
yGuard – An open-source Java obfuscation tool - Tomatenquark
https://github.com/yWorks/yGuard
======
Tomatenquark
Recently here at yWorks we have refactored yGuard to be distributed under MIT
licensed. As a goodie for new year, we'll share it with you!

~~~
marios
Not going to use yGuard anywhere, but thanks for opensourcing it. On the other
hand, I stumbled upon yEd some time ago and it has been my go-to tool for
diagrams ever since. Thanks to all the folks at yWorks that work on yEd !

------
kyberias
What is the modern use case for byte code obfuscation? It cannot provide any
strong protection against reverse engineering, so what's the point?

~~~
als0
Perhaps it's being open sourced because there's no longer a market for this
sort of thing.

~~~
ygra
It's been free before. It's not that we made money with it.

------
half-kh-hacker
As someone also working in the Java obfuscation space, it's cool to see old
obfuscators becoming open-source.

yGuard seems to only provide shrinking and remapping at this moment in time,
however. Heavier-duty obfuscators will also incorporate various other
transforms (like concealing string constants) to make the code harder to read.

~~~
jdc
Does it affect performance?

~~~
half-kh-hacker
A little, but you can balance the obfuscation's complexity so that the HotSpot
JIT is able to inline the transform.

Of course, this comes with a trade-off that custom deobfuscation transformers
will also be able to inline these, but that's theoretically possible for every
transform, anyway, since you can try some symbolic execution until you get the
string values back out.

------
BossingAround
It's kind of ironic that code used for proprietary purposes is open-sourced.

Thank you for open-sourcing it.

However, I hope I will never use this (or any such similar) piece of code.

------
AzzieElbab
I thought people use spring for that :)

------
s_Hogg
It's not obvious to me, unfortunately - what exactly is being obfuscated here,
the source code?

~~~
Tomatenquark
The java byte code residing inside your JAR(s). It will be disassembled using
ASM7, then obfuscated and reassembled.

