Command Line Interface

To be able to use JCloak, you need docker/podman and run the following command. Make sure to edit the LICENSE variable before running the command.

Do you already have a license?

After purchase, you will receive an access token to login with docker and be able to pull the image. For more information, read the instructions on docker here

$ docker run -v ./:/opt/jcloak/bin/files -e LICENSE=<license> --rm jcloak/cli:latest

usage: jCloak
 -input <file>                Input file (required)
 -output <file>               Output file (required)
 -address <ip>                Required ip address to execute the output
 -allowAgent                  Allow Java agents at runtime
 -allowUnsafe                 Allow access to the Unsafe class
 -dependencies <deps>         Folder with dependencies
 -entrypoint <classes>        Entrypoints seperated with comma
 -exclude <packages>          Exclude packages seperated with comma
 -expiration <days>           Expiration in days
 -exportKey <file>            Export encryption key to file
 -hideExclusions              Hide exclusions from std out
 -hideKey                     Hide Encryption key from std out
 -hideProgress                Hide processed classes from std out
 -includeAll                  Include all classes except the entrypoint
 -includeKey                  Include Encryption key
 -key <key>                   Encryption key
 -killswitch <url>            URL which returns true when killswitched
 -native                      Fake native implementations
 -noLoader                    Do not bundle the loader into the output jar
 -skipChecksums               Skip checksums and allow modification
 -urlLoader <url>             Load the loader dynamically during runtime from an url
 -verifyVM                    Check the integrity of a few selected VMs
 -watermark <string>          Unique watermark
 -webhook <url>               Discord webhook url

The input file is the jar file you want to encrypt and hide. The output file is the modified jar containing the necessary files and modifications. The other options are not mandatory. By not providing a key, jcloak will generate a one-time-pad encryption key.

Provide an Encryption Key

To execute the jar file that doesn’t include the key, you need to set an environment variable named JCLOAK_KEY which will be retrived at runtime to be able to decrypt the class files. This can be archived by editing the startup script or by trying a workaround such as mentioned here.

$ export JCLOAK_KEY=<yoursecret>

Alternatively you can add the includeKey option to include the encryption key inside the jar file. Keep in mind that this will come at the expense of security as they key is now included “somewhere” inside the jar file.

Using the URL Loader

The JCloak loader is with roughly 1.1 MiB not small. There are reasons why you want to reduce the file size or hide the jcloak package. Therefore, you can load the loader via an URLClassLoader. The URL has to be provided during build time. You can either provide your own url or use the public one.

-urlLoader https://micartey.github.io/jCloak/static/files/loader-9a9fe.jar

Please verify that the sha256sum of the jar file and its name start with the same characters.

Check the integrity of VMs

Experimental

Checking the integreity of VMs is a highly experimental feature that most certainly requires manual intervention. It is very unlikely that a signature for your VM already exists for your achitecture and operating system.

Don’t worry, this can be dynamically changed - no need for updates and rebuilds. One mirror is hosted on one of my gists where you can also start a request to add a signature.

Any signature that has been generated from a docker image will most certainly be added if reported, as well as any official java version that has been downloaded using a package manager.
Both need to be (externally) verified. Verification requires in most cases a meeting. In case of docker images it is also possible to skip this step if published to docker hub even if only for a short duration.