obfuscator-list

• AckerRun - FOSS. Lightweight/Heavy obfuscator depending on your config. Has some interesting features that not every other obfuscator has. Looks like XenonGuard skid but I can't confirm that.
• Allatori - Commericial. Somewhat popular choice in industry.
• Ambien - FOSS. Obfuscator that is not getting actively developed anymore. Has some cool packaging features mainly targeting Recaf 2x with a great succeed since their RedHerring feature adds a fake jar before the real one. Most RE tools don't read backwards like the JVM, so they will read the fake jar. Also has a decent Crasher transformer that confuses various decompilers & other reverse engineering tools. Still contain some bugs/issue to this day.
• Avaj - FOSS. Has a nice way of generating decryption subroutines on string constants. Also has some CFG flattening which is always nice to see.
• Binscure - Commercial. Binscure was a commercial Java obfuscator that had a running spat with Recaf. Its primary advertised features were its crasher and zipping abilities and intense flow/indy obfuscation. However as with most cat-and-mouse games, one side would give up. Since we're using past tense here, its Binscure if you haven't caught on. The ASM/RE tool crashers are now fully patched in Recaf with current versions. The flow and indy obfuscation still is fair for the current market. Can be deobfuscated using Narumii/JavaDeobfuscator
• BisGuard - Commercial. It's a Java packer for the insane asking price of $1200. All it does is wrap your jar with a simple cipher. There is no additional protection. Relies entirely on class encryption (last time I checked, at least) so protection has quite a bit of room for improvement. BisGuard has no configuration because it only has the packing feature. Seems to be really buggy for the asking price of $1200. Breaks MANIFEST files.
• Black - FOSS. Black Obfuscator is an obfuscator for Android APK DexFile, it can help developer to protect source code by control flow flattening, and make it difficult to analyze the actual program control flow.
• Bozar - Points for FOSS. Has some cheap tricks along with GUI that I have seen being used in the Minecraft community. Can be deobfuscated using Narumii.
• BranchLock - Commercial. An online, web-based obfuscator primarily known for its AntiDebugging features. It advertises itself as 'modern, lightweight, but powerful,' which is now untrue, considering that it can't compete with modern obfuscators anymore. It appears somewhat in the Minecraft community. However, it no longer receives updates.
• Bruhfuscator - FOSS. Obfuscator based on Ambien, with many transformers skidded from other projects.
• Caesium - FOSS. Has a transformer that implements a well-known HTML injection into any Java reverse-engineering tool that parses HTML tags. Shows a lot in Minecraft community. Can be deobfuscated using Narumii.
• CheatBreaker - FOSS. Decent obfuscation that looks similar to Caesiums (Prob. Skidded). Obfuscation is overall decent. Shows in Minecraft community. Can be deobfuscated using JavaDeobfuscator
• ClassGuard - Commercial. Relies mostly on class encryption with hardcoded AES keys in native libs. Pretty easy IDA/Binary Ninja/Ghidra exercise if you want to flex on your blog on something. Can be deobfuscated using JavaDeobfuscator.
• CodeEncryptor+ - FOSS. It's 3 days old while I am typing this. This project uses JNI to encrypt bytecode and JVMTI to decrypt bytecode in order to protect code. It provides two DLL files: one for encryption and one for decryption. During actual execution, only the decryption DLL file is used. It supports custom keys and package names. The encrypted Class files becomes malformed and cannot be parsed. Apart from retaining the Magic part at the beginning, the rest becomes unrecognizable bytes.
• Colonial - FOSS. Rename of Simple Obfuscator.
• Crater - FOSS. Basic java obfuscator.
• DashO - Commercial. Shows up a bit in industry and has some interesting ideas (albeit probably outdated) in flow obfuscation. Can be deobfuscated using JavaDeobfuscator.
• DexGuard - Commercial. Mainly used for obfuscating Android apps. Never saw any samples. Can be deobfuscated using JavaDeobfuscator.
• Dogfuscator - Commercial. N/A
• Eskid - Commercial. Decent obfuscator based on HsGuard/Scuti. Shows a lot in Minecraft community. Could be possibly deobfuscated using Ackeruns Eskid deobfuscator trasnformer. Got cracked by PlutoSolution.
• GOTO / GOTO - FOSS. A obfuscator made by chinese ppl written in Kotlin. Has interesting features but they are kinda broken.
• Grunt - Obfuscator written in Kotlin. Can be used as main obfuscator all tho there are missing some features such as Crasher or Flow obfuscation. Overall has very good features that are compatible with each other. Mainly known in Minecraft Comunity for it's mixin support renamer, native candidates and compatibilty with obfuscating Forge mods/Plugins. Contains some features that can be found in paid obfuscators.
• HsGuard - FOSS. Obfuscator developed by Chinese ppl. Bad skid of Scuti with minimal additions. Can be deobfuscated using Narumii.
• J2CC - Commercial. A new transpiler on the market going for $100 per personal license. I don't really have much to say about it right now since I just discovered it today but here is a sample provided by the developer him self.
• Javari - FOSS. Has a few cheap tricks related to crashing and variables. Also has a renamer and a generic String Encryptor.
• JNIC - Commercial. One of not so many Java Native Interface Compilers that offers String Encryption, Control Flow with Flattening and their famous Native compiler. This obfuscator is mainly used for the Native compiling and does a really good job doing so. You can often see JNIC in Intent/1.8 cheat clients. Be aware that the Native obfuscation could cause lag or slow down the processes made in the application. If you would decide to use JNIC for obfuscation then make sure to not use it on it's own and instead use something with it.
• JBCO - FOSS. Some interesting flow obfuscation techniques that still work in modern Java. Based on the Soot library which is also something worthwhile checking out.
• JObf/Sb27 - FOSS. Pretty outdated. Due to the generic name is more commonly referred to by the author's name superblaubeere27 / sb27. Has some basic features along with a GUI. Still shows allot in the Minecraft Community (Mainly in Japanese/Chinese Anarchy Clients). Can be easily deobfuscated with no effort using Narumii/JavaDeobfuscator.
• JObfuscator - Commericial. Most of the obfuscated code are just int/double arrays with some light flow obfuscation (Based off sample). Uses polymorphic algorithm for strings encryption. Has only few features. Last update was made on 09.08.2022 which is a version 1.10.
• Mosey - FOSS. Outdated obfuscator mainly coded in Scala. Overall is no recommended for use since the obfuscation is very light and is easy to deobfuscate. Mainly used for 2+. layer obfuscation. Can be deobfuscated using Narumii.
• MyJ2C - FOSS. Obfuscator made by chinese ppl that managed to skid some of Allatoris parts such as String Enc. and some other things into their project. Overall only recommend using it when u have nothing else to use. Can be partially deobfuscated using Allatori deobfuscator. Has a interesting feature called "Confusing CallSites".
• NeonObf - FOSS. Made up of the easier to defeat obfuscation techniques. NeonObf is also the name inspiration for Radon.
• Ob - FOSS. Older obfuscator from 2011 with string encryption, branching, and a renamer.
• Obzcure - Discord (Dead) - Commercial. Web-based obfuscation service with some inspiration taken from Radon and SkidSuite2. Used to go by the name "SpigotProtect" so you might see some Spigot plugins using the obfuscation from this product if you look around hard enough. Can be deobfuscated using JavaDeobfuscator.
• Paramorphism - Discord (Dead) - Commercial. Was one of the most unusual and unique obfuscators at the time it was an active project in that relied a lot more on the JVM's unusual way of loading JAR archives including zip entries with duplicated names and the fake directory trick. Used to be more commonly used before people started ripping ideas from Paramorphism. Can be deobfuscated using JavaDeobfuscator.
• Popuskator - FOSS. Obfuscator based of Ambien. 100% Skidded, nothing custom.
• qProtect - Discord - Commercial. Got cracked millions of times, Devs and Admin only care about money, promotion and like to d0x people that don't like qProtect and possibly harass them or try to scare them. Horrible scam for $70 (Skidfuscator FOSS would do better).
• Radon - FOSS. Abandoned experimental obfuscator by ItsSomebody (The person that made some of the parts of this Obfuscator list). Radon is an open-source free obfuscator. It has a UI that's visually similar to Skidfuscator/ProGuard and it is very intuitive to use. Easy to deobfuscate using JavaDeobfuscator.
• Sandmark - FOSS. Really old obfuscator research project led by Christian Collberg at the University of Arizona. Has some interesting ideas in static and dynamic watermarking (Embeder & Recognizer) are some of the flow obfuscation ideas are good.
• Scuti - FOSS. Outdated obfuscator. Has an option to pack classes into binary blobs, and load them via a classloader. The binary blob names are just the original class names with simple XOR encryption, and the blob contents are the original class file with simple XOR encryption. Can be deobfuscated using Narumii.
• Sentinel - Discord - FOSS. Dead, Obfuscator mainly known in Minecraft community. Has some basic features. Currently there are no public transformers for it and still can be used. If you decide to use it, make sure to use key "sentinelisback" once you run it in cmd.
• Skidfusctor Community - Discord - FOSS. Skidfuscator is known obfuscator for its simplicity, ease of use, and effectiveness in protecting Java applications from reverse engineering and tampering. You can get free (community) version having overall strong obfuscation. Paid (Enterprises) version has (Unfinished) Native obfuscation with some other features that aren't included in the Community version. Has its own documentary website. Requires libraries (Doesn't have max depth). Free version has slightly broken Matcher. Uses Maple IR framework which is something worth checking out. Shows a lot in Minecraft community.
• Skidfuscator Enterprises - Discord - Commercial. Skidfuscator Enterprises is a paid, better version of Skidfusctor Community, which offers more and better features. The SRC of this obfuscator has recently been leaked by Walmart Solutions as a pre-2k member special on their Discord server. There are currently no deobfuscators that support Skidfuscator Enterprises.
• Souvenir - FOSS. Lightweight obfuscation that doesn't have anything special. Has only 3 transformers (Light Flow, String, Number).
• Stringer - Commericial. Pretty infamous for its complicated AES-based encryption/decryption routines and price. Does not really offer a whole lot of protection, but sometimes does show up in industry. Can be deobfuscated using JavaDeobfuscator and got cracked few times.
• Virbox Protector - Commercial. A native obfuscator, has a code virtualization made by chinese ppl. It's very different from native obfuscators from github and it's very expensive, almost 10k CNY per year.
• XenonGuard - FOSS. XenonGuard is a somewhat decent obfuscator based off CheatBreaker. Kinda looks like free version of ZKM. Has a very good and useful features that not every obfuscator has these days. Even tho there are no public deobfuscation transformers, I still recommend layering it since it's based off CheatBreaker and I am unsure if some transformer are still from CheatBreaker. Overall I really like this one.
• yGuard - FOSS. Functionally equivalent to ProGuard as far as I can tell.
• zProtect - Discord - Commercial. Stupid Binscure skid. Not recomended for use. SRC of it has been leaked and their obfuscation could be possibly deobfuscated using darklols zProtect deobfuscator or using Binscure deobfuscator to semi deobfuscate it.
• ZKM (Zelix Klass Master) - Commercial. Zelix KlassMaster Obfuscator is known for its robust obfuscation techniques and strong obfuscation capabilities and is used by many companies to protect their Java applications from reverse engineering and tampering. Currently the best obfuscator for Java right now and always drops a insane update to patch stuff whenever there are public deobfuscation transformers.
• Zortfuscator (Discord) - Commercial. Dead, not so known obfuscator. Can tell that it has good obfuscation techniques from the look at the samples they have on their discord server and some small sample in a video made by akita.

Obfuscation Branchmarks:

https://github.com/huzpsb/JavaObfuscatorTest