How to integrate ByteHide Shield with .NET projects?

Install the ByteHide.Shield.Integration NuGet package, configure your project token, and build your project. Protection applies automatically during MSBuild compilation.

Which .NET frameworks are supported by Shield?

Shield supports .NET Framework 4.0+, .NET Core 2.0+, .NET 5-8+, .NET Standard, Xamarin, MAUI, Unity, Blazor, ASP.NET, WPF, and WinRT.

How to configure Shield protection settings?

Configure Shield through MSBuild properties, environment variables, or the bytehide.json configuration file. Set protection levels, exclusions, and runtime options.

How to troubleshoot Shield integration issues?

Enable verbose logging, check build output for error messages, verify project token configuration, and ensure compatible .NET version and MSBuild tools.

How to exclude specific assemblies from protection?

Use the ExcludeAssemblies MSBuild property or add exclusion rules in bytehide.json configuration file to skip protection for specific assemblies or namespaces.

How to verify Shield protection was applied?

Check MSBuild output for Shield processing messages, examine protected assembly metadata, or use reflection tools to verify obfuscation was applied.

How to configure Shield for Unity projects?

Install Shield Unity package, configure project token in Unity settings, enable IL2CPP backend, and ensure compatible Unity version (2019.4+).

How to set up Shield in CI/CD pipelines?

Set project token as environment variable, ensure NuGet package restore, configure MSBuild parameters, and handle licensing for build agents.

CLI Installation & Usage

The Shield Java CLI is a standalone command-line tool for obfuscating JAR files without the Gradle plugin. Use it for CI/CD pipelines, backend JVM applications, or any scenario where Gradle integration is not available.

Requirements

Java 8 or higher (java -version to check)
A ByteHide project token

Installation

Download from Maven Central

Bash

curl -O https://repo1.maven.org/maven2/com/bytehide/shield/shield-java-cli/1.1.5/shield-java-cli-1.1.5.jar

curl -O https://repo1.maven.org/maven2/com/bytehide/shield/shield-java-cli/1.1.5/shield-java-cli-1.1.5.jar

Or download manually from Maven Central.

Verify Installation

Bash

java -jar shield-java-cli-1.1.5.jar --version
# Output: 1.1.5

java -jar shield-java-cli-1.1.5.jar --help

java -jar shield-java-cli-1.1.5.jar --version
# Output: 1.1.5

java -jar shield-java-cli-1.1.5.jar --help

Usage

1. Create a Configuration File

Create shield-config.json:

JSON

{
  "projectToken": "your-bytehide-project-token",
  "inputJars": ["my-app.jar"],
  "outputJar": "my-app-protected.jar",
  "protections": {
    "StringEncryption": true,
    "ConstantMutation": true,
    "DebugInfoRemoval": true,
    "NameObfuscation": true,
    "ControlFlowMatrix": true
  }
}

{
  "projectToken": "your-bytehide-project-token",
  "inputJars": ["my-app.jar"],
  "outputJar": "my-app-protected.jar",
  "protections": {
    "StringEncryption": true,
    "ConstantMutation": true,
    "DebugInfoRemoval": true,
    "NameObfuscation": true,
    "ControlFlowMatrix": true
  }
}

2. Run

Bash

java -jar shield-java-cli-1.1.5.jar -c shield-config.json

java -jar shield-java-cli-1.1.5.jar -c shield-config.json

The protected JAR will be written to the path specified in outputJar.

3. Verify

Bash

java -jar my-app-protected.jar

java -jar my-app-protected.jar

CLI Options

Option	Description
`-c, --config <file>`	Configuration file (JSON)
`-i, --input <file>`	Input JAR file (overrides config)
`-o, --output <file>`	Output JAR file (overrides config)
`-m, --mapping <file>`	Output mapping file for deobfuscation
`-v, --verbose`	Verbose output
`-V, --version`	Print version
`-h, --help`	Show help

JSON Configuration Reference

Full Example

JSON

{
  "projectToken": "your-token",
  "inputJars": ["app.jar"],
  "outputJar": "app-protected.jar",
  "libraryJars": [],
  "mappingFile": "mapping.txt",

  "protections": {
    "StringEncryption": true,
    "ConstantMutation": true,
    "DebugInfoRemoval": true,
    "NameObfuscation": true,
    "ControlFlowMatrix": true,
    "AntiDebug": false,
    "AntiTamper": false,
    "ReferenceProxy": false,
    "ResourceProtection": false
  },

  "renameMode": "LETTERS",
  "repackageClasses": true,
  "repackageClassesTargetPackage": "a",

  "excludedPackages": [
    "com.example.models",
    "com.example.api:NameObfuscation",
    "com.example.legacy:StringEncryption,ConstantMutation"
  ],

  "keepRules": [
    {
      "classPattern": "com/example/Main",
      "memberPattern": "*",
      "keepNames": true
    }
  ],

  "verbose": true
}

{
  "projectToken": "your-token",
  "inputJars": ["app.jar"],
  "outputJar": "app-protected.jar",
  "libraryJars": [],
  "mappingFile": "mapping.txt",

  "protections": {
    "StringEncryption": true,
    "ConstantMutation": true,
    "DebugInfoRemoval": true,
    "NameObfuscation": true,
    "ControlFlowMatrix": true,
    "AntiDebug": false,
    "AntiTamper": false,
    "ReferenceProxy": false,
    "ResourceProtection": false
  },

  "renameMode": "LETTERS",
  "repackageClasses": true,
  "repackageClassesTargetPackage": "a",

