• Fixed a NPE caused by debug information remover.
• Added flow flattening to flow obfuscation.
• Huge flow obfuscation speed improvements.
• Fixed a bug that caused a VerifyError in some cases when flow obfuscation is used.

• More protection against code emulation.
• Fixed classes requiring a more recent Java version in some cases after obfuscation.
• More detailed failure messages on stacktrace decryption.
• Added a setting to remove empty directories from the jar file.

• The manifest file is now updated if classes that are referenced are renamed.
• Fixed a rare reference obfuscation bug in reflection mode. (ClassCastException from Method / Field to Number).
• Fixed stacktrace decryption not working correctly in some cases.
• After obfuscation, performance loss is estimated.
• Added a setting to exclude enum field names from Renamer.

• Improve String obfuscation performance on class initialization.
• Fixed a cause of ART lock verification failure.

• Fixed a bug that caused a VerifyError in some occasions when ART is used (Android). It was caused by either string obfuscation or flow obfuscation.

• Java 19 support.
• Fixed some Android classes being logged as unresolved, even if they're not needed.
• Better fallback when a task setting has the wrong type.
• Added a setting to rename main classes (Renamer).
• Added a setting to keep method signatures for parameter obfuscation.
• New extremely faster member link tree generation.
• Overall speed improvements. 
• Trimmer: Remove unused methods and fields to reduce the size of the output and give less information away. Scans the application recursively, starting at all entry points. Reflection usage can break this task, and it is advised to mark dynamically called methods with @EntryPoint. Methods are replaced with an error message by default, but can also be removed entirely. To explicitly keep a method or a field, use the @KeepCode annotation.

• Fixed a flow obfuscation crash during obfuscation.
• Fixed a flow obfuscation VerifyError.
• Missing class tree structure now doesn't use non-ascii characters anymore.

• Missing library classes are now printed in a tree structure.
• Fixed a stacktrace encryption bug.

• Improved stacktrace encryption security. The decrypt panel can be used on both encryption versions.
• Fixed flow obfuscation bugs and improved some techniques.
• Added a setting to toggle archive crashing for Crash RE-Tools.
• Runtime coverage is now a bit faster at runtime.

• Fixed a log output repetition bug.
• Fixed runtime invisible annotations not being handled sometimes.

• Fixed a bug with reference obfuscation that caused problems with field set instructions.
• Fixed that some reference obfuscation internal resolution tests fail which should actually pass.
• Renamer now keeps the name automatically for Android ViewModel classes.

• Renamer now keeps the class name untouched for Android classes that are typically linked in AndroidManifest.xml (Instrumentation, ContentProvider, BroadcastReceiver).
• Fixed some missing library classes not being logged.

• Fixed a bug in Scrambler that caused an "invoke-customs are only supported starting with Android O" error when certain lambdas are used on Android with the minimum API version set to 25 or lower.

• The user is now warned if they try to layer obfuscation.
• Fixed an out of memory bug that could cause a website crash while writing the output jar.
• Method exclusion now also excludes the overriding method(s) in parent classes and warns if no member has been found.

• Improved number obfuscation.
• Fixed a rare case where Scrambler caused a calculation bug.
• Fixed a Runtime coverage bug that could lead to illegal code when used in combination with Reference encryption.
• Fixed an AbstractMethodError when Scrambler, Renamer and certain interface lambdas are used in combination.
• Field exclusion is now possible.

• Makes reference obfuscation Java 17+ compatible (changes on the reflection api security).

• Improved Renamer speed.
• Fixed a rare bug that caused infinite execution time.
• Excluded classes now aren't referenced by other classes anymore.

• More error details on a class load failure.
• A corrupt class file doesn't stop the loading process anymore.
• Corrupt classes are now left in the archive unchanged instead of being removed.

• Fixed a bug where some library classes are not resolved which should be.

• Unresolved classes / libraries are now printed at the end of obfuscation.
• Fixed an exception that happened while obfuscating a single class with Renamer.
• Sped up Renamer and descriptor obfuscation.
• Renamer now excludes custom android.app.Application classes by default.
• Runtime coverage now also covers static runtime methods.
• Escaping can now be done using "/" or "." as separator.
• Inner classes now have to be separated by "$".
• Fixed "UnsupportedOperationException: null" sometimes happening on Android.

