4ra1n
diff --git a/‎README.md‎
Lines changed: 17 additions & 9 deletions b/‎README.md‎
Lines changed: 17 additions & 9 deletions
diff --git a/‎doc/README.md‎
Lines changed: 18 additions & 10 deletions b/‎doc/README.md‎
Lines changed: 18 additions & 10 deletions
diff --git a/‎img/007.png‎
59.9 KB b/‎img/007.png‎
59.9 KB
diff --git a/‎img/008.png‎
43.9 KB b/‎img/008.png‎
43.9 KB
diff --git a/‎src/main/resources/decrypter.dll‎
0 Bytes b/‎src/main/resources/decrypter.dll‎
0 Bytes
diff --git a/‎src/main/resources/encryptor.dll‎
0 Bytes b/‎src/main/resources/encryptor.dll‎
0 Bytes
diff --git a/‎tools.jar‎
17.4 MB b/‎tools.jar‎
17.4 MB
@@ -19,6 +19,16 @@
 
 ![hex](img/003.png)
 
+使用指定参数启动即可禁止 `Java Agent` 动态 `dump` 字节码
+
+![](img/007.png)
+
+对于更资深的黑客，他们会想到 `sa-jdi` 的 `HSDB` 来 `dump` 字节码
+
+我参考 `Beichen` 师傅议题的思路，从 `JVM` 里禁用了 `gHotSpotVMStructs` 函数
+
+![](img/008.png)
+
 ## 快速开始
 
 加密解密部分使用`C`做一层加密，使用`汇编`二层加密，已提供编译好的`Release`版本`DLL/SO`文件嵌入`Jar`包中
@@ -46,7 +56,7 @@ java -jar code-encryptor-plus.jar export
 注意必须有两个参数`PACKAGE_NAME`和`KEY`
 
 ```shell
-java -agentpath:D:\abs-path\decrypter.dll=PACKAGE_NAME=com.your.pack,KEY=your-key --jar your-jar.jar
+java -XX:+DisableAttachMechanism -agentpath:D:\abs-path\decrypter.dll=PACKAGE_NAME=com.your.pack,KEY=your-key --jar your-jar.jar
 ```
 
 ![](img/006.png)
@@ -63,6 +73,7 @@ java -agentpath:D:\abs-path\decrypter.dll=PACKAGE_NAME=com.your.pack,KEY=your-ke
 - 原文章的代码仅是`Demo`级别，无法直接上手测试和使用
 - 原文章没有加入具体的加密算法，仅是简单的运算，需要加强
 - 原文章的代码存在一些`BUG`和优化空间
+- 使用某些魔法操作，使字节码无法被 `dump` 进一步保证安全
 
 目前的加密解密算法：
 - 汇编实现的多次位运算，交换字节等
@@ -82,18 +93,15 @@ java -agentpath:D:\abs-path\decrypter.dll=PACKAGE_NAME=com.your.pack,KEY=your-ke
 
 ## 其他
 
-不适用于`SpringBoot`场景，存在两个问题：
-- `SpringBoot`不允许压缩`lib`依赖（这个有解决办法）
-- `SpringBoot`启动扫描会分析`class`由于加密报错
-
-网上提供了两种办法，可以参考
+不适用于启动扫描 `class` 的项目
 
-参考：https://zhuanlan.zhihu.com/p/545268749
-
-类似地，启动扫描`class`的代码是无法使用这种加密的
+防止 `sa-jdi` 的思路仅在 `windows` 中测试
 
 ## 参考
 
+特别感谢 `BeichenDream` 师傅
+
 感谢以下项目或文章提供的思路：
+- https://mp.weixin.qq.com/s/89Bmvy_uY97TZm3vR9lyWw
 - https://juejin.cn/post/6844903487784894477
 - https://github.com/sea-boat/ByteCodeEncrypt
@@ -17,6 +17,16 @@ Apart from retaining the `Magic` part at the beginning, the rest becomes unrecog
 
 ![hex](../img/003.png)
 
+Use some param to prevent `Java Agent` to `dump` byte code.
+
+![](../img/007.png)
+
+Some hackers may found `sa-jdi` and `HSDB` to `dump` byte code.
+
+Refer to `Beichen` articles, prevent `gHotSpotVMStructs` function of `JVM`.
+
+![](../img/008.png)
+
 ## Quick Start
 
 The encryption and decryption process involves two layers of encryption: the first layer in `C` and the second layer in `assembly`. Precompiled `Release` versions of `DLL/SO` files are included in the `Jar` package.
@@ -43,7 +53,7 @@ Launching the Jar Package with Decryption DLL/SO: (Using the `-agentpath` Parame
 
 Please note that you must provide two parameters: `PACKAGE_NAME` and `KEY`.
 ```shell
-java -agentpath:D:\abs-path\decrypter.dll=PACKAGE_NAME=com.your.pack,KEY=your-key --jar your-jar.jar
+java -XX:+DisableAttachMechanism -agentpath:D:\abs-path\decrypter.dll=PACKAGE_NAME=com.your.pack,KEY=your-key --jar your-jar.jar
 ```
 
 ![](../img/006.png)
@@ -61,6 +71,7 @@ Compared to publicly available articles/code online, this project has several ad
 - The original article's code was only at a demo level, making it difficult for users to test and use directly.
 - The original article did not include specific encryption algorithms; it only involved simple operations and needed enhancement.
 - The original article's code had some bugs and room for optimization.
+- Use some magic that hackers can not dump any byte code.
 
 The current encryption and decryption algorithm includes:
 
@@ -81,19 +92,16 @@ The `native` directory is built using `cmake`, generating `dll` and `so` files t
 
 ## Notes
 
-This solution is not suitable for `SpringBoot` scenarios due to two issues:
-- `SpringBoot` does not allow the compression of `lib` dependencies (there are workarounds).
-- `SpringBoot` startup scanning will analyze `class` files, leading to errors when encrypted.
-
-Two solutions are available online, which you can refer to:
+This approach is not suitable for scanning projects that involve launching the scanning of `class` files.
 
-Reference: https://zhuanlan.zhihu.com/p/545268749
+The prevention strategy using `sa-jdi` is only tested on `Windows`.
 
-Similarly, this encryption method cannot be used with code that scans `class` files during startup.
+## Refer
 
-## References
+Thanks to `BeichenDream`
 
-Thanks to the following projects or articles for providing insights:
+Thanks for these articles:
+- https://mp.weixin.qq.com/s/89Bmvy_uY97TZm3vR9lyWw
 - https://juejin.cn/post/6844903487784894477
 - https://github.com/sea-boat/ByteCodeEncrypt