Accessing Private Fields and Private Methods (Hacking a Class) in Java

Accessing private Fields and private Methods (Hacking A Class) in Java

 
In Java, by using the Reflection API, found in the java.lang.reflect package, you can access private fields and methods of another class.  It is not even that difficult.  This can be very handy during unit testing.  If you try to access a field and a method, of an applet, then you will need to make a change in the SecurityManager setting.  One Important thing is that this will work only when the code is running standalone, as in a Java application.

Access  fields value of other class

 
There are two methods.  The first one is Class.getDeclareField(obj)String obj and the second is  Class.getDeclareFields().  Both of the methods only return public fields, so they would not work.  So, you use setAccessible() method, which has a default value of false, but you can set it to true.
 
Example
  1. import java.lang.reflect.*;  
  2. // this is the class which contain private fields name as  
  3. public class PrivateObject  
  4.   {  
  5.   private String privateString = null;  
  6.   public PrivateObject(String privateString)  
  7.       {  
  8.         this.privateString = privateString;  
  9.       }  
  10.   }  
  11. class PrivateTest  
  12.   {  
  13.     public static void main(String arg[])  
  14.       {  
  15.         try{  
  16.          PrivateObject privateObject = new PrivateObject(" you Successfully  access the Private data Value of a class");  
  17.          // this is way to access the field of which class you want to access private data member.  
  18.          Field privateStringField = PrivateObject.class.getDeclaredField("privateString");  
  19.          // this setAccessible method has by default value false but you change it as true.  
  20.          privateStringField.setAccessible(true);  
  21.         // By using get method you access the field value and it type cast in String form.  
  22.         String fieldValue = (String) privateStringField.get(privateObject);  
  23.         System.out.println("fieldValue = " + fieldValue);  
  24.            }catch(Exception e)  
  25.               {  
  26.            System.out.println(e);  
  27.               }  
  28.      }  
  29.   }  
OUTPUT
 
You can see that the private string is accessed by another class named PrivateTest.
 
privateobject.gif
 

Access  Method of other class

 
There are two methods.  The first one is Class.getDeclareMethod(String obj, Class[] parameter types ) and the second is Class.getDeclareMethods( ).  Both of the methods only return public Methods, so they would not work.  So, you can use the setAccessible() method which has a default value of false, but you set it to true.
 
Example
 
import java.lang.reflect.*; // this is the class which contain private fields and method name as
public class PrivateObject1
 {
  private String privateString = null;
  public PrivateObject1(String privateString)
     {
     this.privateString = privateString;
     }
 //this is private method which return a string
  private String getPrivateString()
       {
        return this.privateString;
       }
 }
//this is another class which is used private method named as getPrivateString()
class PrivateMethodTest
 {
  public static void main(String arg[])
   {
    try{
 
        PrivateObject1 privateObject = new PrivateObject1("now you successful run the private method ");
        // this is way to access the field of which class you want to access private data member.
        Method privateStringMethod = PrivateObject1.class.getDeclaredMethod("getPrivateString", null);
       // this setAccessible method has by default value false but you change it as true.
       privateStringMethod.setAccessible(true);
      
// By using invoke method you run the private method and it value is type casting in String form.
       String returnValue = (String)privateStringMethod.invoke(privateObject, null);
      
//print the value which return after the excuting private method
       System.out.println("returnValue = " + returnValue);
      }catch(Exception e)
          {
          System.out.println(e);
          }
   }
 }
Note: a SecurityException is thrown by the methods getDeclaredField, getDeclaredMethod and setAccessible methods, so you need to use Exception handling in this program.  That is why we use a try and catch blocks.  Put these statements within this block.
 
OUTPUT
 
You can see that the private method is run in another class boundry, named PrivateMethodTest, but its a method of the PrivateObject1 class.
 
 privateobject1cmd.gif
 
Resources
 

How to Find All the Constructors, Fields and Methods of a Class in JAVA

What are Access Modifiers in C#?

How to use FileWriter and FileReaderClass in JAVA