{"id":13845364,"url":"https://github.com/ClaudiuGeorgiu/Obfuscapk","last_synced_at":"2025-07-12T02:30:52.962Z","repository":{"id":37743098,"uuid":"202535048","full_name":"ClaudiuGeorgiu/Obfuscapk","owner":"ClaudiuGeorgiu","description":"An automatic obfuscation tool for Android apps that works in a black-box fashion, supports advanced obfuscation features and has a modular architecture easily extensible with new techniques","archived":true,"fork":false,"pushed_at":"2024-07-27T12:16:20.000Z","size":7438,"stargazers_count":1093,"open_issues_count":0,"forks_count":286,"subscribers_count":46,"default_branch":"master","last_synced_at":"2024-09-26T22:02:17.494Z","etag":null,"topics":["android","apk","apktool","app","application","black-box","obfuscapk","obfuscation","smali"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ClaudiuGeorgiu.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"docs/CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"docs/CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"docs/SECURITY.md","support":"docs/SUPPORT.md","governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2019-08-15T12:13:29.000Z","updated_at":"2024-09-24T06:07:54.000Z","dependencies_parsed_at":"2024-04-14T11:41:14.034Z","dependency_job_id":"2bbe96fd-19ee-4206-bded-38be9694c9df","html_url":"https://github.com/ClaudiuGeorgiu/Obfuscapk","commit_stats":null,"previous_names":[],"tags_count":5,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ClaudiuGeorgiu%2FObfuscapk","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ClaudiuGeorgiu%2FObfuscapk/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ClaudiuGeorgiu%2FObfuscapk/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ClaudiuGeorgiu%2FObfuscapk/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ClaudiuGeorgiu","download_url":"https://codeload.github.com/ClaudiuGeorgiu/Obfuscapk/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":225784436,"owners_count":17523648,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["android","apk","apktool","app","application","black-box","obfuscapk","obfuscation","smali"],"created_at":"2024-08-04T17:03:21.757Z","updated_at":"2024-11-21T18:31:20.561Z","avatar_url":"https://github.com/ClaudiuGeorgiu.png","language":"Python","funding_links":[],"categories":["Tools","Python"],"sub_categories":["Reverse Engineering"],"readme":"\u003e [!IMPORTANT]\n\u003e This project is archived and no longer maintained.\n\u003e \n\u003e Some of the most common questions are answered in\n\u003e [FAQ](https://github.com/ClaudiuGeorgiu/Obfuscapk/blob/master/docs/FAQ.md) and\n\u003e [troubleshooting](https://github.com/ClaudiuGeorgiu/Obfuscapk/blob/master/docs/TROUBLESHOOTING.md).\n\n![Logo](https://raw.githubusercontent.com/ClaudiuGeorgiu/Obfuscapk/master/docs/logo/logo.png)\n\n\u003e A black-box obfuscation tool for Android apps.\n\n[![Codacy](https://app.codacy.com/project/badge/Grade/076af5e6284541d39679c96d16d83772)](https://www.codacy.com/gh/ClaudiuGeorgiu/Obfuscapk)\n[![Code Coverage](https://codecov.io/gh/ClaudiuGeorgiu/Obfuscapk/badge.svg)](https://codecov.io/gh/ClaudiuGeorgiu/Obfuscapk)\n[![Python Version](https://img.shields.io/badge/Python-3.7%2B-green.svg?logo=python\u0026logoColor=white)](https://www.python.org/downloads/)\n[![License](https://img.shields.io/badge/license-MIT-blue.svg)](https://github.com/ClaudiuGeorgiu/Obfuscapk/blob/master/LICENSE)\n\n\n\n**Obfuscapk** is a modular Python tool for obfuscating Android apps without needing\ntheir source code, since [`apktool`](https://ibotpeaches.github.io/Apktool/) is used\nto decompile the original apk file and to build a new application, after applying some\nobfuscation techniques on the decompiled `smali` code, resources and manifest. The\nobfuscated app retains the same functionality as the original one, but the differences\nunder the hood sometimes make the new application very different from the original\n(e.g., to signature-based antivirus software).