Skip to content

Protection

Jump to bottom
bill collector edited this page Feb 24, 2024 · 5 revisions

Protection

JVM bytecode obfuscation

Obfuscation is the #1 easiest way to defend against software reverse engineering. It's the easiest way to stop a beginner and create some problems for a more experienced reverse engineer.

Now just because I said it would only stop a beginner that doesn't mean that you shouldn't use it. Sure it might not stop an experienced reverse engineer but it will sure as hell make it harder which is the point of protection. You want to make the job of someone that wants to reverse engineer your software as annoying as possible by creating as many problems for them along the way hoping that eventually they will quit.

There are many different techniques in JVM bytecode obfuscation. Like: string encryption, number obfuscation, control flow obfuscation, etc. There are many tools that can provide these techniques although if you want good ones then they aren't gonna be cheap. The best obfuscator on the market right now is Zelix. However, Zelix has a hefty price tag on it which is one of the reasons why people often go for alternatives that yield similar results, here are some examples:

Branchlock - https://branchlock.net/
Skidfuscator - https://skidfuscator.dev/

There is also qProtect but I refuse to advertise it as it is complete and utter horse shit. Now these obfuscators are pretty decent and can definitely protect your applications. Personally I wouldn't recommend any of them as they're all mainly decent but I've seen instances of them being deobfuscated. The only obfuscator I trust to actually recommend would be Zelix.

Native transpilers

Now this is a whole different playground. I will only talk about native transpilers a tiny bit as I could make a whole damn guide about them and I still would probably miss something. The concept itself however is not that hard to understand. Your code simply gets transpiled using JNI which basically makes any kind of Java reverse engineering tool useless and you need to use tools specifically designed for native applications like:

The Interactive Disassembler (IDA) - https://hex-rays.com/ida-pro/
Ghidra - https://github.com/NationalSecurityAgency/ghidra
Cutter - https://cutter.re/

The best transpiler that I can recommend is JNIC. However, there is another one that from my knowledge puts up a somewhat decent fight against JNIC and has some interesting features.

J2CC @ https://java2cc.github.io/
JNIC @ https://jnic.dev.

I won't recommend any others mainly because every other transpiler is again complete and utter horse shit so there is barely any competition for these two.

Clone this wiki locally