Obfuscate plugins using allatori

Maven can easily run allatori to obfuscate your .jar files when packaging them. If you haven’t bought allatori, you can also use their demo version available on their website. It’s also helpful to read their documentation.

Simply create a new folder in your project’s base directory, called allatori, and move the allatori.jar and allatori-annotations.jar from the allatori lib/ directory inside that folder.

allatori.xml

Now, we have to create the configuration file that tells allatori on what to do. Create a new file called allatori.xml inside your allatori folder and copy/paste the following code. Obviously you have to change the .jar name at the top, and maybe also adjust the <keep-names> section a bit.

<config>
	<input>
		<!-- Replace with your .jar name -->
		<jar in="Drop2InventoryPlus.jar" out="Drop2InventoryPlus.jar"/>
	</input>

	<keep-names>
		<!-- Keep all class names, only obfuscate their contents -->
		<class template="class *" />

		<!-- Do not rename EventHandler methods -->
		<method template="@org.bukkit.event.EventHandler *(**)" />

		<!-- Do not rename our custom Event's getHandlerList method -->
		<class template="class extends org.bukkit.event.Event">
			<method template="public static getHandlerList(**)" />
		</class>

		<!-- Do not rename @Override methods like onEnable, etc -->
		<method template="@java.lang.Override *(**)" />

		<!-- If your plugin has an API, keep that method names too -->
		<class template="class de.jeff_media.drop2inventory.Drop2InventoryAPI">
			<method template="public *(**)" />
		</class>
	</keep-names>

	<property name="log-file" value="log.xml"/>
	<property name="packages-naming" value="keep"/>
	<property name="extensive-flow-obfuscation" value="maximum"/>
	<property name="generics" value="keep"/>
	<property name="line-numbers" value="keep"/>
	<property name="inner-classes" value="remove"/>
	<property name="remove-toString" value="enable"/>

	<!-- Not allowed as per SpigotMC rules -->
	<property name="synthetize-methods" value="disable"/>
	<property name="synthetize-fields" value="disable"/>


	<!-- Only allowed for paid plugins as per SpigotMC rules -->
	<!-- When you're uploading a free plugin, change "enable" to "disable" -->
	<property name="string-encryption" value="enable"/>
	<property name="string-encryption-type" value="fast"/>

	<!-- You can remove this when not using SpigotMC's premium resource placeholders -->
	<property name="string-encryption-ignored-strings" value="../allatori/spigotmc-patterns.txt"/>

</config>

Important: String Encryption is not allowed for free plugins on SpigotMC, so you have to disable it when obfuscating a free plugin.

spigotmc-patterns.txt (optional)

You’ll also need create another file called spigotmc-patterns.txt inside your allatori directory when you didn’t remove the string-encraption-ignored-strings option from your allatori.xml:

%%__USER__%%
%%__RESOURCE__%%
%%__NONCE__%%
*%%__USER__%%*
*%%__RESOURCE__%%*
*%%__NONCE__%%*

pom.xml

We’re done with the allatori configuration. Only thing left to do is to tell maven to run the obfuscation everytime we package the .jar file.

Add this inside your pom.xml’s <plugins> section:

<plugin>
	<groupId>org.apache.maven.plugins</groupId>
	<artifactId>maven-resources-plugin</artifactId>
	<version>2.6</version>
	<executions>
		<execution>
			<id>copy-and-filter-allatori-config</id>
			<phase>package</phase>
			<goals>
				<goal>copy-resources</goal>
			</goals>
			<configuration>
				<outputDirectory>${basedir}/target</outputDirectory>
				<resources>
					<resource>
						<directory>${basedir}/allatori</directory>
						<includes>
							<include>allatori.xml</include>
						</includes>
						<filtering>true</filtering>
					</resource>
				</resources>
			</configuration>
		</execution>
	</executions>
</plugin>

<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>exec-maven-plugin</artifactId>
<version>1.2.1</version>
<executions>
	<execution>
		<id>run-allatori</id>
		<phase>package</phase>
		<goals>
			<goal>exec</goal>
		</goals>
	</execution>
</executions>
<configuration>
	<executable>java</executable>
	<arguments>
		<argument>-Xms128m</argument>
		<argument>-Xmx512m</argument>
		<argument>-jar</argument>
		<argument>${basedir}/allatori/allatori.jar</argument>
		<argument>${basedir}/target/allatori.xml</argument>
	</arguments>
</configuration>
</plugin>

When you want to use allatori’s annotations (which you will want to do, I will explain why below), you also have to add the allatori-annotations.jar as dependency. Normally, you would want to install that file to your local repository, but I leave this to you to change this if the systemPath method is annoying you:

<dependency>
	<groupId>com.allatori</groupId>
	<artifactId>allatori-annotations</artifactId>
	<version>7.8</version>
	<scope>system</scope>
	<systemPath>${project.basedir}/allatori/allatori-annotations.jar</systemPath>
</dependency>

Additional information

You’re basically done! Just run mvn clean package (or whatever maven lifecycle you’re using to normally build your .jar) and it should be working.

HOWEVER you might run into problems when your plugin provides an API for other plugins to use, or if you didn’t properly use the @Override annotation for certain methods, like onEnable(). There’s one basic rule:

If something else depends on it, don’t rename it.

To do so, you can use allatori’s @DoNotRename annotation. For example, let’s say we have a method called apiMethod() somewhere in our code, that can be used by other plugins as well. Allatori would rename this method which means other plugins cannot access it anymore. To avoid that, we simply add the annotation:

@DoNotRename
public void apiMethod() {
	...
}

There are other useful annotations provided by allatori that you can use, for example to disable String Encryption for certain classes. Just take a look at allatori’s documentation – the annotations are explained at the very bottom.

That’s it!

Thanks for reading.