How to integrate ByteHide Shield with .NET projects?

Install the ByteHide.Shield.Integration NuGet package, configure your project token, and build your project. Protection applies automatically during MSBuild compilation.

Which .NET frameworks are supported by Shield?

Shield supports .NET Framework 4.0+, .NET Core 2.0+, .NET 5-8+, .NET Standard, Xamarin, MAUI, Unity, Blazor, ASP.NET, WPF, and WinRT.

How to configure Shield protection settings?

Configure Shield through MSBuild properties, environment variables, or the bytehide.json configuration file. Set protection levels, exclusions, and runtime options.

How to troubleshoot Shield integration issues?

Enable verbose logging, check build output for error messages, verify project token configuration, and ensure compatible .NET version and MSBuild tools.

How to exclude specific assemblies from protection?

Use the ExcludeAssemblies MSBuild property or add exclusion rules in bytehide.json configuration file to skip protection for specific assemblies or namespaces.

How to verify Shield protection was applied?

Check MSBuild output for Shield processing messages, examine protected assembly metadata, or use reflection tools to verify obfuscation was applied.

How to configure Shield for Unity projects?

Install Shield Unity package, configure project token in Unity settings, enable IL2CPP backend, and ensure compatible Unity version (2019.4+).

How to set up Shield in CI/CD pipelines?

Set project token as environment variable, ensure NuGet package restore, configure MSBuild parameters, and handle licensing for build agents.

Excluded Packages

Shield provides multiple ways to exclude classes, methods, and packages from obfuscation. Exclusions can be global (all protections) or per-protection (only specific protections).

Auto-Excluded Packages

User code only (Gradle plugin)

With the Gradle plugin, Shield only processes your project's own compiled source code by default. Dependency JARs are not obfuscated unless explicitly opted in with includePackages(). The auto-exclusions below are mainly relevant when using the CLI, where all input JARs are treated as program classes.

Shield automatically excludes known library and framework packages. No configuration needed for these:

Category	Packages
Java SDK	`java`, `javax`, `sun`, `jdk`
Kotlin	`kotlin`, `kotlinx`
Android	`android`, `androidx`, `com.android`, `dalvik`
ByteHide	`com.bytehide.monitor`, `com.bytehide.runtime`
Serialization	`com.fasterxml.jackson`, `com.google.gson`
HTTP	`okhttp3`, `com.squareup.okhttp`, `okio`, `retrofit2`, `com.squareup.retrofit2`
Google	`com.google.firebase`, `com.google.gms`, `com.google.protobuf`, `com.google.crypto`
DI	`dagger`, `javax.inject`
Reactive	`io.reactivex`
Crypto	`org.bouncycastle`
Logging	`org.slf4j`, `org.apache.log4j`, `java.util.logging`
Frameworks	`org.jetbrains`, `com.google.common` (Guava)

You only need to add exclusions for your own packages that use reflection, serialization, or other mechanisms that require original names.

Including Dependencies

By default, the Gradle plugin only obfuscates your project's source code. To also obfuscate a specific dependency (e.g., an internal company library distributed as a JAR), use includePackages():

Kotlin

shield {
    projectToken = "your-token"
    preset("mobile")
    includePackages("com.mycompany.internal-lib")
}

shield {
    projectToken = "your-token"
    preset("mobile")
    includePackages("com.mycompany.internal-lib")
}

Without includePackages, dependency JARs are passed through without modification.

Global Exclusion (All Protections)

Exclude packages from all protections using the excludePackages method:

Kotlin DSL

Kotlin

shield {
    excludePackages("com.example.models", "com.example.api")
}

shield {
    excludePackages("com.example.models", "com.example.api")
}

Groovy DSL

Groovy

shield {
    excludePackages "com.example.models", "com.example.api"
}

shield {
    excludePackages "com.example.models", "com.example.api"
}

Per-Variant Exclusions

Kotlin

shield {
    variant("release") {
        projectToken = "your-token"
        excludePackages("com.example.debug")

        protections {
            stringEncryption = true
        }
    }
}

shield {
    variant("release") {
        projectToken = "your-token"
        excludePackages("com.example.debug")

        protections {
            stringEncryption = true
        }
    }
}

Per-Protection Exclusion

Append :Protection1,Protection2 to a package name to exclude it only from specific protections:

Kotlin

shield {
    excludePackages(
        "com.example.models",                                  // exclude from ALL protections
        "com.example.networking:ControlFlowMatrix",            // exclude only from ControlFlow
        "com.example.legacy:StringEncryption,ConstantMutation" // exclude from two protections
    )
}

shield {
    excludePackages(
        "com.example.models",                                  // exclude from ALL protections
        "com.example.networking:ControlFlowMatrix",            // exclude only from ControlFlow
        "com.example.legacy:StringEncryption,ConstantMutation" // exclude from two protections
    )
}

This is useful when you want a package to get some protections but not others. For example, skip control flow on UI code for performance, but still encrypt its strings.

