- Abonasera - FOSS. Pretty lightweight because it only encrypts strings. Should not be used on its own, as it wont stop any reverse-engineer.
- AckerRun - FOSS. Lightweight/Heavy obfuscator depanding on your config. Has some interesting features that not every other obfuscator has. Looks like XenonGuard skid but I can't confirm that.
- Allatori - Commercial. Was a somewhat popular choice in industry. The v3 has been leaked a long time ago Allatori-V3, tho not nothing special.
- Ambien - FOSS. Obfuscator that is not getting actively developed anymore. Has some cool packaging features mainly targeting Recaf 2.x with a great succeed since their RedHerring feature adds a fake jar before the real one. Most RE tools don't read backwards like the JVM, so they will read the fake jar. Also has a decent Crasher transformer that confuses various decompilers & other reverse engineering tools. Still contain some bugs/issue to this day.
- Avaj - FOSS. Has a nice way of generating decryption subroutines on string constants. Also has some CFG flattening which is always nice to see.
- Binscure - Commercial. Binscure was a commercial Java obfuscator that had a running spat with Recaf. Its primary advertised features were its crasher and zipping abilities and intense flow/indy obfuscation. However as with most cat-and-mouse games, one side would give up. Since we're using past tense here, its Binscure if you haven't caught on. The ASM/RE tool crashers are now fully patched in Recaf with current versions. The flow and indy obfuscation still is fair for the current market. Can be deobfuscated using Narumii/JavaDeobfuscator.
- Black - FOSS. Black Obfuscator is an obfuscator for Android APK DexFile, it can help developer to protect source code by control flow flattening, and make it difficult to analyze the actual program control flow.
- Bozar - FOSS. Has some cheap tricks along with GUI that I have seen being used in the Minecraft Community. Definitely a look worth. Can be deobfuscated using Narumii.
- BranchLock - Commercial. An online, web-based obfuscator primarily known for its AntiDebugging features. It advertises itself as 'modern, lightweight, but powerful,' which is now untrue, considering that it can't compete with modern obfuscators anymore. It appears somewhat in the Minecraft Community. Due to it being web-based, it had some ddos attacks lately, which caused the site to be down.
- Bruhfuscator - FOSS. This obfuscator, based on Ambien, is a skid of multiple FOSS obfuscators, therefore nothing in it is selfmade or special.
- Caesium - FOSS. Has a transformer that implements a well-known HTML injection into any Java reverse-engineering tool that parses HTML tags. Shows alot in Minecraft Community. Can be deobfuscated using Narumii.
- CafeVault - FOSS. Basic Jar-File Crypter, therefore has a lot of room for improvements. Could be used as lightweight top-layer.
- CheatBreaker - FOSS. Decent obfuscation that looks similar to Caesium's, but not as strong. Obfuscation is overall decent. Shows in Minecraft Community. Can be deobfuscated using JavaDeobfuscator.
- ClassGuard - Commercial. Relies mostly on class encryption with hardcoded AES keys in native libs. Pretty easy IDA/Binary Ninja/Ghidra exercise if you want to flex on your blog on something. Can be deobfuscated using JavaDeobfuscator.
- ClassCloak - FOSS. Basic obfuscator with string encryption.
- CodeEncryptor+ - FOSS. This project uses JNI to encrypt bytecode and JVMTI to decrypt bytecode in order to protect code. It provides two DLL files: one for encryption and one for decryption. During actual execution, only the decryption DLL file is used. It supports custom keys and package names. The encrypted Class files becomes malformed and cannot be parsed. Apart from retaining the Magic part at the beginning, the rest becomes unrecognizable bytes.
- Colonial - FOSS. Rename of Simple Obfuscator, with some additions of JObf/SB27. The string decryption with its hard-coded switch-case slightly reminds of ZKM (Zelix Klass Master), tho not nearly as strong.
- Crater - FOSS. Basic java obfuscator.
- DashO - Commercial. Shows up a bit in industry and has some interesting ideas (albeit probably outdated) in flow obfuscation. Can be deobfuscated using JavaDeobfuscator.
- DexGuard - Commercial. Mainly used for obfuscating Android apps. Never saw any samples. Can be deobfuscated using JavaDeobfuscator.
- dProtect - FOSS. dProtect is build on ProGuard with additional flow-obfuscation, mixed-boolean-arithmetics-transformations and string-encryption. Definitely worth a try.
