This article explains how a PHP webshell can evade antivirus and sandbox detection by embedding a branch‑based puzzle (InazumaPuzzle) that manipulates block states, combines it with a PerlinNoise class to construct a hidden system() call, and demonstrates the step‑by‑step execution using the input sequence ABBCCD.
This article explains the challenges of Android app crashes and presents a comprehensive, cloud‑native solution that captures both Java/Kotlin and native crashes, details the underlying mechanisms such as UncaughtExceptionHandler, signal handling, minidump generation, stack unwinding, and offers practical guidance for integrating reliable crash reporting into mobile applications.
This technical guide explains the underlying mechanisms of Android crash collection for both Java/Kotlin and native code, outlines a four‑step capture process, compares popular solutions, and provides concrete implementation details—including signal handling, minidump generation, and stack deobfuscation—to help developers reliably record and diagnose app failures.
This article explains why Java bytecode is vulnerable to decompilation and presents a comprehensive set of protection methods—including isolation, class encryption, native code conversion, and various obfuscation techniques—illustrated with diagrams and a real‑world case study.
This article explains why Java bytecode is easy to decompile and presents several practical protection methods—including isolation, class encryption, native code conversion, and various obfuscation techniques—while discussing their strengths, weaknesses, and real‑world application examples.
This article explains why and when Python creates .pyc files, shows how to compile them manually with py_compile, demonstrates importing compiled bytecode via importlib, dissects the .pyc file header and payload, and explores the CPython marshal implementation and simple bytecode obfuscation techniques.
This article explains how to protect Java backend code deployed on user servers by applying ProGuard, Xjar, and ClassFinal for JAR obfuscation and encryption, detailing Maven configurations, startup commands, decompilation results, and best‑practice integration of both tools in a Spring Boot project.
This article explains how Baseline Profiles improve Android app start‑up performance, analyzes three major obstacles—unsupported app stores, dex‑crc mismatches caused by code‑obfuscation, and hot‑fix dex incompatibility—and provides concrete solutions including active optimization, dex‑name correction tasks, and profile injection during patch synthesis.
This article explains why protecting client‑side JavaScript is essential, describes interface signing, outlines common compression, obfuscation and encryption methods—including variable, string, property and control‑flow tricks—introduces Emscripten/WebAssembly protection, reviews practical tools, and details debugging, anti‑debugging and counter‑measures for front‑end security.
This article explains how to protect Java server-side code from decompilation by applying ProGuard shrinking/obfuscation and Xjar/ClassFinal encryption, provides detailed Maven plugin configurations, sample pom.xml snippets, command‑line launch options, and demonstrates the resulting protected JARs with screenshots.
This article explains how to protect Java applications from decompilation by configuring a ProGuard file and adding the ProGuard Maven plugin, then building the project to generate an obfuscated JAR, complete with step‑by‑step instructions and sample configuration code.
The article explains how a missing keep rule caused R8’s pre‑AGP 8 reflection optimizer to skip a class because its interface wasn’t in the allowed set, leading to the class name being obfuscated and mismatched in static‑block initialization via Class.forName, and describes the optimizer’s behavior and fixes.
This guide explains how to protect Spring Boot production packages from decompilation by using the ClassFinal Maven plugin for code encryption, configuring machine‑bound startup, and comparing it with ProGuard obfuscation, including detailed plugin setup, launch commands, and observed decompilation results.
The article explains how frontend interface encryption, JavaScript compression, obfuscation, and WebAssembly‑based encryption—combined with signature verification and anti‑debugging tricks such as DevTools detection and infinite debugger loops—can raise the cost of reverse‑engineering client‑side logic, though determined attackers may still eventually break the protection.
This article examines common Java jar obfuscation tools, identifies their limitations for protecting both proprietary code and third‑party dependencies, and proposes a lightweight Maven‑based encryption combined with a runtime agent that decrypts classes on demand while keeping performance impact under five percent.
This article explains Java compilation and decompilation basics, introduces the JD‑GUI decompiler, and provides a step‑by‑step guide to protect Java applications by configuring ProGuard and integrating it into a Maven build, including sample configuration files and common pitfalls.
This article explains why front‑end developers may want to block debugging, demonstrates how infinite `debugger` statements can be used to hinder inspection, and provides multiple counter‑measures—including disabling breakpoints, using `Function('debugger')`, code obfuscation, and an advanced anti‑debug script that detects window size anomalies.
