This project aims to deobfuscate most commercially-available obfuscators for Java.
To download an updated version of Java Deobfuscator, go to the releases tab.
If you would like to run this program with a GUI, go to https://github.com/java-deobfuscator/deobfuscator-gui and grab a download. Put the deobfuscator-gui.jar in the same folder as deobfuscator.jar.
- Download the deobfuscator. The latest build is recommended.
- If you know what obfuscators were used, skip the next two steps
- Create
detect.yml
with the following contents. Replaceinput.jar
with the name of the input
input: input.jar
detect: true
- Run
java -jar deobfuscator.jar --config detect.yml
to determine the obfuscators used - Create
config.yml
with the following contents. Replaceinput.jar
with the name of the input
input: input.jar
output: output.jar
transformers:
- [fully-qualified-name-of-transformer]
- [fully-qualified-name-of-transformer]
- [fully-qualified-name-of-transformer]
- ... etc
- Run
java -jar deobfuscator.jar
- Re-run the detection if the JAR was not fully deobfuscated - it's possible to layer obfuscations
Take a look at USAGE.md or wiki for more information.
If you're trying to recover the names of classes or methods, tough luck. That information is typically stripped out and there's no way to recover it.
If you are using one of our transformers, check out the commonerrors folder to check for tips.
Otherwise, check out this guide on how to implement your own transformer (also, open a issue/PR so I can add support for it)
Zelix Klassmaster
Stringer
Allatori
DashO
DexGuard
ClassGuard
Smoke
SkidSuite2 (dead, some forks are listed here)
The automagic detection should be able to recommend the transformers you'll need to use. However, it may not be up to date. If you're familiar with Java reverse engineering, feel free to take a look around and use what you need.
You need to specify all the JARs that the input file references. You'll almost always need to add rt.jar
(which contains all the classes used by the Java Runtime)
Increase your stack size. For example, java -Xss128m -jar deobfuscator.jar
Technically, yes, you could use something like dex2jar or enjarify. However, dex -> jar conversion is lossy at best. Try simplify or dex-oracle first. They were written specifically for Android apps.
Java Deobfuscator is licensed under the Apache 2.0 license.