How to avoid debugging of code in java?

Question

I need to stop debugger applications from debugging my code. For this, i am using the following code in the constructor of my classes:

        RuntimeMXBean RuntimemxBean = ManagementFactory.getRuntimeMXBean();
    java.util.List<String> arguments = RuntimemxBean.getInputArguments();
    //System.setErr(null);

    for ( String str : arguments)
    {
        System.out.println("\n"+str);
        if ( str.contains("jdwp") || str.contains("debug"));
            System.exit(1);
    }

Please confirm me if this code will be enough or still there needs to be a smarter way(which think there should be!) to do it... I have worked out this code with debuggers like JDB, Eclipse IDE, Netbeans.

Answer 1

No, that code is not enough.

At least I can step into that code, step over the getInputArguments() call and re-set arguments to Collections.emptyList().

I'm pretty sure you won't be able to do this from pure Java code (since all Java code can be influenced from within the debugger).

Answer 2

If you are deploying the application on your own VM, you can disable remote debugging. Otherwise I don't think debugging can be altogether disabled.

Have you considered obfuscating the jars.

Answer 3

Any code you add in an attempt to prevent debugging can be disabled by someone who is prepared to modify your JAR files. The best you can do is to make reverse engineering hard work. You cannot prevent it by any technical means that are available, including obfuscation, encrypted JAR files or even hardware-based approaches like TPM.

The only way to prevent people reverse engineering your software is to only ever store or run it on machines which are physically secure and secure against network-based intrusion.