Skip to content

Latest commit

 

History

History
190 lines (150 loc) · 11.2 KB

README.md

File metadata and controls

190 lines (150 loc) · 11.2 KB

header


🏢 Enterprise/Custom Version: https://skidfuscator.dev/pricing


Warning

This product is provided as-is, licensed under MIT. We will not provide any support, nor take liability for any reversal, deobfuscation, or impact this tool may have on your software. If you seek to protect sensitive applications for commercial use, we recommend you contact us at mastermind [at] zenrho.net or visit https://zenrho.com

🚀 Quickstart

Tip

If you are using Gradle, consider using our Gradle plugin for easy integration.

plugins {
     id("dev.skidfuscator") version "0.1.4"
}

skidfuscator {
  // Configure the plugin here
  skidfuscatorVersion = "latest"
}

You can download Skidfuscator here and run it directly.

👉 CLI Usage/Install

java -jar skidfuscator.jar obfuscate <path to your jar>

Skidfuscator uses a config system, which allows you to customize your obfuscation. We try to automatically download all compatible libraries, but some may slip through the cracks. The Gradle plugin is a work in progress. For now, use:

java -jar skidfuscator.jar obfuscate <path to your jar> -li=<path to folder with all libs>

🔥 Homebrew (macOS)

brew tap skidfuscatordev/skidfuscator
brew install skidfuscator

🔥 Bash (Linux/macOS)

curl -sL https://raw.githubusercontent.com/skidfuscatordev/skidfuscator-java-obfuscator/refs/heads/master/scripts/install.sh | bash

🔥 Powershell [Admin required] (Windows)

iex "& { $(iwr -useb https://raw.githubusercontent.com/skidfuscatordev/skidfuscator-java-obfuscator/refs/heads/master/scripts/install.ps1) }"

🕵️ What is Skidfuscator?

Skidfuscator is a proof of conceptproduction ✨ grade obfuscation tool designed to take advantage of SSA form to optimize and obfuscate Java bytecode code flow. This is done via intra-procedural passes each designed to mingle the code in a shape where neither the time complexity neither the space complexity suffers from a great loss. To achieve the such, we have modeled a couple of well known tricks to add a significant strength to the obfuscation whilst at the same time retaining a stable enough execution time.

Skidfuscator is now feature-complete and continues to be actively maintained with several new obfuscation techniques aimed at hardening your code against reverse engineering.

👉 Research Poster (Finalist CCSCNE 2024)

Classic Landscape 1 (3) (1)

✨ Features

Skidfuscator is rich in over 10+ features. Our objective: be one click, you're protected. We provide a GUI, over +10 configurable transfomers, we have failsafes and automatic tools to tailor your configuration to you with ease.

👉 Expand features

1. Automatic Dependency Downloading

Skidfuscator intelligently identifies and downloads missing dependencies needed for your project, minimizing manual configuration. Known frameworks such as Bukkit are automatically handled, streamlining setup.

FocuSee.Project.2024-12-25.19-35-33.mp4

2. Smart Recovery

In the event of errors or failed obfuscation, Skidfuscator implements a recovery system that intelligently resolves conflicts and provides suggestions to fix issues. This ensures minimal disruption in your development workflow.

FocuSee.Project.2024-12-18.03-32-25.mp4

3. Auto Configuration

Skidfuscator comes with built-in presets for common configurations, allowing quick setup without needing to manually tweak every aspect of the obfuscation process. For advanced users, all settings remain fully customizable.

FocuSee.Project.2024-12-18.02-56-07.mp4

4. Flow Obfuscation (GEN3)

Skidfuscator introduces third-generation control flow obfuscation (Flow GEN3), which scrambles method logic and makes the control flow harder to understand. This method introduces opaque predicates and complex flow redirections, hindering static and dynamic analysis.

5. Advanced Obfuscation Methods

Comes with all sorts of advanced obfuscation methodologies only seen in modern obfuscators, such as Zelix KlassMaster. Skidfuscator is designed to be hyper-resilient and best of its field, for free.

6. Optimization Out-of-the-Box

Skidfuscator is built to ensure that obfuscation does not degrade your application’s runtime performance. By leveraging SSA and CFG-based transformations, it provides obfuscation that’s highly optimized to maintain both time and space complexity.

Here are all the cool features I've been adding to Skidfuscator. It's a fun project hence don't expect too much from it. It's purpose is not to be commercial but to inspire some more clever approaches to code flow obfuscation, especially ones which make use of SSA and CFGs

Cool gif

🔥 Third Generation Flow

Skidfuscator boasts the most complex, research-backed flow obfuscation in the JVM community. Our flow obfuscation outperforms competitors such as Zelix Klassmaster, DexGuard, and various others. And yes, we're open-source!

👉 Expand transformers

Flow Obfuscation

Feature Edition Description
Bogus Exception Flow Community Adds fake exception handling to confuse reverse engineers.
Bogus Condition Flow Community Introduces fake conditions to disrupt program analysis.
NEW ✨ Pure Function Hashing Flow Community Hashes pure functions to obfuscate their flow and outputs.
Switch Flow Community Uses switch statements to obscure logic paths.
Factory Initiation Flow Community Obfuscates factory patterns, adding complexity to instance creation.
Integer Return Flow Enterprise Obfuscates integer return values to mislead reverse engineering.
Exception Return Flow Enterprise Utilizes exceptions as a return flow to confuse the control path.

Encryption Obfuscation

Feature Edition Description
String Encryption Community Encrypts strings to prevent static analysis.
Annotation Encryption Enterprise Encrypts annotations to protect metadata from tampering.
Reference Encryption Enterprise Encrypts object references to add another layer of security.

Structure Obfuscation

Feature Edition Description
Field Renamer Enterprise Renames fields to meaningless names to obscure their purpose.
Method Renamer Enterprise Renames methods to make reverse engineering more challenging.
Class Renamer Enterprise Renames classes to break readability and tooling compatibility.
Mixin Support Enterprise Adds support for obfuscating mixin-based systems.
Spigot Plugin Support Enterprise Obfuscates Spigot plugins for enhanced security.

Miscelleanous

Feature Edition Description
Ahegao Trolling Community Adds humorous or trolling elements to deter casual inspection.
Driver Protection Community Protects drivers from tampering or reverse engineering.
New Outlining Obfuscation Enterprise Segments code into separate outlined functions for obfuscation.
Native Driver Protection Enterprise Protects native drivers at the OS level for added security.

Credits

We'd like to extend our many thanks to the many individuals who have financially supported this project, supervised its research, or reported bugs. All contributions have curated this tool to achieve a production grade, and I could not be more thankful.

Libraries used

Inspired from