Objective | Name obfuscation | Flow obfuscation | String encryption |
---|---|---|---|
Mimimum bytecode size | yes | no | no |
Balance between size and protection |
yes | yes | no |
Maximum protection | yes | yes | yes |
If the specified file already exists then it will be overwritten. Note that you should keep the change log produced when you obfuscate your final release in a safe place.
List item | Explanation |
none | Select this setting if you don't want to use flow obfuscation. |
light | Select this setting if your classes must run in the widest variety of JVMs. "Light" flow obfuscation works around a number of JIT compiler bugs that can cause some flow obfuscated bytecode to fail. |
normal | This setting performs a more thorough obfuscation than the "light" setting. However, it increases the risk that your bytecode will not run on some buggy JIT compilers. |
aggressive | This setting performs a more thorough obfuscation than the "light" and "normal" settings. However, it increases the risk that your bytecode will not run on some buggy JIT compilers. |
|
Explanation |
none | This setting instructs Zelix KlassMaster to not perform Exception obfuscation. |
light | This setting instructs Zelix KlassMaster to perform Exception obfuscation. |
heavy | This setting instructs Zelix KlassMaster to perform Exception obfuscation in a more aggressive fashion. |
List item | Explanation |
none | Select this setting if you don't want to use String encryption. |
normal | Select this setting if you want Zelix KlassMaster to encrypt your String literals in the most basic fashion. This setting will leave String literals in interfaces unencrytpted. |
aggressive | This setting encrypts your String literals as with the "normal" setting but Zelix KlassMaster will attempt to use a more sophisticated approach that allows the encryption of Strings in interfaces. |
flow obfuscate | This setting encrypts your String literals as with the "aggressive" setting but it will also add a flow obfuscated version of the special decrypt instructions to your classes. As with the "aggressive" setting, in interfaces with many String literals, the Constant Value Attributes associated with the interface "static" String fields may be cleared. |
enhanced | This setting encrypts your String literals as with the "flow obfuscate" setting but provides enhanced encryption. |
If you use "enhanced" String Encryption then you should also consider selecting "normal" or "random" in the "Method parameter changes" list so that it is harder to reverse.
List item | Explanation |
true | Select this setting if you want to allow mixed case class names. |
false | Select this setting if you do not want to allow mixed case class names. |
if only in archive | Select this setting if you want to allow mixed case names only for classes which have been opened only from an archive. |
Packages whose names have been excluded from being changed are never collapsed. So packages with excluded superpackages will be collapsed into the nearest excluded superpackage. If a package has no excluded superpackage then it will be collapsed into the package specified in the "Default name" field that appears to the immediate right of the "Collapse packages" box. If the the "Default name" field is empty then packages with no excluded superpackage will be collapsed into the Java default package "" (which is no package at all).
Remember that one of the purposes served by package names is to ensure that fully qualified class names are unique. If you collapse your packages into the Java default package (ie. no package) then Zelix KlassMaster will ensure that your class names are unique within your application. However, you must be sure that there will be no runtime name clashes with other default package classes in the runtime classpath.
Take as an example the following set of packages.
com
|
If you
1. select the "Collapse packages" box
2. exclude the com.mycompany
package name from being excluded
3. enter foo
into the "Default name" field
then the packages will be collapsed as follows
com | => | com |
com.mycompany | => | com.mycompany |
com.mycompany.package1 | => | com.mycompany |
com.mycompany.package2 | => | com.mycompany |
com.yourcompany | => | foo |
com.yourcompany.package1 | => | foo |
giving the result
com
|
Typically you would only collapse the package structure if your obfuscated classes were self contained.
The following settings are typical for the different application types.
Application type | Ok to collapse packages? |
Non-extensible library | No |
Extensible framework | No |
J2ME MIDlet | Yes |
Self contained application or applet | Yes |
Select this option only if your application is stand-alone and self-contained. Do not select this option if your classes make up an extensible framework or a class library.
