Zelix KlassMaster - Documentation

Method Parameter Obfuscation Tutorial

This tutorial is divided into the following sections:

Overview

The Zelix KlassMaster™ Method Parameter Obfuscation functionality obfuscates method parameter lists by replacing them with a single Object[] parameter. Note that only methods that will have their names obfuscated will be eligible for method parameter obfuscation. The combination of method Name Obfuscation and Method Parameter Obfuscation reduces the comprehensibility of the Java source code produced by a decompiler. Method Parameter Obfuscation also obscures the changes made by the Method Parameter Changes functionality.

For example, the following list of method signatures:

String getUserId()
List   getCustomerOrders(Customer, Date, Date, long)
int    add(int, int)

could be obfuscated to the following:

String a(Object[])
List   a(Object[])
int    a(Object[])

The downside is that it can become impractical to release changes to your obfuscated classes in the form of patches which are just a subset of your classes.

How to use the Method Parameter Obfuscation functionality

The Method Parameter Obfuscation functionality will only be used if the obfuscate statement has its obfuscateParameters parameter set to normal and if some methods will have their names obfuscated. Also, it is recommended that you set the aggressiveMethodRenaming parameter of the obfuscate statement to true to give the Name Obfuscation functionality maximum flexibility given that all obfuscated parameter lists will be the same.

Which methods will have their parameters obfuscated

Method selection occurs in stages. As mentioned above, if the obfuscateParameters parameter is set to normal then initially all methods that will have their names obfuscated will be eligible for method parameter obfuscation.

The next stage is to apply exclusions to the candidate method set. You can tailor the candidate set of methods by using a preceding methodParameterObfuscationInclude or methodParameterObfuscationExclude statement. If a methodParameterObfuscationInclude statement appears by itself then the candidate set of methods can only be chosen from the set of methods that it specifies. If a methodParameterObfuscationExclude statement appears by itself then the candidate set of methods can only be chosen from the set of methods that don't match its specification.

If there is a methodParameterObfuscationInclude statement and a methodParameterObfuscationExclude statement then the methodParameterObfuscationInclude statement will be applied first against the set of all methods and then the methodParameterObfuscationExclude statement will be applied against the set of methods specified by the methodParameterObfuscationInclude statement.

If there is not an active, preceding methodParameterObfuscationInclude or methodParameterObfuscationExclude statement then by default all renamed methods are considered to be possible candidates. However, there are some other restrictions that Zelix KlassMaster™ applies. For example, all methods which are entry points into your application should not be changed. If you have a preceding trimExclude and/or trimUnexclude statements then Zelix KlassMaster™ will assume that they specifies the entry point methods for your application.

Also, methods which are accessed via Reflection should not have their parameters obfuscated. If you have a preceding accessedByReflection and/or accessedByReflectionExclude statement then Zelix KlassMaster™ will assume that they specify the methods that are accessed by Reflection by your application.

Qualifications

As mentioned above, there are some methods which should not have their parameters obfuscated. These include methods that
  • Are entry points into your application,
  • Are accessed via reflection and
  • Are expected by some framework which your application uses to have a specific signature. (E.g. getter or setter methods)
The above list is not exhaustive. If you use the Method Parameter Obfuscation functionality then you need to understand the application that you are obfuscating and apply the appropriate exclusions where necessary. It is highly recommended that you start with only limited changes until you have everything working. You can then iteratively broaden the changes.

Finally, note that the Method Parameter Obfuscation functionality can have a significant performance impact due to the need to
  • Marshal values into the single Object[] parameter while wrapping any primitive values before calling the parameter obfuscated method and
  • Unmarshal values from the single Object[] parameter while unwrapping any primitive values in the called parameter obfuscated method.
The performance impact can be exacerbated by the use Method Parameter Changes functionality which increases the number of parameters that may need to be marshalled/unmarshalled and wrapped/unwrapped. For this reason it is recommended that you exclude any performance critical methods from having their parameter lists obfuscated particulary if they have had their parameter lists changed by the Method Parameter Changes functionality.
 
Documentation Table of Contents
Zelix KlassMaster - Java Obfuscator