Protection Names

Name	Description
`StringEncryption`	XOR-based string encryption
`ControlFlowMatrix`	Control flow obfuscation with opaque predicates
`ConstantMutation`	Integer/constant mutation
`NameObfuscation`	Class, method, and field renaming
`DebugInfoRemoval`	Removes source file names and line numbers
`AntiDebug`	Debugger/emulator detection
`AntiTamper`	APK/JAR integrity validation
`ReferenceProxy`	Method/field call redirection through proxies (CLI/JSON only)
`ResourceProtection`	Embedded resource encryption (CLI/JSON only)

Annotation-Based Exclusion

For fine-grained control at the source code level, use Shield annotations:

Java

import com.bytehide.shield.annotations.Keep;
import com.bytehide.shield.annotations.DoNotObfuscate;
import com.bytehide.shield.annotations.Exclude;

@Keep                  // Exclude from ALL protections
public class UserModel { }

@DoNotObfuscate        // Exclude from renaming only
public class ApiService { }

@Exclude(protections = {"StringEncryption"})  // Exclude from specific protections
public class LogHelper { }

import com.bytehide.shield.annotations.Keep;
import com.bytehide.shield.annotations.DoNotObfuscate;
import com.bytehide.shield.annotations.Exclude;

@Keep                  // Exclude from ALL protections
public class UserModel { }

@DoNotObfuscate        // Exclude from renaming only
public class ApiService { }

@Exclude(protections = {"StringEncryption"})  // Exclude from specific protections
public class LogHelper { }

See Annotations for the full annotation guide.

Why Exclude Packages

Shield transforms bytecode: it renames identifiers, encrypts strings, and restructures control flow. This can break code that relies on:

Reflection — Frameworks that look up classes or methods by name (Gson, Retrofit, Room)
Serialization — Libraries that map JSON keys to field names (Moshi, Jackson)
Annotation processing — Code generated by annotation processors (Dagger, Hilt)
Native interop — JNI methods that must match specific signatures

Common Exclusions

Package	Why Exclude
`com.example.models`	Data classes used by Gson/Retrofit
`com.example.api`	API interfaces used by Retrofit
`com.example.ui:ControlFlowMatrix`	Skip control flow on Compose UI (performance)

Example: Typical Android App

Kotlin

shield {
    variant("release") {
        projectToken = "your-token"

        excludePackages(
            "com.myapp.data.models",                   // Used by Gson/Retrofit
            "com.myapp.data.api",                      // Used by Retrofit
            "com.myapp.ui:ControlFlowMatrix"           // Performance
        )

        protections {
            stringEncryption = true
            controlFlowObfuscation = true
            constantMutation = true
            debugRemoval = true
        }
    }
}

shield {
    variant("release") {
        projectToken = "your-token"

        excludePackages(
            "com.myapp.data.models",                   // Used by Gson/Retrofit
            "com.myapp.data.api",                      // Used by Retrofit
            "com.myapp.ui:ControlFlowMatrix"           // Performance
        )

        protections {
            stringEncryption = true
            controlFlowObfuscation = true
            constantMutation = true
            debugRemoval = true
        }
    }
}

Decision Priority

When multiple exclusion mechanisms overlap, Shield evaluates in this order (first match wins):

Method exclusion — excludedMethods / @Keep on method
Class exclusion — excludedClasses / @Keep on class
Global package exclusion — excludePackages (without :)
Per-protection package exclusion — excludePackages (with :Protection)
Auto-detection — Built-in library packages

If none match, the protection is applied.

Annotations — Fine-grained exclusion with @Keep, @DoNotObfuscate, @Exclude
Gradle DSL Reference — Complete configuration reference
Troubleshooting — Diagnosing issues caused by obfuscation

Auto-Excluded Packages

Including Dependencies

Global Exclusion (All Protections)

Kotlin DSL

Groovy DSL

Per-Variant Exclusions

Per-Protection Exclusion

Protection Names

Annotation-Based Exclusion

Why Exclude Packages

Common Exclusions

Example: Typical Android App

Decision Priority

Related