Free obfuscations software for linux

Convulsion is a drop-in CVS repository browser for PHP. It makes use of the libraries developed for the Chora module of the Horde project, but does not require that Horde be installed and working to be used.

You can browse directories and files, view a files revision history, compare two versions, and retrieve its ChangeLog. Convulsion also supports automatic obfuscation of e-mail addresses and syntax highlighting of most common languages.

Convulsions output is standards-compliant, accessible, and customisable by means of CSS.

Using Convulsion with Apache 2.x

Please note that in order to use Convulsion with the 2.x series of the Apache web server, you will need to set the value of the "AcceptPathInfo" directive to a value other than "Off". This can be done in the main Apache config, in the < VirtualHost > section for your site or using a .htaccess file.

ProGuard is a free Java class file shrinker, optimizer, and obfuscator. ProGuard project can detect and remove unused classes, fields, methods, and attributes. It can then optimize bytecode and remove unused instructions.
Finally, it can rename the remaining classes, fields, and methods using short meaningless names. The resulting jars are smaller and harder to reverse-engineer.
More compact jar files also means smaller storage requirements, faster transfer of applications across networks, faster loading, and smaller memory footprints.
ProGuards main advantage compared to other Java obfuscators is probably its compact template-based configuration. A few intuitive command line options or a simple configuration file are usually sufficient. For instance, the following configuration option preserves all applets in a jar:
-keep public class * extends java.applet.Applet
The user manual explains all available options and shows more examples of this powerful configuration style.
ProGuard is fast. It only takes seconds to process programs and libraries of several megabytes. The results section presents actual figures for a number of applications.
ProGuard is a command-line tool with an optional graphical user interface. It also comes with plugins for Ant and for the J2ME Wireless Toolkit.
ProGuard is a Java class file shrinker, optimizer, and obfuscator. The shrinking step detects and removes unused classes, fields, methods, and attributes. The optimization step analyzes and optimizes the bytecode of the methods. The obfuscation step renames the remaining classes, fields, and methods using short meaningless names. The resulting jars are smaller and harder to reverse-engineer.
ProGuard can also be used to list unused fields and methods in an application, and to print out the internal structure of class files.
ProGuard typically reads the input jars (or wars, ears, zips, or directories). It then shrinks, optimizes, and obfuscates them. It then writes the results to one or more output jars (or wars, ears, zips, or directories). The input jars can optionally contain resource files. ProGuard copies all non-class resource files from the input jars to the output jars. Their names and contents remain unchanged.
ProGuard requires the library jars (or wars, ears, zips, or directories) of the input jars to be specified. It can then reconstruct class hierarchies and other class dependencies, which are necessary for proper shrinking, optimization, and obfuscation. The library jars themselves always remain unchanged. You should still put them in the class path of your final application.
In order to determine which code has to be preserved and which code can be discarded or obfuscated, you have to specify one or more entry points to your code. These entry points are typically classes with main methods, applets, midlets, etc.
- In the shrinking step, ProGuard starts from these seeds and recursively determines which classes and class members are used. All other classes and class members are discarded.
- In the optimization step, ProGuard further optimizes the code. Among other optimizations, classes and methods that are not entry points can be made final, and some methods may be inlined.
- In the obfuscation step, ProGuard renames classes and class members that are not entry points. In this entire process, keeping the entry points ensures that they can still be accessed by their original names.
Any classes or class members of your code that are created or invoked dynamically (that is, by name) have to be specified as entry points too. It is generally impossible to determine these cases automatically, but ProGuard will offer some suggestions if keeping some classes or class members appears necessary. For proper results, you should at least be somewhat familiar with the code that you are processing.
ProGuard does handle Class.forName("SomeClass") and SomeClass.class constructs automatically. The referenced classes are preserved in the shrinking phase, and the string arguments are properly replaced in the obfuscation phase. With variable string arguments, it is generally impossible to determine their possible values (they might be read from a configuration file, for instance).
However, as mentioned, ProGuard will note constructs like "(SomeClass)Class.forName(variable).newInstance()". These might be an indication that the class or interface SomeClass and/or its implementations may need to be preserved. You can then adapt your configuration accordingly.
Whats New in 3.9 Stable Release:
- This release fixes a number of bugs.
- Notably, ".class" constructs compiled in Java 6 are now handled correctly.
- The optimization step now avoids a possible division by 0 and correctly processes local variables with indices larger than 255.
- The documentation and examples have been updated.
Whats New in 4.0 Beta Development Release:
- Added preverifier for Java 6 and Java Micro Edition, with new option -dontpreverify.
- Added new option -target to modify java version of processed class files.
- Made -keep options more orthogonal and flexible, with option modifiers allowshrinking, allowoptimization, and allowobfuscation.
- Added support for configuration by means of annotations.
- Improved shrinking of unused annotations.
- Added check on modification times of input and output, to avoid unnecessary processing, with new option -forceprocessing.
- Added new options -flattenpackagehierarchy and -repackageclasses (replacing -defaultpackage) to control obfuscation of packages names.
- Added new options -adaptresourcefilenames and -adaptresourcefilecontents, with file filters, to update resource files corresponding to obfuscated class names.
- Now respecting naming rule for nested class names (EnclosingClass$InnerClass) in obfuscation step, if InnerClasses attributes or EnclosingMethod attributes are being kept.
- Added new inter-procedural optimizations: method inlining and propagation of constant fields, constant arguments, and constant return values.
- Added optimized local variable allocation.
- Added over 250 new peephole optimizations.
- Improved making classes and class members public or protected.
- Now printing notes on suspiciously unkept classes in parameters of specified methods.
- Now printing notes for class names that dont seem to be fully qualified.
- Added support for uppercase filename extensions.
- Rewritten class file I/O code.
- Updated documentation and examples.

