Zelix KlassMaster - Java Obfuscator

Java Long Constant Encryption

When a competitor or hacker decompiles an obfuscated application, they will use any clue they can to locate the classes of interest to them. The long constants that are embedded in your application may provide critical insights. Long constants may appear as the initial or constant values of certain fields or they may be referenced from within a method. These constants may be used as:
  • Decryption keys,
  • Application specific processing indicies.
The competitor or hacker decompiles all your classes then performs simple string searches on the generated source code looking for constants of interest to them.

Zelix KlassMaster's Long Constant Encryption technology encrypts your long constants where they are stored in the Constant Pools of your class files. It then adds fragments of code to your classes so that your long constants are decrypted at runtime.

See the Long Constant Encryption Tutorial for more technical detail.

Example

Method decompiled 

long method0() {
   return 127L;
}

Method Long Constant Encrypted with Method Parameter Changing then decompiled 

private static final long a = o.a(425868181624802497L, 7792344439649777418L, MethodHandles.lookup().lookupClass()).a(188318979481983L);
long method0(long var1) {
  var1 ^= a;
  return true.g(14977, 1548317666104588234L ^ var1);
}

Limitations

Note that Zelix KlassMaster's Long Constant Encryption isn't and cannot be fundamentally irreversible. However, we are continually improving it to "harden" it against deobfuscation. For example, Zelix KlassMaster's Method Parameter Changes functionality can significantly "hardens" Zelix KlassMaster's Long Constant Encryption.