• Classes or members of classes can now be excluded using an annotation filter. "**@Deprecated" e.g. excludes all deprecated classes,
  "Main#*@Subscribe" excludes all methods in the class "Main" with an "@Subscribe" annotation.
• Fixed a frame generation bug.
• Fixed an unresolved class error that happened when flow obfuscation in combination with references is used and dynamic libraries are loaded by the application.
  Flow obfuscation now also uses descriptor obfuscation inheritance.

• All reference encryption modes now test their encrypted references for right resolution to avoid rare hash collisions.
• More stability.

• Savable configurations now make obfuscation easier.
• Huge security update. Descriptor obfuscation does now add integer values passed onwards for each function. This makes de-obfuscating a real horror.

This function was obfuscated with the new descriptor obfuscation and reference obfuscation (reflection mode):

     public static void registerCustomDefaults(Object var0, int var1 /* inserted by descriptor obfuscation */) {
      Object[] var3 = Np;
      File var4 = (File)var0;
      if ((List)((Object)1.qz(Laf.class, var3, var1 ^ 54)) == null) {  // encrypted reference
         1.rA(new ArrayList(), Laf.class, var3, var1 ^ 73); // encrypted reference
      }

      (Boolean)1.cA((List)((Object)1.qz(Laf.class, var3, var1 ^ 12)), var4, var3, var1 ^ 121);  // encrypted references
   }
   

If you were to decrypt the encrypted references (which was extremely difficult until now anyway), the parameter "var1" would be needed. This parameter is passed onwards through multiple functions.
To trace that passthrough, you would need to know the original references (or else you wouldn't know where calls come from or lead to), which is not possible without decrypting all encrypted references.
Those two tasks converge extremely well, and now force a potential attacker to simulate a custom JVM that records calls or bruteforce "var1", which is extremely hard to do.
This new descriptor obfuscation method will also be used with string obfuscation, number obfuscation and flow obfuscation.

• Overall performance increase.
• Strengthened flow obfuscation.
• Renamer does now work with more swing look and feels.
• Renamer will now raise the min API level to Java 5 to avoid verification problems caused by old verifying algorithms (Java 1.4 and lower).
• Fixed a rare bug that only occured with extremely huge jars.
• Fixed a bug in Descriptor obfuscation that could cause unintentional method overriding.

• Added a Crasher setting to keep class debug information from being modified.
• Task specific exclusion makes it easier to handle obfuscation incompatibilities.
• Member name exclusion is now also matched (e.g: "foo/bar/MainClass#*ain" excludes method "main" and "gain")

• More debug remover settings
• Renamer now renames local variables to used class names instead of deleting local variable names
• Descriptor obfuscation: Changes method parameters and field types to generic types to make it harder to identify what a members function is

• Don't override jar file comment if already present.
• "No compression" setting for spring boot jars.
• Fix for "Malformed class name" error caused by Renamer.

• More detailed error logging.
• Fixed "Invalid JSON near position: 0" bug when using the Android API.

• Huge website look and functionality update.
• Implementation of a few task specific settings.
• Fixed a very rare bug in the flow obfuscation that caused an illegal exception table range error.
• Fixed a small bug in the flow obfuscation that caused a VerifyError.
• Flow obfuscation is now harder to reverse or decompile.

• Renamer now handles special metafactory lambdas. In some cases it now also keeps package names instead of keeping the full name (e.g. when getResource is used).

• Fixed that in a special case a class was replaced with a newly generated one.
• Fixed reflection reference obfuscation not obfuscating important classes on very small jars.
• Instantiation coverage now also covers virtual method invocations and was renamed to "Runtime coverage".
• Updated copyright notice of the Branchlock runtime.

• Sped up obfuscation process (mostly flow obfuscation).
• Renamer now handles custom annotations with values.

• Lib exclusion is now done before re-including.
• New Renamer algorithm, which fixes some AbstractMethodErrors, but takes a bit longer than the old one.

• Fixed a rare bug when Flow obfuscation, Renamer and Reflection reference obfuscation are used resulting in a ClassNotFoundException.
• Improved reflection handling for Renamer.
• Improved loading and saving speed.

• Fixed a bug in reference reflection obfuscation that threw the NoClassDefFoundError caused by unresolved class references in the static initializer instead of the method that contains the reference.

• Fixed a bug in yesterdays update that caused some tasks not to function together. Apologies from our side.

