This project aims to deobfuscate most commercially-available obfuscators for Java.
To download an updated version of Java Deobfuscator, go to the releases tab.
If you would like to run this program with a GUI, go to https://github.com/java-deobfuscator/deobfuscator-gui and grab a download. Put the deobfuscator-gui.jar in the same folder as deobfuscator.jar.
detect.yml
with the following contents. Replace input.jar
with the name of the input
input: input.jar
detect: true
java -jar deobfuscator.jar --config detect.yml
to determine the obfuscators usedconfig.yml
with the following contents. Replace input.jar
with the name of the input
input: input.jar
output: output.jar
transformers:
- [fully-qualified-name-of-transformer]
- [fully-qualified-name-of-transformer]
- [fully-qualified-name-of-transformer]
- ... etc
java -jar deobfuscator.jar
Take a look at USAGE.md or wiki for more information.
If you're trying to recover the names of classes or methods, tough luck. That information is typically stripped out and there's no way to recover it.
If you are using one of our transformers, check out the commonerrors folder to check for tips.
Otherwise, check out this guide on how to implement your own transformer (also, open a issue/PR so I can add support for it)
The automagic detection should be able to recommend the transformers you'll need to use. However, it may not be up to date. If you're familiar with Java reverse engineering, feel free to take a look around and use what you need.
You need to specify all the JARs that the input file references. You'll almost always need to add rt.jar
(which contains all the classes used by the Java Runtime)
Increase your stack size. For example, java -Xss128m -jar deobfuscator.jar
Technically, yes, you could use something like dex2jar or enjarify. However, dex -> jar conversion is lossy at best. Try simplify or dex-oracle first. They were written specifically for Android apps.
Java Deobfuscator is licensed under the Apache 2.0 license.