- Eskid - Commercial. Decent obfuscator based on HsGuard and Scuti. Shows alot in Minecraft Community. Could be possibly deobfuscated using AckeRun's Eskid deobfuscator trasnformer. Got cracked by PlutoSolution.
- GOTO / GOTO - FOSS. An obfuscator made by chinese people written in Kotlin. Has interesting features but they are kinda broken.
- Grunt - FOSS. Another ofuscator written in Kotlin. Should be used as a lightweight layer of obfuscation. Overall has very based features that are compatible with each other. Mainly known in Minecraft Comunity for it's mixin support renamer and compatibilty with obfuscating Forge mods/Plugins.
- HsGuard - FOSS. An obfuscator developed by chinese people. Bad skid of Scuti with minimal additions. Can be deobfuscated using Narumii.
- InDy - FOSS. A simple project that provides an implementation to obfuscate method calls in Java Bytecode by replacing them with invokedynamic instructions.
- J2CC - Private. Flexible quality transpiler with lots of cool features and compatiblity. Nothing else to say.
- JarObfucator - FOSS. A obfuscator with simple Bytecode transformers such as XOR encryption. Has a Class Encryptor which encrypts the contents of classes and allows you to decrypt them at runtime by using a Java Agent with their decryptor.
- Javari - FOSS. A simple obfuscator with a nice GUI and not so nice obfuscation-techniques.
- JNIC - Commercial. One of not so many Java Native Interface Compilers that offers String Encryption, Control Flow with Flattening and their famous Native compiler. This obfuscator is mainly used for the Native compiling and does a really good job doing so. You can see JNIC as an example in RusherHack Loader. Be aware that the Native obfuscation could cause lag or slow down the processes made in the application. If you would decide to use JNIC for obfuscation then make sure to not use it on it's own and instead use something with it.
- JBCO - FOSS. Some interesting flow obfuscation techniques that still work in modern Java. Based on the Soot library which is also something worthwhile checking out.
- JObf/Sb27 - FOSS. Pretty outdated. Due to the generic name is more commonly referred to by the author's name superblaubeere27 / sb27. Has some basic features along with a GUI. Still shows allot in the Minecraft Community (Mainly in Japanese/Chinese Anarchy Clients). Can be easily deobfuscated with no effort using Narumii/JavaDeobfuscator.
- JObfuscator - Commercial. Most of the obfuscated code are just int/double arrays with some light flow obfuscation (Based off sample). Uses polymorphic algorithm for strings encryption. Has only few features. Last update was made on 09.08.2022 which is a version 1.10.
- Masxinlingvonta - FOSS. Compiles Java ByteCode to LLVM IR (for obfuscation purposes).
- Mosey - FOSS. Outdated obfuscator mainly coded in Scala. Overall is no recommended for use since the obfuscation is very light and is easy to deobfuscate. Mainly used for 2+. layer obfuscation. Can be deobfuscated using Narumii.
- MyJ2C - FOSS. Obfuscator made by chinese people that managed to skid some of Allatori's-V3 parts such as String Encryption and some other things into their project. Overall only recommend using it when u have nothing else to use. Can be partially deobfuscated using Allatori deobfuscator. Has a interesting feature called "Confusing CallSites".
- Native/Radioegor146 - FOSS. Java .class to .cpp converter for use with JNI.
- Native+ - FOSS. Modification of Native/Radioegor146.
- NeonObf - FOSS. Made up of the easier to defeat obfuscation techniques. NeonObf is also the name inspiration for Radon.
- Ob - FOSS. Older obfuscator from 2011 with string encryption, branching, and a renamer.
- Obzcure - Discord (Dead) - Commercial. Web-based obfuscation service with some inspiration taken from Radon and SkidSuite2. Used to go by the name "SpigotProtect" so you might see some Spigot plugins using the obfuscation from this product if you look around hard enough. Can be deobfuscated using JavaDeobfuscator.
- ObzucureVM - FOSS. Java Virtual Machine made in Java.
- Paramorphism - Discord (Dead) - Commercial. Was one of the most unusual and unique obfuscators at the time it was an active project in that relied a lot more on the JVM's unusual way of loading JAR archives including zip entries with duplicated names and the fake directory trick. Used to be more commonly used before people started ripping ideas from Paramorphism. Can be deobfuscated using JavaDeobfuscator.
- Popuskator - FOSS. Obfuscator based of Ambien. 100% Skidded, nothing custom.
