Protect Java code from decompilation using Java Obfuscator

java-obfuscators-decompilerIf you are writing Java classes and distributing them over the Internet, you should know that people can reverse-engineer, disassemble, or decompile your classes into Java source code. One of such decompiler is JAD. In this article we discuss about the usage of JAD to decompile the Java class.

So to make the job of reverse engineers tough, we uses Java Obfuscators to protect out class files and make them difficult to decompile. The process of obfuscation will convert bytecode into a logical
equivalent version that is extremely difficult for decompilers to pick apart. Keep in mind that the decompilation process is extremely complicated and cannot be easily ‘tweaked’ to bypassed obfuscated
code. Essentially the process is as follows:

  1. Compile Java source code using a regular compiler (ie. JDK)
  2. Run the obfuscator, passing in the compiled class file as a
    parameter. The result will be a different output file (perhaps with a
    different extension)

This file, when renamed as a .class file, will be functionally equivalent to the original bytecode. It will not affect performance because a virtual machine will still be able to interpret it.

Let us see some tools that can be used to obfuscate the Java bytecode.

Zelix KlassMaster

Zelix KlassMaster is a utility written in Java that reads and modifies Java class files. KlassMaster views, edits, obfuscates, and unobfuscates. It will run on any platform that supports version 1.1.6
of the Java Virtual Machine. Zelix KlassMaster 2.0 builds on 1.0 by providing a sophisticated name-exclude facility and an advanced script interface called ZKMScript, complete with its own interactive wizard.
Download: http://www.zdnetindia.com/downloads/info/898255.html

Cinnabar Canner

Canner protects your code from reverse engineering by creating a native Windows executable (EXE file) that contains an encrypted version of all of your application’s classes and resources. The contents are decrypted in memory as they are requested by the JVM.
Website: http://www.cinnabarsystems.com/canner.html
Download: http://www.cinnabarsystems.com/download.html

Jmangle – The Java Class Mangler

The Jmangle program helps discourage reverse engineering of Java programs and software piracy by allowing the developer to mangle the symbols used in the class file. Long descriptive names for classes,
methods and fields can be replaced by meaningless symbols making it much more difficult to reverse engineer. Jmangle allows the developer to selectively mangle just the classes internal to the application while leaving desired public class, method and field names unmangled.

Features List

– Mangle package, class, method and field names
– Control mangling by access control (e.g., public, protected, private, friendly)
– Control mangling options on a class by class basis
– Strip debugging information
– Insert string tags to secretly mark class files as yours
– Output map of symbols to mangled symbols
– Easy to use graphical user interface, see screenshot.
– Command line interface, useful in Makefiles and build scripts
– Reduces size of strings in class files for better performance
Website: http://www.elegant-software.com/software/jmangle/
Download: http://www.elegant-software.com/software/jmangle/download.html

RetroGuard

JavaGuard is a general purpose bytecode obfuscator, designed to fit effortlessly into your regular build and testing process, providing peace of mind that your valuable Java code is more secure against decompilation and other forms of reverse engineering.
Website: http://java-source.net/open-source/obfuscators/javaguard

JODE

JODE is a java package containing a decompiler and an optimizer for java. The optimizer transforms class files in various ways with can be controlled by a script file. It supports the following operations:
– Renaming class, method, field and local names to shorter, obfuscated, or unique names or according to a given translation table
– Removing debugging information
– Removing dead code (classes, fields, methods) and constant fields
– Optimizing local variable allocation
Website: http://java-source.net/open-source/obfuscators/jode

There are several other similar utilities that you can use as well. These utilities use many different techniques to obtain (more or less) the same result. Collectively, they allow conversion to .exe files (a different process), as well as obfuscation of .class and .jar files. A comprehensive list is available in the Google Directory: http://directory.google.com/Top/Computers/Programming/Languages/Java/Development_Tools/Obfuscators/

Get our Articles via Email. Enter your email address.

You may also like...

6 Comments

  1. It’s amazing!!
    I didn’t no this!!
    My application will be selling to a client, but no will be launch in the internet!! But, i will go use this program !!

    Very good!! Thank very much !!

  2. kiran says:

    Hi Viral,

    I am new to the term Obfuscator, i have downloaded javaguard, but i don’t no how to install it in eclipse nor how to run it. can you please assist me with better Obfuscator and steps to install and run in eclipse.

    Thanks
    Kiran

  3. Asutoash says:

    will u please elaborate this through a sample application, as u always do.
    thank you.

  4. Eduardo says:

    We have developed Shield4J (at shield4j.com), an online service that protects the Java classes applying a two-layer security mechanism: first, a bytecode obfuscation and later, a class encryption. It is a 100% pure Java solution that makes the reverse-engineering almost impossible. We are looking for testers and impressions about the service. Thank you

  5. Steve says:

    Will these obfuscators/methods work on Processing exported applications?

  6. Rajeev says:

    wow dude . .
    really awesome work . .

    Thanks for posting such a wonderful thing to peoples . .

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.