I'm looking for a good Java obfuscator.

I've done initial research into the following Java obfuscators: proguard, yguard, retroguard, dasho, allatori, jshrink, smokescreen, jobfuscate, marvin, jbco, jode, javaguard, jarg, joga, cafebabe, donquixote, mwobfu, bbmug, zelix klassmaster, sandmark, jcloak, thicket, blufuscator, and java code protector.

I tried proguard and it has a really nice GUI, seems really stable, and seems to be the most popular, but it seemed to not like some enumeration on a referenced jar file (not within the code I was trying to obfuscate) which was weird. Yguard seems to require some interaction with ant, which I didn't know too much about.

What is a good java obfuscator? It doesn't need to be free, it just needs to work well and be easy to use.

I use ProGuard heavily for all my release builds and I have found it is excellent. I can't recommend it enough!

I have encountered obscure bugs caused by it's optimizations on several occasions and I now disable optimizations across the board - haven't had a problem caused by ProGuard since. Though, to be fair, these were all quite some versions ago - YMMV.

I used to use the GUI only to get a config started, and then I resort to editing the text config myself, which is really very simple to do. These days I do the config by hand.

I have quite complex projects all of which involve dynamic loading and reflection. I also heavily use reflection for a callback implementation. ProGuard has coped with these very well.

EDIT: We also use DashO Pro for one of our products - I looked into it for packaging the products I am responsible for and concluded that it's configuration was too convoluted and complex; also integrating it into the build script seemed like a bit of a pain. But again, to be fair, this was circa 2001... so it might be better in current versions.

A good collection of links to free and commercial tools is given in this arcticle

"Protect Your Java Code - Through Obfuscators And Beyond"

The author also discusses the strong and weak points of bytecode obfuscation

What is the issue with ProGuard ? (which is recommended both by this question and this one).

There is a section of troubleshooting about enumerator, but they seem to be taken into account just fine.

However, Obfuscation breaks some attempts at reflection, even though modern obfuscators can detect and to some extend adjust usages of reflection in the code they're obfuscating.

I used Zelix Klassmaster in a commercial application for several years and found it to be excellent. I threw quite a few resources at the obfuscated code, and was not able to "break" it. It's pricey, but good.

I only stopped using it when my version got old enough that the upgrade cost was significant. My needs had changed and I didn't really need to obfuscate the classes anymore. However, if the need arises again, I'd pay for it and use it in a flash.

Cheers,

-Richard

We are using Zelix Klassmaster for couple years and I can recommend it.

I use and suggest Zelix - 100% - very solid and robust protection