Protect Java code from decompilation using Java Obfuscator

If you are writing Java classes and distributing them over the Internet, you should know that people can reverse-engineer, disassemble, or decompile your classes into Java source code. One of such decompiler is JAD. In this article we discuss about the usage of JAD to decompile the Java class.

So to make the job of reverse engineers tough, we uses Java Obfuscators to protect out class files and make them difficult to decompile. The process of obfuscation will convert bytecode into a logical
equivalent version that is extremely difficult for decompilers to pick apart. Keep in mind that the decompilation process is extremely complicated and cannot be easily ‘tweaked’ to bypassed obfuscated
code. Essentially the process is as follows:

  1. Compile Java source code using a regular compiler (ie. JDK)
  2. Run the obfuscator, passing in the compiled class file as a
    parameter. The result will be a different output file (perhaps with a
    different extension)

This file, when renamed as a .class file, will be functionally equivalent to the original bytecode. It will not affect performance because a virtual machine will still be able to interpret it.

Let us see some tools that can be used to obfuscate the Java bytecode.

Zelix KlassMaster

Zelix KlassMaster is a utility written in Java that reads and modifies Java class files. KlassMaster views, edits, obfuscates, and unobfuscates. It will run on any platform that supports version 1.1.6
of the Java Virtual Machine. Zelix KlassMaster 2.0 builds on 1.0 by providing a sophisticated name-exclude facility and an advanced script interface called ZKMScript, complete with its own interactive wizard.
Download: http://www.zdnetindia.com/downloads/info/898255.html

Cinnabar Canner

Canner protects your code from reverse engineering by creating a native Windows executable (EXE file) that contains an encrypted version of all of your application’s classes and resources. The contents are decrypted in memory as they are requested by the JVM.
Website: http://www.cinnabarsystems.com/canner.html
Download: http://www.cinnabarsystems.com/download.html

Jmangle – The Java Class Mangler

The Jmangle program helps discourage reverse engineering of Java programs and software piracy by allowing the developer to mangle the symbols used in the class file. Long descriptive names for classes,
methods and fields can be replaced by meaningless symbols making it much more difficult to reverse engineer. Jmangle allows the developer to selectively mangle just the classes internal to the application while leaving desired public class, method and field names unmangled.

Features List

– Mangle package, class, method and field names
– Control mangling by access control (e.g., public, protected, private, friendly)
– Control mangling options on a class by class basis
– Strip debugging information
– Insert string tags to secretly mark class files as yours
– Output map of symbols to mangled symbols
– Easy to use graphical user interface, see screenshot.
– Command line interface, useful in Makefiles and build scripts
– Reduces size of strings in class files for better performance
Website: http://www.elegant-software.com/software/jmangle/
Download: http://www.elegant-software.com/software/jmangle/download.html

RetroGuard

JavaGuard is a general purpose bytecode obfuscator, designed to fit effortlessly into your regular build and testing process, providing peace of mind that your valuable Java code is more secure against decompilation and other forms of reverse engineering.
Website: http://java-source.net/open-source/obfuscators/javaguard

JODE

JODE is a java package containing a decompiler and an optimizer for java. The optimizer transforms class files in various ways with can be controlled by a script file. It supports the following operations:
– Renaming class, method, field and local names to shorter, obfuscated, or unique names or according to a given translation table
– Removing debugging information
– Removing dead code (classes, fields, methods) and constant fields
– Optimizing local variable allocation
Website: http://java-source.net/open-source/obfuscators/jode

There are several other similar utilities that you can use as well. These utilities use many different techniques to obtain (more or less) the same result. Collectively, they allow conversion to .exe files (a different process), as well as obfuscation of .class and .jar files. A comprehensive list is available in the Google Directory: http://directory.google.com/Top/Computers/Programming/Languages/Java/Development_Tools/Obfuscators/

View Comments

  • It's amazing!!
    I didn't no this!!
    My application will be selling to a client, but no will be launch in the internet!! But, i will go use this program !!

    Very good!! Thank very much !!

  • Hi Viral,

    I am new to the term Obfuscator, i have downloaded javaguard, but i don't no how to install it in eclipse nor how to run it. can you please assist me with better Obfuscator and steps to install and run in eclipse.

    Thanks
    Kiran

  • We have developed Shield4J (at shield4j.com), an online service that protects the Java classes applying a two-layer security mechanism: first, a bytecode obfuscation and later, a class encryption. It is a 100% pure Java solution that makes the reverse-engineering almost impossible. We are looking for testers and impressions about the service. Thank you

Share
Published by
Viral Patel
Tags: decompile java class decompiler Java java class file Java Obfuscators reverse engineering

Recent Posts

  • Java

Java URL Encoder/Decoder Example

Java URL Encoder/Decoder Example - In this tutorial we will see how to URL encode/decode…

5 years ago
  • General

How to Show Multiple Examples in OpenAPI Spec

Show Multiple Examples in OpenAPI - OpenAPI (aka Swagger) Specifications has become a defecto standard…

5 years ago
  • General

How to Run Local WordPress using Docker

Local WordPress using Docker - Running a local WordPress development environment is crucial for testing…

5 years ago
  • Java

Create and Validate JWT Token in Java using JJWT

1. JWT Token Overview JSON Web Token (JWT) is an open standard defines a compact…

5 years ago
  • Spring Boot

Spring Boot GraphQL Subscription Realtime API

GraphQL Subscription provides a great way of building real-time API. In this tutorial we will…

5 years ago
  • Spring Boot

Spring Boot DynamoDB Integration Test using Testcontainers

1. Overview Spring Boot Webflux DynamoDB Integration tests - In this tutorial we will see…

5 years ago