/obfuscator-list

Java obfuscators list

obfuscator-list

  • Ackerun - FOSS. Light/Heavy obfuscator depanding on your cfg. Has some basic and simple features with nothing unknown in it.
  • Allatori - Commericial. Somewhat popular choice in industry.
  • Ambien - FOSS. New obfuscator that is getting actively developed. Has some cool features. Can contain some bugs/issue.
  • Avaj - FOSS. Has a nice way of generating decryption subroutines on string constants. Also has some CFG flattening which is always nice to see.
  • BisGuard - Commercial. Relies entirely on class encryption (last time I checked, at least) so protection has quite a bit of room for improvement.
  • Black - FOSS. Black Obfuscator is an obfuscator for Android APK DexFile, it can help developer to protect source code by control flow flattening, and make it difficult to analyze the actual program control flow.
  • Bozar - Points for FOSS. Has some cheap tricks that I have seen being used in the Minecraft community. Can be deobfuscated using Narumii.
  • Branchlock - Commercial. Obfuscator mainly used for its AntiDebug features. Shows up a bit in the Minecraft community. Outdated and deobfable.
  • Caesium - FOSS. Has a transformer that implements a well-known HTML injection into any Java reverse-engineering tool that parses HTML tags. Shows alot in Minecraft community. Can be deobfuscated using Narumii/JavaDeobfuscator.
  • CheatBreaker - FOSS. Decent obfuscation that looks similar to Caesiums (Prob. Skidded). Obfuscation is overall decent. Shows in Minecraft community. Can be deobfuscated using JavaDeobfuscator
  • ClassGuard - Commercial. Relies mostly on class encryption with hardcoded AES keys in native libs. Pretty easy IDA/Binary Ninja/Ghidra exercise if you want to flex on your blog on something. Can be deobfuscated using JavaDeobfuscator.
  • DashO - Commercial. Shows up a bit in industry and has some interesting ideas (albeit probably outdated) in flow obfuscation. Can be deobfuscated using JavaDeobfuscator.
  • DexGuard - Commercial. Mainly used for obfuscating Android apps. Never saw any samples. Can be deobfuscated using JavaDeobfuscator.
  • Eskid - Commercial. Decent obfuscator based on HsGuard/Scuti. Shows alot in Minecraft community. Could be possibly deobfuscated using Ackeruns Eskid deobfuscator trasnformer. Got cracked by PlutoSolution.
  • Grunt - Obfuscator written in Kotlin. Can be used as main obfuscator all tho there are missing some features such as Crasher or Flow obfuscation. Overall has very good features that are compatible with each other. Mainly known in Minecraft Comunity for it's mixin support renamer, native candidates and compatibilty with obfuscating Forge mods/Plugins. Contains some features that can be found in paid obfuscators.
  • HsGuard - FOSS. Obfuscator developed by Chinese ppl. Bad skid of Scuti with minimal additions. Can be deobfuscated using Narumii.
  • JNIC - Commercial. One of not so many Java Native Interface Compilers that offers String Encryption, Control Flow with Flattening and their famous Native compiler. This obfuscator is mainly used for the Native compiling and does a really good job doing so. You can often see JNIC in Intent/1.8 cheat clients. Be aware that the Native obfuscation could cause lag or slow down the processes made in the application. If you would decide to use JNIC for obfuscation then make sure to not use it on it's own and instead use something with it.
  • JBCO - FOSS. Some interesting flow obfuscation techniques that still work in modern Java. Based on the Soot library which is also something worthwhile checking out.
  • JObf - FOSS. Pretty outdated. Some of the transformations done show up in the Minecraft community. Can be easily deobfuscated with no effort using Narumii/JavaDeobfuscator.
  • JObfuscator - Commericial. Never seen this used before so I cannot really give any comments.
  • Mosey - FOSS. Outdated obfuscator mainly coded in Scala. Overall is no recommended for use since the obfuscation is very light and is easy to deobfuscate. Mainly used for 2+. layer obfuscation. Can be deobfuscated using Narumii.
  • MyJ2C - FOSS. Obfuscator made by chinese ppl that managed to skid some of Allatoris parts such as String Enc. and some other things into their project. Overall only recommend using it when u have nothing else to use. Can be partically deonfuscated using Allatori deobfuscator. Has a interesting feature called "Confusing CallSites".
  • NeonObf - FOSS. Made up of the easier to defeat obfuscation techniques. NeonObf is also the name inspiration for Radon.
  • Obzcure - Discord (Dead) - Commericial. Web-based obfuscation service with some inspiration taken from Radon and SkidSuite2. Used to go by the name "SpigotProtect" so you might see some Spigot plugins using the obfuscation from this product if you look around hard enough. Can be deobfuscated using JavaDeobfuscator.
  • Paramorphism - Discord (Dead) - Commerical. Was one of the most unusual and unique obfuscators at the time it was an active project in that relied a lot more on the JVM's unusual way of loading JAR archives including zip entries with duplicated names and the fake directory trick. Used to be more commonly used before people started ripping ideas from Paramorphism. Can be deobfuscated using JavaDeobfuscator.
  • qProtect - Discord - Commericial. For it's price its very good (If you don't want to pay u can use lite). Offers customizable flow obufscation and strong string obfuscation along with other features such as Resources Encryption, Number obfuscation and other cool features (Official Showcase: https://www.youtube.com/watch?v=07gug5fAY2I). Has a GUI and if you want you could add/develop custom plugins/transformers in it. Has a fast and good support team in their Discord server. Shows alot in Minecraft community. (Personal recommendation)
  • Radon - FOSS. Abandoned experimentational obfuscator. Easy to deobfuscate using JavaDeobfuscator.
  • Sandmark - FOSS. Really old obfuscator research project led by Christian Collberg at the University of Arizona. Some interesting ideas in watermarking are here and some of the flow obfuscation ideas are good.
  • Scuti - FOSS. Outdated obfuscator. Only recomended using as 2+. layer obfuscator or if u have no other options to use. Can be deobfuscated using Narumii.
  • Sentinel - Discord - FOSS. Obfuscator mainly known in Minecraft community. Don`t have anything to say about this obfuscator.
  • Skidfusctor - Discord - FOSS/Commericial. Skidfuscator is known obfuscator for its simplicity, ease of use, and effectiveness in protecting Java applications from reverse engineering and tampering. You can get free version having overall strong obfuscation. Paid (Enterprises) version has Native obfuscation with some other features. Has it's own documentary website. Requires libraries (Doesn't have max depth). Shows alot in Minecraft community.
  • SkidSuite2 - FOSS. Some pretty basic obfuscation techniques, nothing too special.
  • Souvenir - FOSS. Lightweight obfuscation that doesn't have anything special.
  • Stringer - Commericial. Pretty infamous for its complicated AES-based encryption/decryption routines and price. Does not really offer a whole lot of protection, but sometimes does show up in industry.
  • yGuard - FOSS. Functionally equivalent to ProGuard as far as I can tell.
  • zProtect - Discord - Commercial. Stupid Binscure skid. Not recomended for use. SRC of it has been leaked and their obfuscation could be possibly deobfuscated using darklols zProtect deobfuscator or using Binscure deobfuscator to semi deobfuscate it.
  • ZKM (Zelix Klass Master) - Commericial. Zelix KlassMaster Obfuscator is known for its robust obfuscation techniques and strong obfuscation capabilities and is used by many companies to protect their Java applications from reverse engineering and tampering.
  • Zortfuscator (Discord) - Commericial. Dead, not so known obfuscator. Can tell that it has good obfuscation techniques from the look at the samples they have on their discord server.