\n\n### :new: Android App Bundle support :new:\n\nObfuscapk is adding support for\n[Android App Bundles](https://developer.android.com/guide/app-bundle) (aab files) by\nusing [BundleDecompiler](https://github.com/TamilanPeriyasamy/BundleDecompiler) (see\n[#121](https://github.com/ClaudiuGeorgiu/Obfuscapk/pull/121)). In order to use this new\nfeature, download the latest version of BundleDecompiler available from\n[here](https://github.com/TamilanPeriyasamy/BundleDecompiler/tree/master/build/libs),\nsave it as `BundleDecompiler.jar` in a directory included in `PATH` (e.g., in Ubuntu,\n`/usr/local/bin` or `/usr/bin`) and make sure it has the executable flag set.\n\n\u003e [!IMPORTANT]\n\u003e BundleDecompiler doesn't work on Windows yet, so app bundle obfuscation is not\n\u003e supported by Obfuscapk on Windows platform. Also, app bundle support is still in early\n\u003e development, so if you faced any problems or if you want to help us improve, please see\n\u003e [contributing](#-contributing).\n\n\n\n## ❱ Publication\n\nMore details about **Obfuscapk** can be found in the paper\n\"[Obfuscapk: An *open-source* black-box obfuscation tool for Android apps](https://doi.org/10.1016/j.softx.2020.100403)\".\nYou can cite the paper as follows:\n\n```BibTeX\n@article{aonzo2020obfuscapk,\n    title = \"Obfuscapk: An open-source black-box obfuscation tool for Android apps\",\n    journal = \"SoftwareX\",\n    volume = \"11\",\n    pages = \"100403\",\n    year = \"2020\",\n    issn = \"2352-7110\",\n    doi = \"https://doi.org/10.1016/j.softx.2020.100403\",\n    url = \"https://www.sciencedirect.com/science/article/pii/S2352711019302791\",\n    author = \"Simone Aonzo and Gabriel Claudiu Georgiu and Luca Verderame and Alessio Merlo\",\n    keywords = \"Android, Obfuscation, Program analysis\"\n}\n```\n\n\n\n## ❱ Demo\n\n![Demo](https://raw.githubusercontent.com/ClaudiuGeorgiu/Obfuscapk/master/docs/demo/cli.gif)\n\n\n\n## ❱ Architecture\n\n![Architecture](https://raw.githubusercontent.com/ClaudiuGeorgiu/Obfuscapk/master/docs/architecture/architecture.png)\n\nObfuscapk is designed to be modular and easy to extend, so it's built using a\n[plugin system](https://github.com/tibonihoo/yapsy). Consequently, every obfuscator is\na plugin that inherits from an abstract\n[base class](https://github.com/ClaudiuGeorgiu/Obfuscapk/blob/master/src/obfuscapk/obfuscator_category.py)\nand needs to implement the method `obfuscate`. When the tool starts processing a new\nAndroid application file, it creates an\n[obfuscation object](https://github.com/ClaudiuGeorgiu/Obfuscapk/blob/master/src/obfuscapk/obfuscation.py)\nto store all the needed information (e.g., the location of the decompiled `smali` code)\nand the internal state of the operations (e.g., the list of already used obfuscators).\nThen the obfuscation object is passed, as a parameter to the `obfuscate` method, to all\nthe active plugins/obfuscators (in sequence) to be processed and modified. The list and\nthe order of the active plugins is specified through [command line options](#-usage).\n\nThe tool is easily extensible with new obfuscators: it's enough to add the source code\nimplementing the obfuscation technique and the plugin metadata (a\n`\u003cobfuscator-name\u003e.obfuscator` file) in the\n[`src/obfuscapk/obfuscators`](https://github.com/ClaudiuGeorgiu/Obfuscapk/tree/master/src/obfuscapk/obfuscators)\ndirectory (take a simple existing obfuscator like\n[`Nop`](https://github.com/ClaudiuGeorgiu/Obfuscapk/blob/master/src/obfuscapk/obfuscators/nop/nop.py)\nas a starting example). The tool will detect automatically the new plugin, so no\nfurther configuration is needed (the new plugin will be treated like all the other\nplugins bundled with the tool).