A comparative survey of Java obfuscators available on the internet

by Hongying (Jenny) Lai, summer project, 22 Feb 2001, available in MSWord doc format and in PDF.

Abstract. The proliferation of decompilers [6] and the rapidly increasing use of Java have triggered a need for Java protectors, obfuscators. With so many obfuscators available on the Internet today, how can one know which is better? This project focuses on a comparative survey of Java obfuscators available on the Internet. Here, I have surveyed 13 obfuscators from the Internet. I used them to obfuscate both my benchmarks and "Logic program" from UCLA's Philosophy department in America. I also tried decompiling these obfuscated classes by a Java decompiler, SourceAgain. Finally, I used my obfuscation metrics to analyze and compare the above results. I found that various obfuscators provide different security level options to protect Java programs. Many obfuscators work well, but some are not effective.

Addendum (Clark Thomborson, 2001): see http://www.condensity.com for a fourteenth obfuscator, not studied in Jenny's report. Judging from its website description (viewed on 17 April 2001) which limits this obfuscator's actions to what we call "Layout Obfuscation", the current product on offer from Condensity might have scored at most 7 points on Jenny's 10-point metric. We therefore continue to recommend Zelix Klassmaster 2.3.

Addendum (Clark Thomborson, 2006): Jenny's report is now more than five years old, and its recommendations are now obsolete. Many other obfuscators are now available for Java, see e.g. SandMark and ProGuard.