This article describes the security upgrade of the 58 Daojia work‑side Android application, covering code and resource obfuscation, signature protection, emulator and root detection, anti‑hook measures, and advanced Dex‑shell and DEX‑VMP techniques, with practical Gradle and Kotlin examples.
Learn how to protect your Java code from reverse engineering by compiling, decompiling, and applying ProGuard obfuscation, including creating a proguard.cfg file and configuring the Maven ProGuard plugin, with detailed examples and screenshots illustrating each step of the process.
This guide explains Java compilation basics, the need for code obfuscation, provides a complete ProGuard configuration file, shows how to integrate the ProGuard Maven plugin into a pom.xml, and demonstrates building an obfuscated JAR with Maven.
This article explains the concepts of Java compilation and decompilation, introduces code obfuscation with ProGuard, and provides step‑by‑step Maven configuration to protect Java applications from reverse engineering, including sample configuration files and build commands.
This article explains various one‑line PHP webshell payloads, compares eval and assert functions, and demonstrates multiple obfuscation methods such as XOR, base64, rot13, concatenation, custom function wrappers, variable variables, class‑based tricks, and version‑specific payloads to bypass WAFs and antivirus detection.
This article explores various PHP one‑line webshell payloads, compares eval and assert functions, and presents multiple evasion techniques such as XOR, base64, rot13, string concatenation, variable obfuscation, and version‑specific tricks to bypass WAFs and antivirus detection.
This article explains how JavaScript’s type coercion rules allow the construction of any code using only six characters—[]()!+—by demonstrating conversions for booleans, numbers, letters, special symbols, and finally assembling arbitrary executable code via the Function constructor, with examples and a link to the online converter.
This article details JD's Android app migration to the R8 compiler, explains differences between ProGuard and R8, analyzes the impact of the -useuniqueclassmembernames rule, addresses v1 signing loss after AGP 3.6.4 upgrade, and provides practical solutions for build‑process ordering and packaging pitfalls.
This article explains why Java bytecode is easy to decompile and introduces several practical techniques—including isolation, class encryption, native code conversion, and various forms of code obfuscation—to increase the difficulty of reverse‑engineering Java applications.
The article outlines several common techniques for protecting Java programs from decompilation, including isolation, class file encryption, native code conversion, and various forms of code obfuscation such as symbol, data, control, and preventive obfuscation, and presents a case study of a protected SCJP exam application.
This article explains why Java bytecode is easy to decompile and presents four major protection methods—isolating the program, encrypting class files, converting to native code, and applying code obfuscation—detailing their implementations, advantages, and limitations.
The article dissects Apple’s FairPlay DRM, detailing its kernel‑driver and daemon decryption workflow, the LC_ENCRYPTION_INFO metadata, per‑user licensing files, LLVM‑level obfuscation techniques such as opaque predicates and control‑flow flattening, and the identified weaknesses that enable reverse‑engineering and key extraction.
This article explains how to protect Electron desktop applications from unpacking, tampering, and repackaging by comparing common obfuscation methods, introducing V8 bytecode compilation, embedding it in a Rust‑based Node Addon using N‑API, and detailing the build process, performance impact, and limitations.
This article explains how many Chinese web sites use hidden CSS ::before content to hide characters, shows how to locate the relevant network request, decode the span class mappings from obfuscated JavaScript, and restore the original text for successful web scraping.
This tutorial explains how to recognize and eliminate dead code and flower‑instruction obfuscation techniques in JavaScript, walks through using Obfuscator.io to generate heavily mixed code, and demonstrates step‑by‑step static analysis to strip away useless statements, ultimately restoring the original concise logic.
This article explains various methods to protect Python source code—including distributing compiled .pyc files, applying code obfuscation, packaging with py2exe, and compiling with Cython—detailing their concepts, implementation steps, advantages, and limitations.
This tongue‑in‑cheek article enumerates a series of deliberately harmful programming anti‑patterns—from confusing variable names and deceptive documentation to absurd design choices and nonexistent testing—showing how to make code virtually impossible to understand or maintain.
This article explains the reasons for using LLVM to obfuscate Android applications, describes various LLVM-based obfuscation techniques such as instruction substitution, control‑flow flattening, bogus control flow, and custom passes, and illustrates their effects with diagrams.
