I've used java obfuscators in the past and some are easy to reverse engineer. I've thought maybe it wasn't obfuscated enough.
Is it wrong or problematic to apply two-stage obfuscation?
--
Or is that a bad approach? Should only one obfuscator be used?
The results show that it is possible to reverse engineer obfuscated code but some parts. Obfuscation does protect the code, as all the variable names are changed and every unused method are removed, as well as some methods changed to non-con- ventional ways to program.
Obfuscation means to make something difficult to understand. Programming code is often obfuscated to protect intellectual property or trade secrets, and to prevent an attacker from reverse engineering a proprietary software program. Encrypting some or all of a program's code is one obfuscation method.
Press F12 to open Developer Tools inside Chrome. Now switch to the Scripts tab, right-click and choose De-obfuscate source. That's it!
Name obfuscation does not affect the performance and should always be used. You can virtualize methods that are not computationally intensive. Otherwise, control flow obfuscation should be used.
As long as the code still runs correctly, then no matter what numbers of obfuscator you use, it should be OK. Remember that the main concern of using obfuscator is to make the code unreadable as far as possible while maintaining its correctness.
re-obfuscating obfuscated code is a well know method of unobfuscating code. e.g. you can obfuscate classes to have names that do not form valid windows file names like
class COM1 { ... }
decompiling that would result in a file named COM1.java, which is not a valid windows filename and thus breaks many decompilers.
The solution would be to first re-obfuscate using a dictionary of names like class1, class2, method1, method2, field1, field2 and then decompile. The decompiled code will now not only be more valid to decompile, but more readable too.
Using obfuscators in serial would usually result in obfuscated code as strong as the last obfuscator used. (i.e. the chain is as strong as the last link)
I suggest you stick to one obfuscator but make sure you understand each and every option in the obfuscation process and how easy it is to undo.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With