\n\n\n\n## ❱ Installation\n\nThere are two ways of getting a working copy of Obfuscapk on your own computer: either\nby [using Docker](#docker-image) or by [using directly the source code](#from-source)\nin a `Python 3` environment. In both cases, the first thing to do is to get a local\ncopy of this repository, so open up a terminal in the directory where you want to save\nthe project and clone the repository:\n\n```Shell\n$ git clone https://github.com/ClaudiuGeorgiu/Obfuscapk.git\n```\n\n### Docker image\n\n----------------------------------------------------------------------------------------\n\n#### Prerequisites\n\nThis is the suggested way of installing Obfuscapk, since the only requirement is to\nhave a recent version of Docker installed:\n\n```Shell\n$ docker --version\nDocker version 20.10.21, build baeda1f\n```\n\n#### Official Docker Hub image\n\nThe [official Obfuscapk Docker image](https://hub.docker.com/r/claudiugeorgiu/obfuscapk)\nis available on Docker Hub (automatically built from this repository):\n\n```Shell\n$ # Download the Docker image.\n$ docker pull claudiugeorgiu/obfuscapk\n$ # Give it a shorter name.\n$ docker tag claudiugeorgiu/obfuscapk obfuscapk\n```\n\n#### Install\n\nIf you downloaded the official image from Docker Hub, you are ready to use the tool so\ngo ahead and check the [usage instructions](#-usage), otherwise execute the following\ncommand in the previously created `Obfuscapk/src/` directory (the folder containing the\n`Dockerfile`) to build the Docker image:\n\n```Shell\n$ # Make sure to run the command in Obfuscapk/src/ directory.\n$ # It will take some time to download and install all the dependencies.\n$ docker build -t obfuscapk .\n```\n\nWhen the Docker image is ready, make a quick test to check that everything was\ninstalled correctly:\n\n```Shell\n$ docker run --rm -it obfuscapk --help\nusage: python3 -m obfuscapk.cli [-h] -o OBFUSCATOR [-w DIR] [-d OUT_APK_OR_AAB]\n...\n```\n\nObfuscapk is now ready to be used, see the [usage instructions](#-usage) for more\ninformation.\n\n### From source\n\n----------------------------------------------------------------------------------------\n\n#### Prerequisites\n\nMake sure to have a recent version of\n[`apktool`](https://ibotpeaches.github.io/Apktool/),\n[`apksigner`](https://developer.android.com/studio/command-line/apksigner)\nand [`zipalign`](https://developer.android.com/studio/command-line/zipalign) installed\nand available from the command line:\n\n```Shell\n$ apktool\nApktool v2.9.0 - a tool for reengineering Android apk files\n...\n```\n```Shell\n$ apksigner\nUsage:  apksigner \u003ccommand\u003e [options]\n        apksigner --version\n        apksigner --help\n...\n```\n```Shell\n$ zipalign\nZip alignment utility\nCopyright (C) 2009 The Android Open Source Project\n...\n```\n\nTo support app bundles obfuscation you also need\n[BundleDecompiler](https://github.com/TamilanPeriyasamy/BundleDecompiler), so download\nthe latest available version from\n[here](https://github.com/TamilanPeriyasamy/BundleDecompiler/tree/master/build/libs),\nsave it as `BundleDecompiler.jar` in a directory included in `PATH` (e.g., in Ubuntu,\n`/usr/local/bin` or `/usr/bin`) and make sure it has the executable flag set.\n\nTo use BundleDecompiler and `apktool` you also need a recent version of Java. \n`zipalign` and `apksigner` are included in the Android SDK. The location of the\nexecutables can also be specified through the following environment variables:\n`APKTOOL_PATH`, `BUNDLE_DECOMPILER_PATH`, `APKSIGNER_PATH` and `ZIPALIGN_PATH` (e.g.,\nin Ubuntu, run `export APKTOOL_PATH=/custom/location/apktool` before running Obfuscapk\nin the same terminal).\n\nApart from the above tools, the only requirement of this project is a working\n`Python 3` (at least `3.7`) installation (along with its package manager `pip`).