Can we reveal the source code of a software from its setup file?

Question

I found that we can read the software source code of a JAR file by using de-compiling software. I downloaded such a software and read lot of such codes.

My questions are...

1. How can we prevent decompiling our class files which is inside the JAR?
2. Can anybody reveal the source code of a software from its setup file(not the JAR)?

I know that There are some answers for the first question on the internet. But I appreciate if you can explain it more explicitly. But the second question is the most important one for me.

Answer 1

You cannot completely prevent decompilation. But you can make this much harder.

Use obfuscation - process that changes your byte code making it very hard to understand. There are a lot of java byte code obfuscators. Some of them are free.

But the code still can be de-compiled. You can also store your classes in password protected zip file. But java by default does not support such files. You can however develop your own class loader and separate your application into 2 parts. First, small loader that just starts the application, then loads majority of classes using custom class loader that loads classes from password protected zip.

You can also load part of your application from internet over https, so it will be really hard to hack it.

Answer 2

Generally you can use obfuscation to make things harder, but my guess is that if commercial programs like photo or office suites or videogames that are developed by multibillion companies can be cracked and redistirbuted freely around pirate sites, then there is not too much hope for homemade applications in this aspect of hacking. Generally, though, it depends on who is the one wanting to hack it, so you may get a way via obfuscation to get it past a decompiler somewhat but a serious hacker will make it into the code in other ways I believe...