  "excludedPackages": [
    "com.example.models",
    "com.example.api:NameObfuscation",
    "com.example.legacy:StringEncryption,ConstantMutation"
  ],

  "keepRules": [
    {
      "classPattern": "com/example/Main",
      "memberPattern": "*",
      "keepNames": true
    }
  ],

  "verbose": true
}

Fields

Field	Type	Default	Description
`inputJars`	`String[]`	required	Input JAR files to obfuscate
`outputJar`	`String`	required	Output obfuscated JAR path
`libraryJars`	`String[]`	`[]`	Library JARs (not obfuscated, used for reference resolution)
`mappingFile`	`String`	`null`	Output mapping file for deobfuscation
`projectToken`	`String`	required	ByteHide project token
`protections`	`Object`	—	Enable/disable individual protections
`renameMode`	`String`	`"LETTERS"`	`LETTERS`, `UNICODE`, `ASCII`, `SEQUENTIAL`, `DECODABLE`, `FAKE`
`repackageClasses`	`Boolean`	`false`	Flatten all classes into one package
`repackageClassesTargetPackage`	`String`	`"a"`	Target package name
`keepRules`	`Object[]`	`[]`	ProGuard-compatible keep rules
`excludedPackages`	`String[]`	`[]`	Packages to exclude (global or per-protection)
`excludedClasses`	`String[]`	`[]`	Specific classes to exclude
`excludedMethods`	`String[]`	`[]`	Specific methods to exclude
`verbose`	`Boolean`	`false`	Verbose output
`stringEncryptionMode`	`String`	`"DYNAMIC"`	`DYNAMIC` or `BASIC`
`stringEncryptionMinLength`	`Int`	`3`	Min string length to encrypt
`controlFlowConfig.intensity`	`Int`	`5`	Control flow intensity (1-10)
`controlFlowConfig.depth`	`Int`	`10`	Control flow depth (1-18)
`controlFlowConfig.mode`	`String`	`"MIXED"`	`SWITCH`, `JUMP`, or `MIXED`
`aggressiveOverloading`	`Boolean`	`false`	Reuse names for methods with different signatures
`allowAccessModification`	`Boolean`	`false`	Widen access modifiers
`adaptClassStrings`	`Boolean`	`false`	Adapt `Class.forName("...")` strings when renaming classes

CLI vs Gradle plugin

In the CLI, all JARs listed in inputJars are treated as program classes and obfuscated. Use libraryJars for dependencies that should only be used for reference resolution (not obfuscated). The Gradle plugin handles this separation automatically.

Exclusions

Exclude packages from all protections:

JSON

"excludedPackages": ["com.example.models"]

"excludedPackages": ["com.example.models"]

Exclude packages from specific protections only:

JSON

"excludedPackages": ["com.example.api:NameObfuscation,StringEncryption"]

"excludedPackages": ["com.example.api:NameObfuscation,StringEncryption"]

Keep Rules

Preserve class/member names while still applying other protections:

JSON

"keepRules": [
  {
    "classPattern": "com/example/Main",
    "memberPattern": "*",
    "keepNames": true
  }
]

"keepRules": [
  {
    "classPattern": "com/example/Main",
    "memberPattern": "*",
    "keepNames": true
  }
]

Use "keepClassName": false to allow class renaming while preserving field/method names (useful for Gson/Jackson DTOs):

JSON

"keepRules": [
  {
    "classPattern": "com/example/dto/**",
    "memberPattern": "*",
    "keepNames": true,
    "keepClassName": false
  }
]

"keepRules": [
  {
    "classPattern": "com/example/dto/**",
    "memberPattern": "*",
    "keepNames": true,
    "keepClassName": false
  }
]

Examples

Obfuscate a Spring Boot JAR

JSON

{
  "projectToken": "your-token",
  "inputJars": ["target/myapp-1.0.0.jar"],
  "outputJar": "target/myapp-1.0.0-protected.jar",
  "protections": {
    "StringEncryption": true,
    "ConstantMutation": true,
    "ControlFlowMatrix": true,
    "DebugInfoRemoval": true
  },
  "excludedPackages": [
    "org.springframework",
    "com.fasterxml.jackson"
  ]
}

{
  "projectToken": "your-token",
  "inputJars": ["target/myapp-1.0.0.jar"],
  "outputJar": "target/myapp-1.0.0-protected.jar",
  "protections": {
    "StringEncryption": true,
    "ConstantMutation": true,
    "ControlFlowMatrix": true,
    "DebugInfoRemoval": true
  },
  "excludedPackages": [
    "org.springframework",
    "com.fasterxml.jackson"
  ]
}

Generate a Mapping File

Bash

java -jar shield-java-cli-1.1.5.jar -c shield-config.json -m mapping.txt

java -jar shield-java-cli-1.1.5.jar -c shield-config.json -m mapping.txt

The mapping file maps obfuscated names back to original names, useful for reading stack traces from production.

Gradle Setup — Gradle plugin integration (recommended for Android)
Gradle DSL Reference — Complete Gradle configuration reference
Deobfuscate Stack Traces — Using mapping files to decode crash reports

Requirements

Installation

Download from Maven Central

Verify Installation

Usage

1. Create a Configuration File

2. Run

3. Verify

CLI Options

JSON Configuration Reference

Full Example

Fields

Exclusions

Keep Rules

Examples

Obfuscate a Spring Boot JAR

Generate a Mapping File

Related