To protect formal and commercial release software, pls purchase and get the related Virbox Protector license.

Protection Process

1. Import the Jar Project into the Virbox Protector:

Drag the Jar project into Virbox Protector, Then Virbox protector will parse the Jar sample automatically. and show Jar file information in the "Basic info" tabs, shown as snapshot below:

2. Set the configuration of "Function Options": Protect the Jar/War functions (methods) with "Virtualization";

2,1 Go to "Function option" tab and click "Add Functions", click the functions (method) shown in the "Add Function" box, Virbox Protector will show more functions and list;

2.2 Select the function which you want to protect: Virbox Protector support to protect the function with "Virtualization";

2.3 Click the "OK" to finalize the "Function Option" Setting, then go to "Protection Option" tab;

2.4.1 Ctrl+A to select all functions, and right click, to select the protect mode, then you can quickly select all of functions with same protection mode: Virtualization.

2.4.2 Considering the program execution performance may impact, so we don't suggest to protect all of Java Functions (methods) with "Virutalization", instead of to select those key and important functions(Methods) to protect with "Virtualization" only.

3. Set the configuration of "Protection Options", Protect the Jar/War in general:

Developer may set and define following factors in the "Protection Option" tabs

Output Info: Set output path and protected Java filename, as shown in the "box " marked with blue frame, the on default output path is same directory of source Jar file located.

the rest of thing will be setting and protecting by Virbox Protector automatically.

Advanced Protection to Process plugin: RASP plugin

RASP: Runtime Application Self Protection: this plugin focus to protect the process running in the kernal for the application in windows platform, when this plugin start to execute, it will load the driver integrated to protect process itself to prevent the third party plugin to skip the normal anti debugging protection from debugging in memory. It is also effective to defense the "Cheat Engine" to scan the memory which running the process.

RASP plugin are most effective functions and applied to those scenario which highly security required. additional license from Virbox required.

Optional feature and license required to activate this feature

There are 3 features can be select in the "Advanced Process Protection" plugin:

Memory Protection:

Click to protect the memory information executed for windows application; which to prevent the attacker/hacker to scan the process memory by use of "Cheat Engine" tools;

Kernel Mode Anti-debugging

Click to activate the Anti-debugging feature to prevent the debugging tool to debug the kernal;

Show Error Message

Pop up error message inlcudes error code when program execution error occured, and popup message will be quite after 5 seconds automatically;

4. Click to "Protect Selected Projects" to start "Protection" Process;

Then go to the output folder, you will find a news file has been generated and a new sub directory has been generated, in the sample, the file and sub directory are:

The new sub directory which named \protected has been generated, go to this new directory, The new file which named demo-0.0.1-Snapshot.jar, is the protected Jar project;

demo-0.0.1-Snapshot.jar.ssp, is the configuration file which stored the protection option setting.

5. Backup the source Jar file and use the protected Jar file to test and distribution

It is not necessary to distribute the configuration file: demo-0.0.1-Snapshot.jar.ssp, to your enduser. please keep it, if you use CLI mode to protect your Jar project, it is useful configuration file when you use Virbox Protector CLI mode later.

In General, With Virbox Protector, with this Quick Guide, Developer may quickly to go through whole protection process to protect Jar/War application. for more details instruction, developer may take refer from the User Manual-Virbox Protector Standalone, or contact us directly.

Protect the Jar/War Project with Virbox Protector CLI tool

1. Generate the configuration file by use of Virbox Protector GUI tool:

Drag the Jar or War project into the Virbox Protector GUI tools, and set the protection mode to the specific Functions (Method) of Jar (or War) project in "Function Option" tabs.

For more detail steps how to select/set the protection option to specific "functions", you may refer the Section "Protect the Local desktop application" or related section in above GUI tools.

Click "Save All Configuration" Button, as shown in the snapshot below:

if you have used label to mark the protection mode to the functions with virtualization when you built the Jar project. then it is no necessary to generate the configuration file, you can skip this step.

Go to the "Output" directory, then you will find a "xxx.jar.ssp" file has been generated. in the sample project, the file name in the sample is: demo-0.0.1-SNAPSHOT.jar.ssp, as shown as snapshot below:

Save the configuration file into the same directory of the Jar project which will be protected.

2. Protect the Jar project with Virbox Protector CLI tool

Open the terminal window, go to the sub directory which " virboxprotector_con.exe" located, and input virboxprotector_con, to view the help information:

Use following command in the terminal to protect Jar:

virboxprotector_con <*The *jar name which need to be protected> -o <*the jar name which output>

See attached sample and protection process below

3. Deployment

We will not describe how to deploy the protected Jar or War projects in this Quick Start Guide, in case you want to have basic knowledge to Deployment in different operation system, pls refer User Manual.

Appendix:

Using label to mark the critical functions (method) with Code Virtualization protection in coding process

Virbox Protector supports to protect the critical functions with "Code of Virtualization" protection mode, developer may set label to those critical and key functions in your coding, and quoted in functions, so, when the source code compilation completed, drag the program into the Virbox Protector GUI tools, then Virbox Protector will show protection mode to the functions in coding. here is sample: