A deobfuscator for java
Important
This is dev(v2) version of diobfuscator version and it's not completed yet, if you are willing to help there is a list of things that needs to be completed. The old diobfuscator was moved to v1 branch.
- Porting old transformers to new code base
- Testing InstructionMatcher
- Implementing/Improving transformers
- Writing tests
- Feedback on how the new api presents itself (mainly InstructionMatcher)
- You can also provide samples of obfuscation to help with development of the transformers.
- No... there is no gui planned
- Also from now on Diobfuscator uses Java Google Codestyle
mvn fmt:formatmvn fmt:check
Built on: Java 17 (Temurin)
If you want to use this deobfuscator, you need to start it from your IDE manually.
- Place your obfuscated jar inside the root project directory. For example in
work/obf-test.jar - Navigate to class
Bootstrap.java - In this class edit the deobfuscator configuration
inputJar- Your obfuscated jar file that you placed in step 1transformers- Pick transformers that you want to run. You can find them indeobfuscator-transformersmodule.
- Run this class manually from your IDE. You MUST use our pre-configured IntelliJ task named
BootstrapOR append-Djava.security.manager -Djava.security.policy=./security-policy.txtto the java command's VM options.
Note
As you probably saw, java tells us that we are using SecurityManager which is deprecated and marked for removal.
The deobfuscator uses the class SandboxClassLoader that can safely load classes from untrusted places. The main feature of this classloader is that it prevents dangerous calls like System.exit, file operations or command execution. As you can see in JEP 411 there isn't currently any alternative, but they want to add different API before SecurityManager removal. So for now this is okay to use SecurityManager as this is the only option.
Contributions are welcome! See CONTRIBUTING.md for more information.
