mangler obfuscator  Mangle-It Java Source Code Obfuscator


How to Use the Mangle-It Sample Project:  

Mangle-It ships with a sample project so you can quickly see for yourself what a powerful and useful tool it really is.  

To use the sample project:
1)Unzip the Mangle-It Test.zip file that ships with the product.  Any destination will do, but c:\ is preferable.  Both the source and destination folders will be created.

2)If you chose paths other than those suggested above, go to the Projects->Project Settings menu item and set the correct Source and Destination paths.

3)Click on the Actions menu and select Mangle Project "example".

5)Mangle-It will obfuscate the test files.  Inspect the mangled files - it is really cool!  Compile and run the test project from the destination folder.



Product Overview

 

Given the ease with which decompilers extract source code from compiled Java code, protecting your code and valuable intellectual property isn't easy.
   
Code obfuscation is currently one of the best methods for protecting Java code from reverse engineering. Obfuscation renders software unintelligible but still functionally equivalent to the original code, making the code next to impossible for a human to understand and therefor more resistant to reverse engineering and hacking.   If you look at the mangled code in the picture below, you would probably agree a would-be thief will have to work hard and dig deeply into the obfuscated source code to even begin guessing what each identifier means.
 
Obviously no method is fool proof, and given enough time and money any obfuscation scheme can be cracked.  However, most hackers only want to spend a few minutes cracking your product and then move on to the next.  So obfuscating your code is like putting an alarm in your car - you hope a code thief sees the protections you have implemented and simply moves on to a less protected victim, leaving your code uncracked and your property secure.

Key Mangle-It Java Code Obfuscator Features:

  • Replaces identifiers with nonsense names without affecting functionality
    • Allows for user-definable lists of preserved names, so public API identifiers remain unchanged.
    • Predefined lists of reserved identifiers for Java JDK and other popular libraries provided.
  • Strips comments entirely, or at your option mangles identifiers in comments used by tools like XDoclet.
    • Allows user definable comments to be added to mangled code, to preserve Copyright and public documentation
  • No changes to the your Java compilation or execution procedures or environment
  • Command line and GUI interfaces
  • Obfuscates an entire set of files in one step, consistently, without breaking the source code

Most code obfuscators cost anywhere from $300-$3,000 or more, making them expensive or unaffordable for most software developers.  At $69.99, Mangle-It finally allows a wide range of software developers to protect their property at a reasonable cost.

 

 

screen shot


Getting Started

 

    Creating a new project

 

For more detailed information on creating new projects, please go here.
 
Mangle-It provides a convenient New Project Wizard to get you up and running in minutes.  Go to the Projects->New Project Wizard menu item.  The wizard will take you through all the steps in setting up a project.  Please note that the settings you choose are not permanent and may be changed at any time. 
 

  

    Obfuscating Source Code with Mangle-It

 

 

Start in Debug Mode.  Once your project is created, you are ready to mangle the source code.  It often takes several attempts for the code to mangle properly, and until you are successful you should mangle in "Debug Mode".  Instead of replacing symbols with a meaningless identifier, in debug mode Mangle-It simple prepends the string "_debug_symbol_" to any symbols it mangles.  In this way it is obvious to a human if a symbol was mangled that shouldn't have been ( for example, "_debug_symbol_toString()").  In the trial version, only debug mode is available.
 

After your first compile attempt.  Expect errors.  By far the most common error is that Mangle-It mangled a symbol that should be placed in a No-Mangle List.  Most frequently the symbol is one that is defined outside of your code and should not be mangled.  For example, if your code uses the function Document.createElement() and Mangle-It converts that to a meaningless string your code will not compile. This problem is easily solved – simply add the offending symbol to a No-Mangle List so Mangle-It leaves it alone when mangling the rest of your code.

Once you code can be mangled successfully in Debug Mode, you are ready to mangle your code.  Select Release Mode from the top of the screen,  go to the Actions menu and select "Mangle Project <your project name> Files".  Most projects can be fully mangled in just a few minutes. 

   
Please go here to read more about managing No-Mangle Lists.
 
Fortunately, Mangle-It ships with over 150,000 symbols from commonly used Java libraries - so you will probably only have to follow the above procedure for a handful of symbols.
 
