Skidfuscator: Obfuscation like never seen before.
♛ Join the discord: https://discord.gg/mTaZDCngEW ♛
Skidfuscator is a proof of concept obfuscation tool designed to take advantage of SSA form to optimize and obfuscate Java bytecode
code flow. This is done via intra-procedural passes each designed to mingle the code in a shape where neither the time complexity
neither the space complexity suffers from a great loss. To achieve the such, we have modeled a couple of well known tricks to
add a significant strength to the obfuscation whilst at the same time retaining a stable enough execution time.
#
Features Here are all the cool features I've been adding to Skidfuscator. It's a fun project hence don't expect too much from it. It's purpose is
not to be commercial but to inspire some more clever approaches to code flow obfuscation, especially ones which make use of SSA and CFGs
## Third Generation Flow
What is third generation flow obfuscation? Well, contrary to Zelix's second generation flow obfuscation, we use an even more complex system with private and public seeds. Here's
how it works:
Graph representing the two different approaches towards flow obfuscation between Zelix (17.0) and Skidfuscator (0.0.1)
## Libraries
You can now specify a folder where libraries are situated. These are used to establish a hierarchy of classes, something absolutely crucial for our interprocedural obfuscation. This will not be mandated in the future for non-interprocedural obfuscation in the future. You can learn more about this system on our wiki.
## Phantom Libraries (optional)
In the original 1.0 version, libraries were generated by Phantom by default. In this version, this has been changed to instead become
and optional parameter due to the increasing amount of bugs and issues related to JPhantom. Hence, for smaller softwares which only
make light use of dependencies, it is possible to use the
-ph or --phantom parameter.## Exclusions
You can now specify exemptions using Regex. View more about the functionalities of exemptions on our wiki. Here is an example of an exemption configuration:
Code:
method{main}
class{(^joptsimple)|(^net)|(^org)|(^io)|(^protocolsupport)|(^it)|(^shaded)|(^gnu)|(^club)|(^okhttp3)|(^okio)|(^tomp2p)|(^javax)|(^kotlin)|(^com)}
method{weirdMethod} static class{(?s).*}## Range Obfuscation
The new range obfuscation makes use of try-catches to break down the control flow graph and make it harder to reverse. As opposed
to a traditional code where
if A then B, the range obfuscation will transform it to if A then throw Exception then catch Exception then B. This is practical for breaking decompilers such as CFR. #
Preview
We currently are working on a variety of ways to approach this system using various lightweight obfuscation methods. Here are the current ones
to date:
| Feature | Description | Availability |
|---|---|---|
| Flow (Generation 3) | Obfuscates a method using the Gen 3 methodology | Available in Community Edition  |
| Bogus Jump | Invalid jump to some random generated code to prevent skidding | Available in Community Edition |
| Bogus Exception | Invalid jump to some random generated exception | Available in Community Edition |
| Strong Opaque Predicate | Use heredity and method invocation to pass a predicate as opposed to declaring it at the beginning of the CFG | Available in Community Edition |
| Flattening | Use a dispatcher method to harden the semantics of some block ranges (do not use entire method) | Disabled in Community Edition (Not fully operational)  |
| String Encryption | Encrypt the strings using the opaque predicate | Available in Community Edition |
| Reference Encryption | Encrypt the reference calls using InvokeDynamic using the opaque predicate | Available in Enterprise Edition |
| Reference Proxying | Proxy references using a builder pattern OR dispatcher classes (mostly for initialisation) | Available in Enterprise Edition |
| Exception Jump | Changes done to flow semantics by forcing an exception then handling all the code in the catch clause | Available in Community Edition |
| Exception Return | Throw an exception with the value and catch it as opposed to returning it (Very heavy) | Available in Enterprise Edition |
### NEW Switch Mutation
### Fake exceptions
### Fake jumps
# Credits
## Libraries used
## Inspired from
- Soot
- Zelix KlassMaster
- Type
- Offering
- Exclusivity
-
- Non-exclusive
- Server software
-
- Bukkit
- Spigot
- Paper
- Supported versions
-
- 1.7
- 1.8
- 1.9
- 1.10
- 1.11
- 1.12
- 1.13
- 1.14
- 1.15
- 1.16
- 1.17
- 1.18
