Disclaimer: This is not a sponsored post. However so my current employee pays me for maintaining the repository, so it's fair to mention them.

I work for a company calledyWorks. They makelibraries for graphs that are (imho) state of the art, and also are a fun company to work at 🍺

Because these libraries are sophisticated the company is very inclined to protect their intellectual property. In the golden age of Java (which was right about the time they put this onto the market) it would have been crucial to implement some sorts of protection in order to ensure this IP. This is whyyGuard was initially developed (side note: when I first touched the repository, some assets were as old as 11 years).

I love open source - period. Knowing this, my CTO approached me a while ago, certain I would be all 🔥 for making this product available for a wider audience. We had a brief discussion and off I went on my journey to make it open-source.

I made a checklist of things that needed to be addressed before releasing it to the public on GitHub:

• relicense everything that can be relicensed ✅
• replace proprietary code with libraries or rewrite it if necessary ✅
• replace ancient build system and dependencies with up-to-date ones ✅
• set up tests and CI so it stays in good shape ✅
• add extensive documentation and sample code ✅
• add contribution guidelines ✅

With this list done, I'm thrilled to announce: we releasedyGuard into the wild (a while ago)!

This post however should not only be a mere release announcement, but I am going to put some sample code here, so it becomes clear what this obfuscation actually does 💡

Say, we have a rather complete Java application that has an entrypoint like so:

packagecom.yworks.example;publicclassHelloWorld{publicstaticvoidmain(String[]args){System.out.println("Hello World");}}

Now, given we useGradle as our build system, we could use a very simpleyguard task to obfuscate the resulting.jar

taskobfuscate{dependsOnjardoLast{ant.taskdef(name:'yguard',classname:'com.yworks.yguard.YGuardTask',classpath:sourceSets.main.runtimeClasspath.asPath)defarchivePath=jar.archiveFile.get().asFile.pathant.yguard{inoutpair(in:archivePath,out:archivePath.replace(".jar","_obf.jar"))shrink(logfile:"${buildDir}/yshrink.log.xml"){keep{method(name:"void main(java.lang.String[])","class":application.mainClassName)}}rename(mainclass:application.mainClassName,logfile:"${buildDir}/yguard.log.xml"){property(name:"error-checking",value:"pedantic")}}}}

This tells the build system:

• configure anAnt task so we can useyguard
• execute theyguard task with an input and output.jar
• shrink the resulting.jar, leaving only classes and methods that are loaded frommain
• obfuscateall class names, function names, variable names, ...except formain

Once we callgradle obfuscate this will produce an obfuscated.jar, leaving nothing but a weird trail of characters in the file names and classes.

Did you notice thelogfile property? This is the best part. We can use the mapping established during obfuscation to unscramble stacktraces!

I could write a rather lengthy article about all the possible configurations that you can use, which would far exceed a simple introduction. Maybe someday, somewhen I'll give a nice talk about how it all works 😎. In the meantime, please have a look at theextensive documentation andexamples, which covers all of these options.