\n\n#### Install\n\nRun the following commands in the main directory of the project (`Obfuscapk/`) to\ninstall the needed dependencies:\n\n```Shell\n$ # Make sure to run the commands in Obfuscapk/ directory.\n\n$ # The usage of a virtual environment is highly recommended.\n$ python3 -m venv venv\n$ source venv/bin/activate\n\n$ # Install Obfuscapk's requirements.\n$ python3 -m pip install -r src/requirements.txt\n```\n\nAfter the requirements are installed, make a quick test to check that everything works\ncorrectly:\n\n```Shell\n$ cd src/\n$ # The following command has to be executed always from Obfuscapk/src/ directory\n$ # or by adding Obfuscapk/src/ directory to PYTHONPATH environment variable.\n$ python3 -m obfuscapk.cli --help\nusage: python3 -m obfuscapk.cli [-h] -o OBFUSCATOR [-w DIR] [-d OUT_APK_OR_AAB]\n...\n```\n\nObfuscapk is now ready to be used, see the [usage instructions](#-usage) for more\ninformation.\n\n\n\n## ❱ Usage\n\nFrom now on, Obfuscapk will be considered as an executable available as `obfuscapk`,\nso you need to adapt the commands according to how you installed the tool:\n\n* **Docker image**: a local directory containing the application to obfuscate has to be\nmounted to `/workdir` in the container (e.g., the current directory `\"${PWD}\"`), so the\ncommand:\n    ```Shell\n    $ obfuscapk [params...]\n    ```\n    becomes:\n    ```Shell\n    $ docker run --rm -it -u $(id -u):$(id -g) -v \"${PWD}\":\"/workdir\" obfuscapk [params...]\n    ```\n\n* **From source**: every instruction has to be executed from the `Obfuscapk/src/`\ndirectory (or by adding `Obfuscapk/src/` directory to `PYTHONPATH` environment\nvariable) and the command:\n    ```Shell\n    $ obfuscapk [params...]\n    ```\n    becomes:\n    ```Shell\n    $ python3 -m obfuscapk.cli [params...]\n    ```\n\nLet's start by looking at the help message:\n\n```Shell\n$ obfuscapk --help\nobfuscapk [-h] -o OBFUSCATOR [-w DIR] [-d OUT_APK_OR_AAB] [-i] [-p] [-k VT_API_KEY]\n          [--keystore-file KEYSTORE_FILE] [--keystore-password KEYSTORE_PASSWORD]\n          [--key-alias KEY_ALIAS] [--key-password KEY_PASSWORD] [--use-aapt2]\n          \u003cAPK_OR_BUNDLE_FILE\u003e\n```\n\nThere are two mandatory parameters: `\u003cAPK_OR_BUNDLE_FILE\u003e`, the path (relative or\nabsolute) to the apk or app bundle file to obfuscate and the list with the names of the\nobfuscation techniques to apply (specified with a `-o` option that can be used multiple\ntimes, e.g., `-o Rebuild -o NewAlignment -o NewSignature`). The other optional arguments\nare as follows:\n\n* `-w DIR` is used to set the working directory where to save the intermediate files\n(generated by `apktool`). If not specified, a directory named `obfuscation_working_dir`\nis created in the same directory as the input application. This can be useful for\ndebugging purposes, but if it's not needed it can be set to a temporary directory\n(e.g., `-w /tmp/`).\n\n* `-d OUT_APK_OR_AAB` is used to set the path of the destination file: the apk file\ngenerated by the obfuscation process (e.g., `-d /home/user/Desktop/obfuscated.apk` or\n`-d /home/user/Desktop/obfuscated.aab`). If not specified, the final obfuscated file\nwill be saved inside the working directory. Note: existing files will be overwritten\nwithout any warning.\n\n* `-i` is a flag for ignoring known third party libraries during the obfuscation\nprocess, to use fewer resources, to increase performances and to reduce the risk of\nerrors. The\n[list of libraries](https://github.com/ClaudiuGeorgiu/Obfuscapk/blob/master/src/obfuscapk/resources/libs_to_ignore.txt)\nto ignore is adapted from [LiteRadar](https://github.com/pkumza/LiteRadar) project.\n\n* `-p` is a flag for showing progress bars during the obfuscation operations. When\nusing the tool in batch operations/automatic builds it's convenient to have progress\nbars disabled, otherwise this flag should be enabled to see the obfuscation progress.