- Joined
- Jan 8, 2019
- Messages
- 56,623
- Solutions
- 2
- Reputation
- 32
- Reaction score
- 100,456
- Points
- 2,313
- Credits
- 32,750
6 Years of Service
76%
ObfSRC is an experimental way to obfuscate Java source code through unicode escaping.
How Does This Work?
The Java-Compiler will automatically attempt to decode the escaped unicode, as a result the String turns into raw source code, rather than being defined in the scope of a String. Comments turn into raw source code, nothing is contained within the defined scope, I'm assuming the unicode decoding process happens very early in the parsing of the Java source file.
ObfSRC v1.0.0
This is the first release, there is no CLI or GUI, just the source file to generate the payload.
Disclaimer
This is just an experiment to showcase a neat feature in the Java compiler.
This doesn't obfuscate any of the bytecode, the compiled class will show clearly what you are trying to hide.
Oddly enough Intellij/Eclipse treat these entirely as Strings/Comments/Whatever you're hiding it as, however, I'm sure there is some option to change that.
JShell and other interpreters won't be vulnerable to this, it seems to be a compiler specific issue.