Art of BI: Obsfucating or Preventing Decompiling of Your Java Code

So, when creating a non open source Java application or library where you do not want the uncompiled code assessable, there seems to only be one way to truly achieve this.  That is through obsfucating your code at compile time. Preferably this is done using an obfuscation tool and integrating it into the ANT build process (build.xml). There are a few pay, free, and open-source solutions that will help a developer accomplish this.

I wanted to focus on the free/OSS solution for this and since NetBeans is my Java IDE of choice I stayed close to that combined solution.  What I found was that the main solutions to obsfucate are proguard, yGuard, and RetroGuard.

I like the idea of going with the open-source concept of proguard (or some mod) as this seems like what a lot of vendors such as Oracle are using within several of their applications/tools.

There are a few tutorials such as this one from Geertjan at Oracle a few years back.  Clearly, if Oracle is pushing this strategy it is probably a good way to go.  Check the comments on that blog post to see that some people have even attempted to use deobfsfucator/decompilers tools such as JD to no avail.  I like it!

References:

• http://proguard.sourceforge.net/
• http://www.yworks.com/en/products_yguard_about.htm
• http://wiki.netbeans.org/DevFaqModuleObfuscation
• http://blogs.oracle.com/geertjan/entry/obfuscation
• http://netbeans.dzone.com/tips/obfuscating-netbeans-java-appl
• http://java.decompiler.free.fr/