List Item | Explanation |
true | Keeps all inner class information |
false | Deletes all inner class information |
if name not obfuscated | Keeps inner class information in any classes that are not name obfuscated |
Generally, Inner Class attributes are not used at runtime so, removing them can reduce your bytecode size. However, Inner Class attributes are used by some debuggers and by compilers. If you need to compile other classes against your obfuscated inner classes then you should select true or if name not obfuscated.
List Item | Explanation |
true | Keeps all generics information |
false | Deletes all generics information |
Generally, generics information is not used at runtime so it can be removed. Removing it can reduce your bytecode size. However, generics information is used by some debuggers and by compilers. If you need to compile other classes against your obfuscated classes then you should select true.
List item | Explanation |
delete | Select this setting if you want all local variable name information to be deleted. This option reduces the size of bytecode. |
keep | Select this setting if you want all local variable name information to be retained. This option is not recommended and is provided only for those rare cases where it may temporarily make debugging easier. |
obfuscate | Select this setting if you want all local variable name information to be retained in an obfuscated form (e.g. "a"). Obfuscated local variable names will typically take up less space than meaningful variable names but they will take up more space than would otherwise be the case. |
keep visible method parameters | Select this setting if you want the method parameter variable names of public and protected methods to be retained. Many IDE's will preview a method's signature including its parameter names which is why you may want to retain them. |
keep visible parameters if name not obfuscated |
Select this setting if you want the method parameter variable names of public and protected methods to be retained but only if
|
keep parameters if name not obfuscated |
Select this setting if you want the method parameter variable names of methods to be retained (regardless of their access level) but only if
|
keep visible parameters if name not obfuscated
and keep parameters if name not obfuscated
options assume that you would only want to do this for methods which have not been affected by Name Obfuscation.
|
Explanation |
delete | This setting instructs Zelix KlassMaster to delete all Line Number table information. It reduces the size of bytecode that contains Line Number tables but it means that stack traces produced by the bytecode cannot contain line numbers. |
scramble | This setting instructs Zelix KlassMaster to scramble all Line Number table information. There is no size reduction but the JVM will be able to produce stack traces containing line numbers. However, because the line numbers will be scrambled, you would have to use a tool like the inbuilt Zelix KlassMaster Change Log Translate tool to convert them back to the original line numbers. Most importantly, it would be very difficult for a decompiler to make use of the scrambled line number information to improve the quality of the source code it produces. |
keep | This setting instructs Zelix KlassMaster to keep all Line Number table information in its original form. There is no size reduction and there is a risk that the original line number information could be used by a decompiler to improve the quality of the source code it produces. However, any stack trace line numbers will map directly to the original source code. |
If you elect to use Reference Obfuscation then you should also consider selecing "normal" or "random" in the "Method parameter changes" list so that it is harder to reverse.
If you get warning messages saying that an "AutoReflection hash is vulnerable to brute force attack" then you should consider using the ZKM Script interface rather than the GUI. The ZKM Script "accessedByReflection" and/or "accessedByReflectionExclude" statements allow you to specify which classes, fields and methods should be mapped by AutoReflection.
If you allow Zelix KlassMaster to add additional method parameters then it can make its "enhanced" String Encryption and Reference Obfuscation much more difficult to reverse. See "Encrypt String literals" list and "Obfuscate References" box above.
The disadvantage is that it interlinks your classes such that the obfuscated application must be released as a whole and will not be suitable for "patching" with changed subsets of the classes.
|
Explanation |
none | This setting instructs Zelix KlassMaster to not change any method parameters. |
normal | This setting instructs Zelix KlassMaster to change any method parameters in a standard fashion. |
random | Same as "normal" but the additional parameters will be of a more random type and will be in a more random position but there may be a slight runtime performance cost. |
flowObfuscate | Same as "random" but Zelix KlassMaster will also attempt to obfuscate the flow in the changed methods making use of the changed parameters. This flow obfuscation would be in addition to any flow obfuscation specified in the "Obfuscate control flow" list. |