ObfSRC v1.1.0
This release contains a GUI & prebuilt binary
ObfSRC
Published 02/26/2023 Updated 07/16/2023
ObfSRC is desktop application & library providing an experimental way to obfuscate Java source code through unicode escaping.
What Does It Do?
Desktop application (and optional library) that provides comprehensive malware protection with a user-friendly interface, focusing on Windows while also supporting other operating systems.
Media
Links
Requirements
- Java 8 or greater
How Does It Work
The Java-Compiler will automatically attempt to decode the escaped unicode, as a result the String turns into raw source code, rather than being defined in the scope of a String. Comments turn into raw source code, nothing is contained within the defined scope, I’m assuming the unicode decoding process happens very early in the parsing of the Java source file.
How To Use
Step 1) Generate the obfuscated source code:
- The easiest way to do this is to download the gui.
- Alternatively, an API is provided - look at the example here.
Step 2) Insert the obfuscated source code
Once you have generated the payload, you can insert it into any class. Depending on the scope you choose, you could execute before the main function has been called.
Execute code hidden in comments
//\u000A\u0073\u0074\u0061\u0074\u0069...
Execute code before the main method is called
public static final String unicodeFilter = "\u0022\u003B\u0073\u0074\u0061\u0074...";
Execute code hidden inside a function
System.out.println("\u0022\u0029\u003B\u002F\u002F\u0061\u006E\u0079\u0020\u0076...");
Examples of the above functions have been included in this test class
Click here to view an example implementation.
Disclaimer
- This is just an experiment to showcase a neat feature in the Java compiler.
- This doesn’t obfuscate any of the bytecode, the compiled class will show clearly what you are trying to hide.
- Oddly enough Intellij/Eclipse treat these entirely as Strings/Comments/Whatever you’re hiding it as, however, I’m sure there is some option to change that.
- JShell and other interpreters won’t be vulnerable to this, it seems to be a compiler specific issue.
Latest Updates
ObfSRC v1.0.0
This is the first release, there is no CLI or GUI, just the source file to generate the payload.
Links
- Download
- Report Bugs
- [View…