DSPAM is a server-side statistical anti-spam agent for Unix email servers.
DSPAM masquerades as the email servers local delivery agent and effectively filters spam using a combination of de-obfuscation techniques, specialized algorithms, and statistical analysis.
The result is an administratively maintenance-free, self-learning anti-spam tool. DSPAM has yielded real-world success rates beyond 99.9% accuracy with less than a 0.01% chance of false positives.
The DSPAM project attempts to set itself apart from other filters by focusing on the following areas:
- DSPAM has a strong drive for research. Many new algorithms and approaches to fighting spam have come out of the DSPAM project. Some of the approaches deployed in DSPAM include Concept Identification, Neural Networking, Message Inoculation , advanced de-obfuscation techniques, and a new noise reduction algorithm called Bayesian Noise Reduction. Were always looking for new approaches to improving the accuracy of DSPAM.
- A strong focus on large-scale implementation support. The largest implementation of DSPAM weve heard about to-date involves 350,000 users, with the next largest being around 125,000, then 100,000. DSPAM has been designed to run with a very short execution time (between 0.01s - 0.03s real time for classification and between 0.03s - 0.10s real time for training, on average hardware), and has been equipped with a storage driver API allowing several different storage mechanisms to be used. Depending on disk space constraints, accuracy can be traded off for additional disk space or vice-versa.
- Usability. DSPAM was designed with "grandma" in mind. Users can retrain by either forwarding any spam they receive to a spam address, or (in v3.4.2+) use the history function of the included web interface to quickly mark spam and deliver false positives. End-users dont need to know any commandline utilities or other complexities plaguing some other such tools. Functions such as whitelisting and keyword inventory are automatic (based on statistical functions) and therefore require no user intervention.
Main features:
- System-wide administratively-maintenance free filtering. The DSPAM agent can integrate into just about any network and can even be implemented as an SMTP gateway.
- A simple-to-use learning mechanism. DSPAM allows users to simply forward their spam to their "spam email address" for learning, eliminating any learning curve necessary to make it usable by your customers. The information used in every calculation is temporarily stored on the server, enabling DSPAM to relearn the original message by looking for a small signature in the forwarded spam. As a result, users dont have to be trained to bounce messages around, and administrators dont have to worry about incompatible mail clients.
- Support for a variety of storage implementations. DSPAMs storage driver API allows the administrator to choose how they wish to store data. Currently supported drivers include SQLite, Berkeley DB3, Berkeley DB4, MySQL, PostgreSQL and Oracle.
- Written in C for speed, performance, and scalability. Unlike Python or PERL solutions DSPAM is written in a low-level compiled language, meaning there is very little overhead. DSPAM runs fast, efficient, and doesnt depend on any third-party language interpreters.
- MTA support. DSPAM works great with Sendmail, Postfix, Qmail, Courier, and Exim, and should work well with many other MTAs. In the event you happen to run something like Exchange, DSPAM can be implemented on your network as an SMTP gateway. Just point your MX at it and configure it to relay to your mail server.
Enhancements:
- This is an unofficial release, but significant.
- Several significant bugfixes have been made.
- Bill Yerazunis Orthogonal Sparse Bigram (OSB) tokenizer algorithm has been added.
- The code has been significantly optimized to run much faster and with fewer resources.