• Small changes to the reflection reference obfuscation which makes it a bit more lightweight and flexible.
• Fixed reflection obfuscation sometimes ignoring @CallerSensitive annotation.
• Fixed reflection obfuscation throwing NullPointerException instead of NoSuchMethodError / NoSuchFieldError on unresolved references.
• Demo now only obfuscates 2 methods per class instead of excluding 40% of all classes.
• Exclude methods with #: **#main would e.g. exclude all main methods. ?javax/swing/JPanel#paint would exclude all paint methods of all JPanel classes. Use const for constructors and static for static initializers.
• Updated Renamer to support method exclusion and improved exclusion handling.

• Fixed reflection reference obfuscation for java 1.4 or lower classes (including Groovy runtime classes).
• Improved flow obfuscation in strength and performance and fixed a bug that caused an IllegalAccessError.
• Stacktrace encryption now cuts the file type (eg. MyMainClass.java -> MyMainClass) to save unnecessary file size.

• Fixed a bug in the obfuscation panel that prevented licensed users from obfuscating
• Keep Renamer from renaming fields, methods or classes if they have a @KeepName annotation.
• Fixed a bug in reflection reference obfuscation that caused the application to crash in a certain case.

• Added a separate debug information remover task instead of letting Scrambler remove debug information.
• Improved performance of the reflection reference obfuscation.

• Hotfix for the enhanced string encryption mode.
• Small optimization in the compatibility string encrypton.

• Fixes Branchlock creating version 52 classes in certain cases instead of supporting lower versions.
• New reference encryption mode: "Reflection mode". Supports java versions below 8, is Android compatible and has low impact on the file size (~17%). Equally secure as dynamic mode.

• Increased performance of compatibility string encryption and fixed a rare "UTF-8 vector too large" bug.
• Improved illegibility of number encryption.
• Moved switch encryption to number encryption.
• "serialVersionUID" fields are not inlined by number encryption anymore.

• Fixed another rare "UTF-8 vector too large" bug in compatibility string encryption.
• Number obfuscation now extracts often occurring numbers to variables to save file size and performance.

• Fixed a bug that was caused when multiple libraries had overlapping classes.
• Library classes are now converted to stubs to save upload time. (fullLibCode = true can disable that)
• Using own exceptions now for better handling.

We are happy and proud to introduce Android support, which was not easy to implement, because Android behaves very differently from the desktop JVM, but we managed to make most of Branchlock compatible with Android, including Android 11. You may encounter some bugs at the beginning, but we would be glad if you tested it on your Android applications, if you are developing some currently. Branchlock is the first obfuscator to use a gradle plugin to do the work for you. You also can use Branchlock in combination with ProGuard, for even more protection.

• Android support introduction, including most tasks.
• Anti root task for android, which checks for root and suspends the app if it is detected.
• Obfuscator performance improvements.

• Fixed a bug in Scrambler that caused a crash when using custom annotations.
• New string encryption mode "compatibility" that is faster than the current enhanced mode and compatible with old java versions, as well as android.
• Removed heavy reference encryption mode.

• More android compatibility preparation.
• Fixed a bug that caused a NPE when a program obfuscated with references that contained a class in the root package which is referenced, is run with java 8.

• Made (enhanced) reference encryption android compatible and a bit more secure. Heavy reference encryption will be removed soon, as it won't be updated anymore.
• Number encryption is now even more illegible for byte range terms.

• Partial android support (in-dev).
• Fixes a rare bug that crashes the obfuscator without leaving any log or output file.

• Exclude classes that are assignable to certain class by using the ? operator. Example: ?javax/swing/** will exclude all classes that are assignable to a class in the package javax/swing/. ?java/lang/Object would for example exclude everything. This operator can also be used for reincluding.

• Non-printable name generation mode: Messes up decompilers with new-line indicators and low ascii characters.
• Option to exclude libraries from obfuscation automatically.

• Generalize access also removes synthetic modifiers now
• Renamer now only updates the access of members that need to be updated to avoid access errors instead of making all members public

• Method references to methods with a @CallerSensitive annotation are not getting encrypted anymore in reference obfuscation.
• Fixes a bug in light reference obfuscation that caused some extremely rare cases to get resolved incorrectly (reference wrongly points to a method in a parent class with the same name of the actual method).
• Heavy reference encryption is now deprecated, as light reference obfuscation is now out of the experimental stage.

• Fixes an enhanced reference obfuscation bug that is caused when a static method with the same name as a non-static method exists in a parent class of the owner class containing the non-static method. (java.lang.invoke.WrongMethodTypeException: cannot explicitly cast MethodHandle... to (Object,...))

• Huge flow obfuscation improvements. Monitor instructions and ugly try catch blocks now make your code really hard to read. It also doesn't process as long as it did before.

• Fixes constant tag error caused by string obfuscation.
• Fixes analyzer errors in the output log when using flow obfuscation.

• Stacktrace encryption for better analysis of crashes without the need for ReTrace. The stacktraces of your users can be decrypted in the stacktrace panel right next to the obfuscator using your secret key. This makes crash analysis much easier.
• Flow encryption is now processed faster and encrypts instanceof statements.

• Number encryption now also encrypts floating point constants.
• Fixes a duplicate method definition bug in enhanced reference encryption.
• Scrambler now makes lambdas harder to decompile.

• Branchlock classes are now also placed in random packages.
• String encryption now takes a bit less file size and also encrypts static final String fields.
• Number encryption now also encrypts static final int / long fields.

• Fixes a bug that caused an "Illegal class name" exception.
• Fixes a bug that left callsite methods and fields unobfuscated.
• Let the user choose if branchlock should adapt their class and method names to the provided class and method names (Adaptive mode) or use weird characters instead (that could crash decompilers / tools).

• Demo now only excludes 60% of the classes if more than 25 classes are obfuscated instead of 5.
• Instantiation coverage: Hide runtime instantiations like new IllegalStateException(). Lightweight but effective.

• Fixes a way to bypass anti-debug.
• Scrambler now also makes switch statements harder to read. Can be combined with number obfuscation.

• Fixes a static method resolvation bug in enhanced reference encryption.

• The function "Import from pom.xml" was added. You can now upload your pom.xml file and Branchlock will automatically download the libraries from the repositories via maven.

• New execution order to ensure more encryption with certain execution combinations.
• Number obfuscation is now more dynamic and the impact on the file size is less divergent.
• Enhanced reference obfuscation is now harder to decompile, but may be a bit slower at initialization.

• Hardens number obfuscation even more, which also makes reference and string encryption more difficult to decrypt, especially when used in a combination.
• Fixes a NullPointerException during string obfuscation.

• Number obfuscation: Obfuscates whole number constants (ints and longs). Unusual constants like -1880695587 are protected more than more occuring ones like 256.
• The JVM-argument -noverify was removed from the anti-debug check, as some programs depend on it.
• Other executions now make use of the number obfuscation for even more protection.

• Fixes a bug that causes a ClassCastException due to the reference obfuscation of 

  ClassLoader.registerAsParallelCapable();

• Anti-debug: Disables certain debugging methods that could be useful for potential attackers. Should be used in combination with reference obfuscation, as it makes it harder to remove.

• Fixed a bug that caused the obfuscator to crash when everything is excluded.
• Count of excluded / re-included classes is now logged again.
• Scrambler now scrambles integer / long multiplications and divisions with one constant.

• Improved string obfuscation. Faster and safer.
• General optimizations.

• Access generalizer: Removes all access modifiers that could help a possible reverse engineer. Makes it harder to identify which fields are changed and which remain unchanged.

• Improved flow obfuscation, while keeping file size.
• A demo version is now available for all registered users.

• Added a feature to shuffle class members.
  
• Scrambler now affects fields too.
• Rewrote the whole class loading, excluding and execution process. This lead to an increasage of obfuscation speed.
• Several things were optimized for a better performance of the output file.

• Fixed some minimal typing mistakes.
• Increased performance and decreased size of reference obfuscation by a small bit (heavy mode).
• Crasher now also confuses zip-extraction programs.
• Better logging messages at exporting.

• Fixed a bug that caused both reference obfuscation modes to throw an AssertionError sometimes (but very unlikely)
• Fixed a bug that caused some field references to get resolved wrongly in the experimental mode. This required to increase the output file size percentage a bit (by 5 - 10 percent), but makes it more stable.

• Obfuscation tasks now check for compatibility before obfuscating a class.
• Fixed a bug in experimental reference obfuscation that caused field references to resolve wrongly.
• Improved performance of output files a little.