\n\n* `-k VT_API_KEY` is needed only when using `VirusTotal` obfuscator, to set the API\nkey to be used when communicating with Virus Total.\n\n* `--keystore-file KEYSTORE_FILE`, `--keystore-password KEYSTORE_PASSWORD`,\n`--key-alias KEY_ALIAS` and `--key-password KEY_PASSWORD` can be used to specify a\ncustom keystore (needed for the apk signing). If `--keystore-file` is used,\n`--keystore-password` and `--key-alias` must be specified too, while `--key-password`\nis needed only if the chosen key has a different password from the keystore password.\nBy default (when `--keystore-file` is not specified), a\n[keystore bundled with Obfuscapk](https://github.com/ClaudiuGeorgiu/Obfuscapk/blob/master/src/obfuscapk/resources/obfuscation_keystore.jks)\nis used for the signing operations.\n\n* `--ignore-packages-file IGNORE_PACKAGES_FILE` is a path to a file which includes\npackage names to be ignored. All the classes inside those packages will not be\nobfuscated when this option is used. The file should have one package name per line as\nshown in the example below:\n    ```\n    com.mycompany.dontobfuscate\n    com.mycompany.ignore\n    ...\n    ```\n* `--use-aapt2` is a flag for using aapt2 option when rebuilding an app with `apktool`.\n\nLet's consider now a simple working example to see how Obfuscapk works:\n\n```Shell\n$ # original.apk is a valid Android apk file.\n$ obfuscapk -o RandomManifest -o Rebuild -o NewAlignment -o NewSignature original.apk\n```\n\nWhen running the above command, this is what happens behind the scenes:\n\n* since no working directory was specified, a new working directory\n(`obfuscation_working_dir`) is created in the same location as `original.apk` (this can\nbe useful to inspect the `smali` files/manifest/resources in case of errors)\n\n* some checks are performed to make sure that all the needed files/executables are\navailable and ready to be used\n\n* the actual obfuscation process begins: the specified obfuscators are executed\n(in order) one by one until there's no obfuscator left or until an error is encountered\n\n    - when running the first obfuscator, `original.apk` is decompiled with `apktool`\n    and the results are stored into the working directory\n\n    - since the first obfuscator is `RandomManifest`, the entries in the decompiled\n    Android manifest are reordered randomly (without breaking the `xml` structures)\n\n    - `Rebuild` obfuscator simply rebuilds the application (now with the modified\n    manifest) using `apktool`, and since no output file was specified, the resulting\n    apk file is saved in the working directory created before\n\n    - `NewAlignment` obfuscator uses `zipalign` tool to align the resulting apk file\n      \n    - `NewSignature` obfuscator signs the newly created apk file with a custom \n      certificate contained in a\n      [keystore bundled with Obfuscapk](https://github.com/ClaudiuGeorgiu/Obfuscapk/blob/master/src/obfuscapk/resources/obfuscation_keystore.jks)\n      (though a different keystore can be specified with the `--keystore-file` parameter)\n\n* when all the obfuscators have been executed without errors, the resulting obfuscated\napk file can be found in `obfuscation_working_dir/original_obfuscated.apk`, signed,\naligned and ready to be installed into a device/emulator\n\nAs seen in the previous example, `Rebuild`, `NewAlignment` and `NewSignature` \nobfuscators are always needed to complete an obfuscation operation, to build the final\nobfuscated apk. They are not actual obfuscation techniques, but they are needed in the\nbuild process, so they are included in the list of obfuscators to keep the overall\narchitecture modular.\n\nNot working as expected? See\n[FAQ](https://github.com/ClaudiuGeorgiu/Obfuscapk/blob/master/docs/FAQ.md) and\n[troubleshooting](https://github.com/ClaudiuGeorgiu/Obfuscapk/blob/master/docs/TROUBLESHOOTING.md).\n\n\n\n## ❱ Obfuscators\n\nThe obfuscators included in Obfuscapk can be divided into different categories,\ndepending on the operations they perform:\n\n* **Trivial**: as the name suggests, this category includes simple operations (that\ndo not modify much the original application), like signing the apk file with a new\nsignature.\n\n* **Rename**: operations that change the names of the used identifiers (classes, fields,\nmethods).\n\n* **Encryption**: packaging encrypted code/resources and decrypting them during the app\nexecution. When Obfuscapk starts, it automatically generates a random secret key (32\ncharacters long, using ASCII letters and digits) that will be used for encryption.\n\n* **Code**: all the operations that involve the modification of the decompiled source\ncode.\n\n* **Resources**: operations on the resource files (like modifying the manifest).\n\n* **Other**\n\nThe obfuscators currently bundled with Obfuscapk are briefly presented below (in\nalphabetical order). Please refer to the source code of the project for more details.\n\n\u003e [!TIP]\n\u003e Not all the obfuscators below correspond to real obfuscation techniques (e.g.,\n\u003e `Rebuild`, `NewAlignment`, `NewSignature` and `VirusTotal`), but they are implemented\n\u003e as obfuscators to keep the architecture modular and easy to extend with new\n\u003e functionality.\n\n\n\u003cdetails\u003e\u003csummary\u003e\u003cb\u003eAdvancedReflection\u003c/b\u003e [Code]\u003c/summary\u003e\n\n\u003e Uses reflection to invoke dangerous APIs of the Android Framework. To find out if a\n\u003e method belongs to the Android Framework, Obfuscapk refers to the mapping discovered by\n\u003e [Backes et al](https://www.usenix.org/system/files/conference/usenixsecurity16/sec16_paper_backes-android.pdf).  \n\u003e [:page_facing_up: AdvancedReflection source code](https://github.com/ClaudiuGeorgiu/Obfuscapk/tree/master/src/obfuscapk/obfuscators/advanced_reflection)\n\u003c/details\u003e\n\n\n\u003cdetails\u003e\u003csummary\u003e\u003cb\u003eArithmeticBranch\u003c/b\u003e [Code]\u003c/summary\u003e\n\n\u003e Insert junk code. In this case, the junk code is composed by arithmetic computations\n\u003e and a branch instruction depending on the result of these computations, crafted in\n\u003e such a way that the branch is never taken.  \n\u003e [:page_facing_up: ArithmeticBranch source code](https://github.com/ClaudiuGeorgiu/Obfuscapk/tree/master/src/obfuscapk/obfuscators/arithmetic_branch)\n\u003c/details\u003e\n\n\n\u003cdetails\u003e\u003csummary\u003e\u003cb\u003eAssetEncryption\u003c/b\u003e [Encryption]\u003c/summary\u003e\n\n\u003e Encrypt asset files.  \n\u003e [:page_facing_up: AssetEncryption source code](https://github.com/ClaudiuGeorgiu/Obfuscapk/tree/master/src/obfuscapk/obfuscators/asset_encryption)\n\u003c/details\u003e\n\n\n\u003cdetails\u003e\u003csummary\u003e\u003cb\u003eCallIndirection\u003c/b\u003e [Code]\u003c/summary\u003e\n\n\u003e This technique modifies the control-flow graph without impacting the code semantics:\n\u003e it adds new methods that invoke the original ones. For example, an invocation to the\n\u003e method *m1* will be substituted by a new wrapper method *m2*, that, when invoked, it\n\u003e calls the original method *m1*.  \n\u003e [:page_facing_up: CallIndirection source code](https://github.com/ClaudiuGeorgiu/Obfuscapk/tree/master/src/obfuscapk/obfuscators/call_indirection)\n\u003c/details\u003e\n\n\n\u003cdetails\u003e\u003csummary\u003e\u003cb\u003eClassRename\u003c/b\u003e [Rename]\u003c/summary\u003e\n\n\u003e Change the package name and rename classes (even in the manifest file).  \n\u003e [:page_facing_up: ClassRename source code](https://github.com/ClaudiuGeorgiu/Obfuscapk/tree/master/src/obfuscapk/obfuscators/class_rename)\n\u003c/details\u003e\n\n\n\u003cdetails\u003e\u003csummary\u003e\u003cb\u003eConstStringEncryption\u003c/b\u003e [Encryption]\u003c/summary\u003e\n\n\u003e Encrypt constant strings in code.  \n\u003e [:page_facing_up: ConstStringEncryption source code](https://github.com/ClaudiuGeorgiu/Obfuscapk/tree/master/src/obfuscapk/obfuscators/const_string_encryption)\n\u003c/details\u003e\n\n\n\u003cdetails\u003e\u003csummary\u003e\u003cb\u003eDebugRemoval\u003c/b\u003e [Code]\u003c/summary\u003e\n\n\u003e Remove debug information.  \n\u003e [:page_facing_up: DebugRemoval source code](https://github.com/ClaudiuGeorgiu/Obfuscapk/tree/master/src/obfuscapk/obfuscators/debug_removal)\n\u003c/details\u003e\n\n\n\u003cdetails\u003e\u003csummary\u003e\u003cb\u003eFieldRename\u003c/b\u003e [Rename]\u003c/summary\u003e\n\n\u003e Rename fields.  \n\u003e [:page_facing_up: FieldRename source code](https://github.com/ClaudiuGeorgiu/Obfuscapk/tree/master/src/obfuscapk/obfuscators/field_rename)\n\u003c/details\u003e\n\n\n\u003cdetails\u003e\u003csummary\u003e\u003cb\u003eGoto\u003c/b\u003e [Code]\u003c/summary\u003e\n\n\u003e Given a method, it inserts a `goto` instruction pointing to the end of the method and\n\u003e another `goto` pointing to the instruction after the first `goto`; it modifies the\n\u003e control-flow graph by adding two new nodes.  \n\u003e [:page_facing_up: Goto source code](https://github.com/ClaudiuGeorgiu/Obfuscapk/tree/master/src/obfuscapk/obfuscators/goto)\n\u003c/details\u003e\n\n\n\u003cdetails\u003e\u003csummary\u003e\u003cb\u003eLibEncryption\u003c/b\u003e [Encryption]\u003c/summary\u003e\n\n\u003e Encrypt native libs.  \n\u003e [:page_facing_up: LibEncryption source code](https://github.com/ClaudiuGeorgiu/Obfuscapk/tree/master/src/obfuscapk/obfuscators/lib_encryption)\n\u003c/details\u003e\n\n\n\u003cdetails\u003e\u003csummary\u003e\u003cb\u003eMethodOverload\u003c/b\u003e [Code]\u003c/summary\u003e\n\n\u003e It exploits the overloading feature of the Java programming language to assign the\n\u003e same name to different methods but using different arguments. Given an already\n\u003e existing method, this technique creates a new void method with the same name and\n\u003e arguments, but it also adds new random arguments. Then, the body of the new method\n\u003e is filled with random arithmetic instructions.  \n\u003e [:page_facing_up: MethodOverload source code](https://github.com/ClaudiuGeorgiu/Obfuscapk/tree/master/src/obfuscapk/obfuscators/method_overload)\n\u003c/details\u003e\n\n\n\u003cdetails\u003e\u003csummary\u003e\u003cb\u003eMethodRename\u003c/b\u003e [Rename]\u003c/summary\u003e\n\n\u003e Rename methods.  \n\u003e [:page_facing_up: MethodRename source code](https://github.com/ClaudiuGeorgiu/Obfuscapk/tree/master/src/obfuscapk/obfuscators/method_rename)\n\u003c/details\u003e\n\n\n\u003cdetails\u003e\u003csummary\u003e\u003cb\u003eNewAlignment\u003c/b\u003e [Trivial]\u003c/summary\u003e\n\n\u003e Realign the application.  \n\u003e [:page_facing_up: NewAlignment source code](https://github.com/ClaudiuGeorgiu/Obfuscapk/tree/master/src/obfuscapk/obfuscators/new_alignment)\n\u003c/details\u003e\n\n\n\u003cdetails\u003e\u003csummary\u003e\u003cb\u003eNewSignature\u003c/b\u003e [Trivial]\u003c/summary\u003e\n\n\u003e Re-sign the application with a new custom signature.  \n\u003e [:page_facing_up: NewSignature source code](https://github.com/ClaudiuGeorgiu/Obfuscapk/tree/master/src/obfuscapk/obfuscators/new_signature)\n\u003c/details\u003e\n\n\n\u003cdetails\u003e\u003csummary\u003e\u003cb\u003eNop\u003c/b\u003e [Code]\u003c/summary\u003e\n\n\u003e Insert junk code. Nop, short for *no-operation*, is a dedicated instruction that does\n\u003e nothing. This technique just inserts random `nop` instructions within every method\n\u003e implementation.  \n\u003e [:page_facing_up: Nop source code](https://github.com/ClaudiuGeorgiu/Obfuscapk/tree/master/src/obfuscapk/obfuscators/nop)\n\u003c/details\u003e\n\n\n\u003cdetails\u003e\u003csummary\u003e\u003cb\u003eRandomManifest\u003c/b\u003e [Resource]\u003c/summary\u003e\n\n\u003e Randomly reorder entries in the manifest file.  \n\u003e [:page_facing_up: RandomManifest source code](https://github.com/ClaudiuGeorgiu/Obfuscapk/tree/master/src/obfuscapk/obfuscators/random_manifest)\n\u003c/details\u003e\n\n\n\u003cdetails\u003e\u003csummary\u003e\u003cb\u003eRebuild\u003c/b\u003e [Trivial]\u003c/summary\u003e\n\n\u003e Rebuild the application.  \n\u003e [:page_facing_up: Rebuild source code](https://github.com/ClaudiuGeorgiu/Obfuscapk/tree/master/src/obfuscapk/obfuscators/rebuild)\n\u003c/details\u003e\n\n\n\u003cdetails\u003e\u003csummary\u003e\u003cb\u003eReflection\u003c/b\u003e [Code]\u003c/summary\u003e\n\n\u003e This technique analyzes the existing code looking for method invocations of the app,\n\u003e ignoring the calls to the Android framework (see `AdvancedReflection`). If it finds\n\u003e an instruction with a suitable method invocation (i.e., no constructor methods,\n\u003e public visibility, enough free registers etc.) such invocation is redirected to a\n\u003e custom method that will invoke the original method using the Reflection APIs.  \n\u003e [:page_facing_up: Reflection source code](https://github.com/ClaudiuGeorgiu/Obfuscapk/tree/master/src/obfuscapk/obfuscators/reflection)\n\u003c/details\u003e\n\n\n\u003cdetails\u003e\u003csummary\u003e\u003cb\u003eReorder\u003c/b\u003e [Code]\u003c/summary\u003e\n\n\u003e This technique consists of changing the order of basic blocks in the code. When a\n\u003e branch instruction is found, the condition is inverted (e.g., *branch if lower than*,\n\u003e becomes *branch if greater or equal than*) and the target basic blocks are reordered\n\u003e accordingly. Furthermore, it also randomly re-arranges the code abusing `goto`\n\u003e instructions.  \n\u003e [:page_facing_up: Reorder source code](https://github.com/ClaudiuGeorgiu/Obfuscapk/tree/master/src/obfuscapk/obfuscators/reorder)\n\u003c/details\u003e\n\n\n\u003cdetails\u003e\u003csummary\u003e\u003cb\u003eResStringEncryption\u003c/b\u003e [Encryption]\u003c/summary\u003e\n\n\u003e Encrypt strings in resources (only those called inside code).  \n\u003e [:page_facing_up: ResStringEncryption source code](https://github.com/ClaudiuGeorgiu/Obfuscapk/tree/master/src/obfuscapk/obfuscators/res_string_encryption)\n\u003c/details\u003e\n\n\n\u003cdetails\u003e\u003csummary\u003e\u003cb\u003eVirusTotal\u003c/b\u003e [Other]\u003c/summary\u003e\n\n\u003e Send the original and the obfuscated application to Virus Total. You must provide\n\u003e the VT API key (see `-k` option).  \n\u003e [:page_facing_up: VirusTotal source code](https://github.com/ClaudiuGeorgiu/Obfuscapk/tree/master/src/obfuscapk/obfuscators/virus_total)\n\u003c/details\u003e\n\n\n\n## ❱ License\n\nYou are free to use this code under the\n[MIT License](https://github.com/ClaudiuGeorgiu/Obfuscapk/blob/master/LICENSE).\n\n\n\n## ❱ Credits\n\n[![Unige](https://intranet.dibris.unige.it/img/logo_unige.gif)](https://unige.it/en/)\n[![Dibris](https://intranet.dibris.unige.it/img/logo_dibris.gif)](https://www.dibris.unige.it/en/)\n\nThis software was developed for research purposes at the Computer Security Lab\n([CSecLab](https://csec.it/)), hosted at DIBRIS, University of Genoa.\n\n\n\n## ❱ Team\n\n* [Simone Aonzo](https://simoneaonzo.it/) - Research Assistant\n* [Gabriel Claudiu Georgiu](https://github.com/ClaudiuGeorgiu) - Core Developer\n* [Luca Verderame](https://csec.it/people/luca_verderame/) - Postdoctoral Researcher\n* [Alessio Merlo](https://csec.it/people/alessio_merlo/) - Faculty Member\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FClaudiuGeorgiu%2FObfuscapk","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FClaudiuGeorgiu%2FObfuscapk","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FClaudiuGeorgiu%2FObfuscapk/lists"}