Skidfuscator: Obfuscation like never seen before.
Join the discord: https://discord.gg/QJC9g8fBU9
Tip
If you are using Gradle, consider using our Gradle plugin for easy integration.
plugins {
id("io.github.skidfuscatordev.skidfuscator") version "0.1.3"
}
skidfuscator {
// Configure the plugin here
skidfuscatorVersion = "latest"
exempt = ["com/example/SomeClass"]
transformers {
interprocedural {
enabled = true
exempt = ["com/example/IgnoredClass"]
}
stringEncryption {
type = "STANDARD"
enabled = true
}
}
}You can download Skidfuscator here and run it directly using:
java -jar skidfuscator.jar obfuscate <path to your jar>
Skidfuscator uses a config system, which allows you to customize your obfuscation. We try to automatically download all compatible libraries, but some may slip through the cracks. The Gradle plugin is a work in progress. For now, use:
java -jar skidfuscator.jar obfuscate <path to your jar> -li=<path to folder with all libs>
brew tap skidfuscatordev/skidfuscator
brew install skidfuscator
curl -sL https://raw.githubusercontent.com/skidfuscatordev/skidfuscator-java-obfuscator/refs/heads/master/scripts/install.sh | bash
iex "& { $(iwr -useb https://raw.githubusercontent.com/skidfuscatordev/skidfuscator-java-obfuscator/refs/heads/master/scripts/install.ps1) }"
Skidfuscator is a proof of concept obfuscation tool designed to take advantage of SSA form to optimize and obfuscate Java bytecode code flow. This is done via intra-procedural passes each designed to mingle the code in a shape where neither the time complexity neither the space complexity suffers from a great loss. To achieve the such, we have modeled a couple of well known tricks to add a significant strength to the obfuscation whilst at the same time retaining a stable enough execution time.
Skidfuscator is now feature-complete and continues to be actively maintained with several new obfuscation techniques aimed at hardening your code against reverse engineering.
Skidfuscator intelligently identifies and downloads missing dependencies needed for your project, minimizing manual configuration. Known frameworks such as Bukkit are automatically handled, streamlining setup.
In the event of errors or failed obfuscation, Skidfuscator implements a recovery system that intelligently resolves conflicts and provides suggestions to fix issues. This ensures minimal disruption in your development workflow.
Skidfuscator comes with built-in presets for common configurations, allowing quick setup without needing to manually tweak every aspect of the obfuscation process. For advanced users, all settings remain fully customizable.
Skidfuscator introduces third-generation control flow obfuscation (Flow GEN3), which scrambles method logic and makes the control flow harder to understand. This method introduces opaque predicates and complex flow redirections, hindering static and dynamic analysis.
Comes with all sorts of advanced obfuscation methodologies only seen in modern obfuscators, such as Zelix KlassMaster. Skidfuscator is designed to be hyper-resilient and best of its field, for free.
Skidfuscator is built to ensure that obfuscation does not degrade your application’s runtime performance. By leveraging SSA and CFG-based transformations, it provides obfuscation that’s highly optimized to maintain both time and space complexity.
Here are all the cool features I've been adding to Skidfuscator. It's a fun project hence don't expect too much from it. It's purpose is not to be commercial but to inspire some more clever approaches to code flow obfuscation, especially ones which make use of SSA and CFGs
- Bogus Exception Flow
- Bogus Condition Flow
- NEW ✨ Pure Function Hashing Flow
- Switch Flow
- Factory Initiation Flow (Enterprise)
- Integer Return Flow (Enterprise)
- Exception Return Flow (Enterprise)
- String Encryption
- Annotation Encryption (Enterprise)
- Reference Encryption (Enterprise)
- Field Renamer (Enterprise)
- Method Renamer (Enterprise)
- Class Renamer (Enterprise)
- Mixin Support (Enterprise)
- Spigot Plugin Support (Enterprise)
- Ahegao Trolling
- Driver Protection
- Experimental Outlining Obfuscation (Enterprise)
- Native Driver Protection (Enterprise)
What is third generation flow obfuscation? Well, contrary to Zelix's second generation flow obfuscation, we use an even more complex system with private and public seeds. Here's how it works:
Graph representing the two different approaches towards flow obfuscation between Zelix (17.0) and Skidfuscator (0.0.1)
We currently are working on a variety of ways to approach this system using various lightweight obfuscation methods. Here are the current ones to date: