These tools automatically remove obfuscation by different obfuscators and packers.
Tool | Description | Links |
---|---|---|
Java Deobfuscator | Java deobfuscator is a tool created by Samczun and others. It provides an easy to use interface for removing obfuscation of popular tools such as: Allatori, ClassGuard, DashO, Stringer, and Zelix (Additional general obfuscation practices also supported) | Deobfuscator / GUI |
SSVM | SSVM is a minature VM with intercepting logic, making it easy to create custom peephole optimizers. Recaf 3X bundles it for simple UI access. | SSVM |
Stringer Verification Bypass | Automatically removes integrity checks created by Stringer. This is targeted at Stringer 3.0.x, which is signifigantly outdated but people still use it since you can.. *Ahem* "find it online", so its still useful. | Stringer Verification Bypass |
Threadtear | Java deobfuscator is a tool created by Graxcode. It provides an easy to use graphical interface for removing obfuscation of popular tools such as: Allatori, Paramorphism, DashO, Stringer, and Zelix (Additional general obfuscation practices also supported) | Threadtear |
Deobfuscator | narumii's deobfuscator is similar to Threadtear in behavior (And its security holes with 'sandboxing') and has a discord community for obf identification/help. | Deobfuscator |
Zelix Killer | Similar to JavaDeobfuscator in usage, but entierly focused on Zelix Klassmaster. Supported Zelix versions are 8 and 11. | Zelix Killer |
Java Unpacker | While not technically deobfuscation, dumping is very similar and can be used as a supplement to obfuscation. So I'll include it. Supported packers are:
|
Java Unpacker |
Maple IR | Analyzes the control flow of bytecode and performs several optimization techniques, resulting in cleaner bytecode that still yields the same behavior. | Maple IR / Whitepaper |
Recaf | Recaf is a bytecode editor, but also patches a variety of ASM crashes, handles some zip file format tricks, and has SSVM integration in 3X releases. | Recaf |
These tools remap classes in application jars in a similar way that the refactoring feature works in most IDE's. They're more focused in their purpose so remapping is actually a much easier on a large scale using these tools rather than decompiling code and using an IDE's refactor function.
Tool | Description | Link |
---|---|---|
JRemapper | Uses CFR decompiler. It can export a mappings JSON or a mapped Jar file. | JRemapper |
Enigma | Uses Procyon decompiler. It can export a mappings text in the Enigma/SRG/Tiny formats or a mapped Jar file. | Enigma |
For ZIP/JAR file format obfuscation and tricks, use LL-Java-Zip to parse ZIP files in the same way the JVM internally does. For a GUI, you can drop a ZIP/JAR into Recaf and re-export it since imports are filtered through LL-Java-Zip.
For class file crashers used by obfuscators, use CAFED00D to drop illegal attributes from class files that cause these issues. For a GUI, you can drop a ZIP/JAR into Recaf and re-export it illegal classes are filtered through CAFED00D.