Zelix KlassMaster - Java Obfuscator

Java Integer Constant Encryption

When a competitor or hacker decompiles an obfuscated application, they will use any clue they can to locate the classes of interest to them. The integer constants that are embedded in your application may provide critical insights. Integer constants may be Java byte, char, short or int constant values. Integer constants may appear as the initial or constant values of certain fields or they may be referenced from within a method. These constants may be used as:
  • Product codes,
  • Decryption keys,
  • Application specific processing indicies.
The competitor or hacker decompiles all your classes then performs simple string searches on the generated source code looking for constants of interest to them.

Zelix KlassMaster's Integer Constant Encryption technology encrypts your integer constants where they are stored in the Constant Pools of your class files. It then adds fragments of code to your classes so that your integer constants are decrypted at runtime.

See the Integer Constant Encryption Tutorial for more technical detail.

Example

Method decompiled 

int method0() {
   return 127;
}

Method Integer Constant Encrypted with Method Parameter Changing then decompiled 

private static final long a = o.a(425868181624802497L, 7792344439649777418L, MethodHandles.lookup().lookupClass()).a(188318979481983L);
int method0(long var1) {
  var1 ^= a;
  return true.g(14977, 1548317666104588234L ^ var1);
}

Limitations

Note that Zelix KlassMaster's Integer Constant Encryption isn't and cannot be fundamentally irreversible. However, we are continually improving it to "harden" it against deobfuscation. For example, Zelix KlassMaster's Method Parameter Changes functionality can significantly "hardens" Zelix KlassMaster's Integer Constant Encryption.