Native obfuscation for the JVM

Nativify

Nativify protects Java and Kotlin applications by compiling selected methods to native machine code and obfuscating them. Once a method is compiled, its logic leaves your .class files entirely — decompilers and static-analysis tools see only an opaque native call instead of your original code.

On top of native compilation, Nativify can apply additional hardening — control-flow flattening, bogus control flow, instruction substitution, string encryption, indirect calls and branches, and more — so the protected code resists reverse engineering even under disassembly.

What it does to your JAR

1. You choose which methods to protect with the @Nativify annotation (or protect every eligible method).
2. Nativify compiles those methods to native code and applies any obfuscation you enable.
3. Your JAR is repackaged: the selected method bodies become native stubs, the native libraries are embedded inside the JAR, and the loader that wires them up is added automatically — no source-code changes required.
4. You ship the output JAR exactly like the original.

Protect the right methods

Only the methods you select are compiled, and native methods that call back into the JVM carry some overhead. Target hot, sensitive methods — license checks, key algorithms, anti-tamper logic — rather than the entire application. See Limitations → Performance.

Two ways to use it

	Hosted dashboard	CLI / GUI (local)
Toolchain	Managed for you	You install LLVM 19/20
Best for	Quick protection, no setup	CI pipelines, full control
Output	Built for you	Built on your machine

Quickstart (CLI)

# Build the tool (outputs to dist/)
./build.sh            # Windows: build.bat

# Protect @Nativify-annotated methods, with obfuscation enabled
dist/bin/nativify \
  -i app.jar \
  -o app-protected.jar \
  -compileFor windows-x86_64 \
  -enable native-llvm-passes-bogus-control-flow,native-llvm-passes-substitution,native-llvm-passes-string-encryption

Run the result like any other JAR — nothing else to wire up:

java -jar app-protected.jar

Documentation

Getting started

• Installation — prerequisites and LLVM setup
• Building from source — build.sh / build.bat
• Usage — CLI and GUI walkthrough
• Running the protected JAR — what ships and how it runs
• WSL build guide — building under WSL 2

Reference

• CLI reference — every flag, with examples
• Configuration & features — @Nativify, config files, the feature catalog
• Processor reference — what every processor does
• Limitations — what is and isn't supported
• Benchmarks — performance measurements
• Troubleshooting — common problems and fixes

Supported at a glance

• Targets: Windows, Linux, Android, macOS — x86_64, aarch64, arm, x86
• Runtime: Java 8+ (build with Java 21 recommended)
• Languages: JVM bytecode, including Kotlin
• Exception handling and most of the modern JVM instruction set

See Limitations for the full support matrix.

Always test before you ship

Verify that the protected JAR runs correctly before publishing. If you hit a bug or a missing feature, please open an issue.