2

I am building an API for minecraft called the Quantum API. We all know that reflection can be used to do some nasty stuff to classes, and even cause undefined behavior if used without care.

Is there a way to make classes and objects immune to reflection? Perhaps with a security manager? Or vice versa, restrict a certain list of classes/objects from using reflection?

My use would be to prevent other mods that are loaded with this API from using reflection to change a RuntimePermission in a SecurityManager, and to prevent modification of minecraft's base classes (and objects) at runtime, as well as the API's own classes (and objects).

asked Jun 20, 2015 at 17:44
8
  • 1
    Not that I am aware of, and I question the benefit of such things - even if you block that, it's fairly trivial to modify the code itself if your goal is to mess around with game internals. Commented Jun 20, 2015 at 19:03
  • Remember what happened months ago between Asie and LexManos? She used a coremod to modify Forge code. EDIT: sorry I forgot this is stackexchange, so you may or may not remember. But it's an example. Commented Jun 20, 2015 at 22:31
  • No, I don't even know what game you refer to, and do not understand the vague implications you imply. Commented Jun 20, 2015 at 22:40
  • pastebin.com/SjNjVe72 Commented Jun 20, 2015 at 22:49
  • 1
    You're willfully missing the point. If you run my code, I can have my code modify minecraft's base classes, reflection or no. Trying to prohibit reflection (if it's even possible) doesn't gain you anything - all it does is waste your time. Commented Jun 20, 2015 at 23:46

1 Answer 1

1

I would suggest using obfuscation. It doesn't prevent reflection, but it'll make it practically impossible (technically, someone could still do it but it'll take them far more effort to figure it all out) for someone to figure out what part of the code does what, as it'll (amongst other things) scramble the names of functions.

You can usually set exclusions, such as functions that need to be publically accessible for an API.

Unfortunately, it'll only work for your own code, and not Minecraft itself, but it's the best practical solution I can think of.

Otherwise, I think there might be a solution that involves making your own custom loader for Minecraft with a SecurityManager that sandboxes everything and prevents reflection, but I'm not entirely sure if that's possible. You may want to look at this question on StackOverflow which discusses that possibility further.

answered Jun 21, 2015 at 12:57
2
  • 1
    +2 for the idea of obfuscation -2 for "not an option for APIs", +1 for telling me exactly what I plan to do with the API and sending me a useful question. :) Commented Jun 21, 2015 at 14:10
  • 1
    Personally me disassembled and cracked so much obfuscated Java applications (for Android) that I can say: obfuscation doesn't give any serious protection against professional cracker. Commented Oct 4, 2018 at 13:25

Your Answer

Draft saved
Draft discarded

Sign up or log in

Sign up using Google
Sign up using Email and Password

Post as a guest

Required, but never shown

Post as a guest

Required, but never shown

By clicking "Post Your Answer", you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.