-2

I am looking for an obfuscator for java. Found one, proguard. This is working only upto one level when i decompile using jad, all codes are visible. Only the method names and some variable names are getting renamed rest all are visible. Are there any better obfuscator which is impossible to get source out of it? Thanks

FirmView
  • 3,130
  • 8
  • 34
  • 50
  • 5
    Security through obscurity *never* works. It only slows down the determined. – Brian Roach Feb 22 '13 at 21:14
  • 3
    Just a side note: no obfuscator makes it impossible to retrieve the source. It just makes it a little more difficult. As soon as your application is in someone else's hands, if they dedicate enough time and energy to it, they can figure out what it does and manipulate it. – asteri Feb 22 '13 at 21:15
  • There are several commercial alternatives. ProGuard will obfuscate what you tell it to. – Dave Newton Feb 22 '13 at 21:16
  • Possible duplicate of http://stackoverflow.com/questions/150653/java-obfuscation-proguard-yguard-other – Raedwald Jul 11 '13 at 12:03

1 Answers1

3

As long as you deal with software, all you can do is making retrieval of the source code harder. In Java you will almost always be able to get a quite readable source back from the class files. In applications that are compiled into machine code, you might get worse results, but someone who wants to get it, will still be able to retrieve the information. Even when you write software in C, compile it and burn it into a microcontroller, there might be some people eager enough to retrieve the binary program and decompile it.

Honestly, if you want to slow down successful decompilation (and that's all you can achieve), try to find the obfuscator that makes debugging of actively deployed applications least painful for you. Because, if you obfuscate, debugging and maintaining might be painfully slow as well.

Sascha Kaupp
  • 282
  • 2
  • 14
  • Sascha's comment about debugging is very important. I've only been forced to obfuscate one application and providing support on that was a nightmare, make sure you maintain the obfuscator's output with the release or you have no chance of identifying bugs. – vickirk Feb 22 '13 at 21:33