- Class renaming – Renames classes to short or random identifiers (e.g.
a,b,corxk9m2p) - Method renaming – Obfuscate method names; handles override chains; excludes main, constructors, native, enum methods; optional homoglyph/invisible chars
- Field renaming – Obfuscate field names; excludes serialVersionUID and enum constants; optional homoglyph/invisible chars
- Configurable name length – Minimum length 1–32 characters (class, method, field)
- Random vs sequential – Optional random names per build for stronger obfuscation
- Exclude patterns – Skip classes/packages from renaming. Use
*to exclude all classes; prefix matches (e.g.com.exampleexcludescom.example.*). Built-in: java., javax., Bukkit, Minecraft, etc. - Package flattening – Inner classes get short names; outer package hierarchy preserved
- Homoglyph obfuscation – Use Unicode lookalikes (e.g. Cyrillic а instead of Latin a) for class/method/field names. Sequential: fixed mapping; random: varies per char.
- Invisible character injection – Zero-width chars (U+200B, etc.) in names. Safe for JVM; harder to detect and remove.
- Number obfuscation – Hides
intconstants via math expressions (123→(50*3)-27,(a<<n)+b, etc.); decompilers show expressions, not literals.long/float/doublestill use XOR. Less prone to constant folding than simple XOR. - Array dimension obfuscation – Hides array sizes (
new int[8]→new int[(8 ^ key) ^ key]) - Boolean obfuscation – Hides
true/falseliterals using XOR (ICONST_0/ICONST_1→(value ^ key) ^ key) - String obfuscation – XOR encryption; inline decrypt at each use site (no central decoder). Key per class and per string/field. Static final String fields: ConstantValue removed; initialized in <clinit> with obfuscated code, so
private static final String KEY = "secret"never appears as readable text. Strong againststrings-tools and casual inspection. - Optional random keys –
numberKeyRandom,arrayKeyRandom,booleanKeyRandom,stringKeyRandomfor different keys/patterns per build - Debug info stripping – Removes source file names, line number table, and local variable table. Decompilers show
var0,var1, etc., and lose source mappings. Configurable viadebugInfoStrippingEnabled.
- YAML config –
config.ymlnext to JAR - Per-feature toggles – Enable/disable class, method, field renaming; number, array, boolean, and string obfuscation; debug stripping
- Random options – Toggle randomness for class/method/field names and obfuscation keys
- GUI – Graphical interface (
run-gui.bat); input/output, config path, per-feature checkboxes - CLI –
-iinput,-ooutput filename - Obfuscate folder – Output written to
Obfuscate/in the obfuscator JAR directory - Overwrite – Replaces existing output file if present
- Colored logging – INFO, STEP, OK levels with colors (disable via
NO_COLOR=1) - Version display – Shows version in startup banner
- Gradle integration – Example project with
obfuscatetask - Test script –
test-obfuscate.batfor quick end-to-end testing
- Overload induction – Multiple methods with same name, different signatures
- Opaque predicates – Conditions that always evaluate true/false but are hard to analyze
- Bogus control flow – Fake branches, dead code, unreachable blocks
- Control flow flattening – Replace linear flow with switch/dispatch structure
- Indirection – Wrap logic in extra method calls or trampolines
- Loop transformation – Modify loop structure to obscure intent
String encryption✓ (XOR-based, inline decrypt at each use site; no central decoder)- String splitting – Split strings across multiple concatenations
- Encoding – Base64, XOR, custom encodings
- Reflection hiding – Obfuscate strings used in reflection
- (none remaining)
- Class splitting – Split large classes into smaller ones
- Class merging – Merge unrelated classes
- Fake classes – Add dummy classes/methods to mislead analysis
- Annotation removal – Strip or obfuscate annotations (configurable)
- Integrity checks – Detect modification via checksums/hashes
- Anti-debugging – Detect debugger attachment, timing checks
- Anti-dump – Hinder memory dumps or runtime inspection
- Mapping file – Output deobfuscation mapping for stack traces
- Keep rules – ProGuard-style keep rules for classes/methods/fields
- Gradle/Maven plugins – Easy integration into build pipelines
- Incremental obfuscation – Support incremental builds where possible