- qProtect - Discord - Commercial. Got cracked millions of times, Devs and Admin only care about money, promotion and like to d0x people that don't like qProtect and possibly harass them or try to scare them. Horrible scam for $70 (Skidfuscator FOSS would do better).
- Radon - FOSS. Abandoned experimental obfuscator by ItsSomebody (The person that made some of the parts of this Obfuscator list). Radon is an open-source free obfuscator. It has a UI that's visually similar to Skidfuscator/ProGuard and it is very intuitive to use. Easy to deobfuscate using JavaDeobfuscator.
- Reflow - FOSS. A Java Bytecode Obfuscator.
- Retype - FOSS. A Java Bytecode Obfuscator.
- Sandmark - FOSS. Really old obfuscator research project led by Christian Collberg at the University of Arizona. Has some interesting ideas in static and dynamic watermarking (Embeder & Recognizer) are some of the flow obfuscation ideas are good.
- Scuti - FOSS. Outdated obfuscator. Has an option to pack classes into binary blobs, and load them via a classloader. The binary blob names are just the original class names with simple XOR encryption, and the blob contents are the original class file with simple XOR encryption. Can be deobfuscated using Narumii.
- Sentinel - Discord - FOSS. Dead, Obfuscator mainly known in Minecraft community. Has some basic features. Currently there are no public transformers for it and still can be used. If you decide to use it, make sure to use key "sentinelisback" once you run it in cmd.
- Skidfuscator Community - Discord - FOSS. Skidfuscator is known obfuscator for its simplicity, ease of use, and effectiveness in protecting Java applications from reverse engineering and tampering. You can get free (community) version having overall strong obfuscation. Paid (Enterprises) version has (Unfinished) Native obfuscation with some other features that aren't included in the Community version. Has its own documentary website. Requires libraries (Doesn't have max depth). Free version has slightly broken Matcher. Uses Maple IR framework which is something worth checking out. Shows a lot in Minecraft community.
- Skidfuscator Enterprises - Discord - Commercial. Skidfuscator Enterprises is a paid, better version of Skidfusctor Community, which offers more and better features and in the future will possibly even have Native obfuscation.
- Souvenir - FOSS. Lightweight obfuscation that doesn't have anything special. Has only 3 transformers (Light Flow, String, Number).
- Stringer - Commercial. Pretty infamous for its complicated AES-based encryption/decryption routines and price. Does not really offer a whole lot of protection, but sometimes does show up in industry. Can be deobfuscated using JavaDeobfuscator and got cracked few times.
- Virbox Protector - Commercial. A native obfuscator, has a code virtualization made by chinese people It's very different from native obfuscators from github and it's very expensive, almost 10k CNY per year.
- XenonGuard - FOSS. XenonGuard is a somewhat decent obfuscator based off CheatBreaker. Kinda looks like free version of ZKM. Has a very good and useful features that not every obfuscator has these days. Even tho there are no public deobfuscation transformers, I still recommend layering it since it's based off CheatBreaker and I am unsure if some transformer are still from CheatBreaker. Overall I really like this one.
- yGuard - FOSS. Functionally equivalent to ProGuard as far as I can tell.
- zProtect - Discord - Commercial. Stupid Binscure skid. Not recomended for use. SRC of it has been leaked and their obfuscation could be possibly deobfuscated using darklols zProtect deobfuscator or using Binscure deobfuscator to semi deobfuscate it.
- ZKM (Zelix Klass Master) - Commercial. Zelix KlassMaster Obfuscator is known for its robust obfuscation techniques and strong obfuscation capabilities and is used by many companies to protect their Java applications from reverse engineering and tampering. Currently the best obfuscator for Java right now and always updates their compatiblities for newer or even older Java versions with bug fixes or patches whenever there are public deobfuscation transformers.
- Zortfuscator - Commercial. Dead, not so known obfuscator. Can tell that it has good obfuscation techniques from the look at the samples they have on their discord server and some small sample in a video made by akita.
-
Notifications
You must be signed in to change notification settings - Fork 14
3000IQPlay/obfuscator-list
Folders and files
Name | Name | Last commit message | Last commit date | |
---|---|---|---|---|
Repository files navigation
About
List of all the somewhat popular and non-popular Java obfuscators on the Internet.
Resources
Stars
Watchers
Forks
Releases
No releases published
Packages 0
No packages published