fl0p provides a passive OS fingerprinting tool.
fl0p is a passive L7 flow fingerprinter that examines TCP/UDP/ICMP packet sequences, can peek into cryptographic tunnels, can tell human beings and robots apart, and performs a couple of other infosec-related tricks.
This approach differs from the techniques used by most other passive
sniffers and mappers, and is advantageous in several interesting ways:
- General flow behavior remains largely unchanged regardless of whether
cryptographic tunnels or other obfuscation techniques are used. As
such, backdoors or firewall evasion techniques that for example
use SSL on port 443, can be told apart from browser traffic, and
further investigated.
- General insight into legitimate encrypted sessions can be gained; for
example, it is possible to remotely tell successful and failed SSH
authentication attempts apart, and react accordingly.
- Human actions can be told apart from automated efforts: it is possible
to ignore SMTP client programs, but single out humans manually
interacting with the server on port 25; similarly, automated SSH
login attempts can be told apart from human actions.
Enhancements:
- Chained signature support added.
- SMTP signatures

This program is a daemon intended to catch someone installing a rootkit or running a packet sniffer. It is designed to run continually with a small footprint under an innocuous name. When triggered, it sends email, appends to a logfile, and disables networking or halts the system. it is designed to install with the minimum of disruption to a normal multiuser system, and should not require rebuilding with each kernel change or system upgrade.http://vancouver-webpages.com/rkdet/rkdet-0.54-2.i386.rpm
The program regularly verifies the checksum of a small number of system files that are typically modified by a rootkit. This list of files is compiled into the program. The file list, together with the system commands and messages, are obfuscated in the compiled code to prevent someone from figuring out what the program is for by eyeballing the binary.
The obfuscation algorithm is simple, but is compiled into the program and does not depend on external programs or other libraries.
The program takes a single optional numeric argument. If odd (bit 0 set), the interface "eth0" is checked for promiscuous operation (packet sniffing). If bit 1 is clear, the program will delete the default route on the network when triggered. Of bit 1 is set, the program will disable the eth0 interface. Systems with multiple interfaces may require an alternate interface specification in "xstrings.txt", or modification of the program to disable multiple interfaces. If bit 2 is set, the program will only log events and not disconnect the network.
The command may be modified to "init 1" or "shutdown -h now" if desired, or to run a script such as "panic.sh" (included).
Enhancements:
- Added configure script.
- Do not trap if checksum program fails (due to load, etc.)

ZZIPlib library is intentionally lightweight, it offers the ability to easily extract data from files archived in a single zip file. Applications can bundle files into a single zip archive and access them. The implementation is based only on the (free) subset of compression with the zlib algorithm which is actually used by the zip/unzip tools.

The library allows reading zip archives in a number of ways,
archive mode:

reading the zip directory and extracting files from it. This is the traditional mode as seen with unzip-utilities. Some extra unzip-utiles for transparent/magic mode are shipped as well.

replacement mode:

Use ZZIP_FILE / ZZIP_DIR pointers provided by zziplib and put them to work with routines originally developped to work with real directories and file handles. The API calls do follow traditional synopsis from posix/stdio.

transparent mode:

Use replacement handles and allow the open()-calls to automatically detect when a file is contained in a zip archive or when it is a real file in the file system. A filepath can be partly in a real filesystem and partly within the zip archive when one is seen.

ext magic

Use the same filepath to access either a zipped or real file - it looks for a real file and there is none then every subdirectory of the path is checked, a ".zip" extension appended, and the zipped file transparently opened. This can speed up dat-file development dramatically.

io/xor magic

The access to the filesystem can be hooked up - examples are given for xor obfuscation which is great for game artwork and AI data. A small intro for SDLrwops usage is given as well.