Obfuscate plugins using allatori – JEFF Media Developer Blog

Maven can easily run allatori to obfuscate your .jar files when packaging them. If you haven’t bought allatori, you can also use their demo version available on their website. It’s also helpful to read their documentation.

Simply create a new folder in your project’s base directory, called allatori, and move the allatori.jar and allatori-annotations.jar from the allatori lib/ directory inside that folder.

allatori.xml

Now, we have to create the configuration file that tells allatori on what to do. Create a new file called allatori.xml inside your allatori folder and copy/paste the following code. Obviously you have to change the .jar name at the top, and maybe also adjust the <keep-names> section a bit.

<config>
	<input>
		<!-- Replace with your .jar name -->
		<jar in="Drop2InventoryPlus.jar" out="Drop2InventoryPlus.jar"/>
	</input>

	<keep-names>
		<!-- Keep all class names, only obfuscate their contents -->
		<class template="class *" />

		<!-- Do not rename EventHandler methods -->
		<method template="@org.bukkit.event.EventHandler *(**)" />

		<!-- Do not rename our custom Event's getHandlerList method -->
		<class template="class extends org.bukkit.event.Event">
			<method template="public static getHandlerList(**)" />
		</class>

		<!-- Do not rename @Override methods like onEnable, etc -->
		<method template="@java.lang.Override *(**)" />

		<!-- If your plugin has an API, keep that method names too -->
		<class template="class de.jeff_media.drop2inventory.Drop2InventoryAPI">
			<method template="public *(**)" />
		</class>
	</keep-names>

	<property name="log-file" value="log.xml"/>
	<property name="packages-naming" value="keep"/>
	<property name="extensive-flow-obfuscation" value="maximum"/>
	<property name="generics" value="keep"/>
	<property name="line-numbers" value="keep"/>
	<property name="inner-classes" value="remove"/>
	<property name="remove-toString" value="enable"/>

	<!-- Not allowed as per SpigotMC rules -->
	<property name="synthetize-methods" value="disable"/>
	<property name="synthetize-fields" value="disable"/>


	<!-- Only allowed for paid plugins as per SpigotMC rules -->
	<!-- When you're uploading a free plugin, change "enable" to "disable" -->
	<property name="string-encryption" value="enable"/>
	<property name="string-encryption-type" value="fast"/>

	<!-- You can remove this when not using SpigotMC's premium resource placeholders -->
	<property name="string-encryption-ignored-strings" value="../allatori/spigotmc-patterns.txt"/>

</config>

Important: String Encryption is not allowed for free plugins on SpigotMC, so you have to disable it when obfuscating a free plugin.

spigotmc-patterns.txt (optional)

You’ll also need create another file called spigotmc-patterns.txt inside your allatori directory when you didn’t remove the string-encraption-ignored-strings option from your allatori.xml:

%%__USER__%%
%%__RESOURCE__%%
%%__NONCE__%%
*%%__USER__%%*
*%%__RESOURCE__%%*
*%%__NONCE__%%*

pom.xml

We’re done with the allatori configuration. Only thing left to do is to tell maven to run the obfuscation everytime we package the .jar file.

Add this inside your pom.xml’s <plugins> section:

<plugin>
	<groupId>org.apache.maven.plugins</groupId>
	<artifactId>maven-resources-plugin</artifactId>
	<version>2.6</version>
	<executions>
		<execution>
			<id>copy-and-filter-allatori-config</id>
			<phase>package</phase>
			<goals>
				<goal>copy-resources</goal>
			</goals>
			<configuration>
				<outputDirectory>${basedir}/target</outputDirectory>
				<resources>
					<resource>
						<directory>${basedir}/allatori</directory>
						<includes>
							<include>allatori.xml</include>
						</includes>
						<filtering>true</filtering>
					</resource>
				</resources>
			</configuration>
		</execution>
	</executions>
</plugin>

<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>exec-maven-plugin</artifactId>
<version>1.2.1</version>
<executions>
	<execution>
		<id>run-allatori</id>
		<phase>package</phase>
		<goals>
			<goal>exec</goal>
		</goals>
	</execution>
</executions>
<configuration>
	<executable>java</executable>
	<arguments>
		<argument>-Xms128m</argument>
		<argument>-Xmx512m</argument>
		<argument>-jar</argument>
		<argument>${basedir}/allatori/allatori.jar</argument>
		<argument>${basedir}/target/allatori.xml</argument>
	</arguments>
</configuration>
</plugin>

When you want to use allatori’s annotations (which you will want to do, I will explain why below), you also have to add the allatori-annotations.jar as dependency. Normally, you would want to install that file to your local repository, but I leave this to you to change this if the systemPath method is annoying you:

<dependency>
	<groupId>com.allatori</groupId>
	<artifactId>allatori-annotations</artifactId>
	<version>7.8</version>
	<scope>system</scope>
	<systemPath>${project.basedir}/allatori/allatori-annotations.jar</systemPath>
</dependency>

Additional information

You’re basically done! Just run mvn clean package (or whatever maven lifecycle you’re using to normally build your .jar) and it should be working.

HOWEVER you might run into problems when your plugin provides an API for other plugins to use, or if you didn’t properly use the @Override annotation for certain methods, like onEnable(). There’s one basic rule:

If something else depends on it, don’t rename it.

To do so, you can use allatori’s @DoNotRename annotation. For example, let’s say we have a method called apiMethod() somewhere in our code, that can be used by other plugins as well. Allatori would rename this method which means other plugins cannot access it anymore. To avoid that, we simply add the annotation:

@DoNotRename
public void apiMethod() {
	...
}

There are other useful annotations provided by allatori that you can use, for example to disable String Encryption for certain classes. Just take a look at allatori’s documentation – the annotations are explained at the very bottom.

That’s it!

Thanks for reading.

Join my Discord Server for feedback or support. Just check out the channel #programming-help 🙂

6 thoughts on “Obfuscate plugins using allatori”

thedev says:

August 8, 2021 at 5:00 pm

Thanks, this is awesome!

Any downsides in using the demo version of allatori?

1. mfnalex says:
  
  March 19, 2022 at 4:14 pm
  
  Weaker obfuscation and you’re not allowed to use it commercially
  
MaowImpl says:

March 11, 2022 at 1:59 pm

Don’t certain parts of Allatori go against the premium plugin guidelines?

1. mfnalex says:
  
  March 19, 2022 at 4:09 pm
  
  That’s correct, but I’ve taken that into account of course. The mentioned settings are totally allowed on SpigotMC, and I’m using them myself like this all the time 🙂
  
orbyfied says:

May 18, 2022 at 12:30 pm

sussius bakus

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.