If you will be encrypting the strings in your code you will have to add a java file generated by Mangle-It to your Primary Source Tree to decrypt the strings at run-time  (by default this file is named PCEncrypt.java- you specify the package ).  If you specify string encryption, Mangle-It will add the correct import statement for PCEncrypt to your java files.  The New Project Wizard prompts you to create these files, and they can be created later on by going to the "Projects" menu item and selecting "Project Settings".
 
   

    Using the Command Line


You should use the UI version of Mangle-It to adjust project settings and make sure your project obfuscates correctly in Release Mode.  However, once your project obfuscates correctly you may want to use the command line to obfuscate your project, possibly as part of a build script.

The options are easy, just type MangleItJava followed by your project name.  If you wish to obfuscate in debug mode from the command line the flag "/debug" is available.  To obfuscate the "example" project that ships with Mangle-It, use the following:

MangleItJava example

or

MangleItJava example /debug

Note that the command line not available in Trial Mode.

 


    More Information

How to Create a New Project
Using Project Options
Managing No-Mangle Lists
Backing Up Your Database
 

 

    FAQ (Frequently Asked Questions)

 

 

1.1 Can I "reverse-obfuscate" a file and produce the original code from obfuscated code?
No. Mangle-It strips comments out and uses a randomized algorythm to replace the names of symbols.  Fortunately Mangle-It forces you to designate Primary and Mangled directories - files are always copied from the Primary to Mangled directories and then mangled.  Mangle-It never touches your original code!
 
1.2 My project consists of multiple files, each calling functions from several others.  Will Mangle-It Java Code Obfuscator work properly - meaning will the mangled version of the same symbol be the same in every file?
Yes, the mangled version of the same same symbol will be the same in every file of your project.
 
1.3 Suppose I protected a project with Mangle-It Java Code Obfuscator that contains several files, and one year later I added a function to my project in one of the files. Will I have to re-obfuscate entire project? Will I have to resend new mangled version of all files to the client, or I will have to send only the changed file?
If you make changes to the original code base, you will have to re-mangle the project and send all files..
 
1.4 The code I plan to obfuscate is called by code that should stay non-obfuscated. Obviously after obfuscation the "calling" code doesn't work since names of functions it calls have changed. What should I do?
Mangle-It lets you maintain No-Mangle Lists.  No-Mangle Lists contain symbols that should not be mangled by Mangle-It.  Simpy add the desired symbols to a No-Mangle List. 
 
Mangle-It comes with over 150,000 symbols in pre-built No-Mangle Lists.  You will find these lists dramatically decrease the time you spend mangling your code.
 
1.5 My project uses some library, and names of all functions in it start with the same string (or match some regular expression). Is there an option exclude all these symbols from obfuscation?
See 1.4 above concerning No-Mangle Lists.  There is not a wild card feature when adding symbols to No-Mangle Lists.  However, symbols can be added in bulk from a file. 
 
1.6 Can we have an evaluation version of Mangle-It Java Code Obfuscator?
You can get non-expiring version of Mangle-It Java Code Obfuscator by downloading from www.PCSentinelSoftware.com. Certain functionality is excluded from the evaluation version.
 
1.7 What documentation should I really read in order to start using Mangle-It Java Code Obfuscator?
Mangle-It is designed to be easy to use.  Simply reading this FAQ and the Quick Start Guide should be sufficient.
 
1.8 Is Mangle-It Java Code Obfuscator suitable for my project?
Yes, Mangle-It Java Code Obfuscator is very flexible and can be used for project of any kind and size.  Obviously the time to mangle source code is proportional to the size of the project.  Mangle-It can mangle most projects in just a few minutes or less. 
 
1.9 Is it helpful for security to obfuscate file several times (i.e. mangle and already mangled file)?
No, mangling already mangled code does not help at all. Mangline once is enough.
 
2.0 I've installed trial version of Mangle-It Java Code Obfuscator. How can I use command line interface of it?
The command line is not available on the evaluation version of Mangle-It.
 
2.1 What interface to Mangle-It Java Code Obfuscator would you recommend - commandline or GUI? Are they equal featurewise?
You will need to use the GUI interface to set up your project, but once this is accomplished the two interfaces are equivalent in terms of features. 
 
2.2 How do I backup the Mangle-It database?
Go here for detailed instructions.
 

 
 
 
 
 
 
Copyright 2008. All rights reserved.