Skip to content

Additional Protection

License verification alone cannot stop a determined attacker who is willing to decompile your JAR. These techniques increase the effort required to bypass your protections.

Obfuscate your code

Code obfuscation renames classes, methods, and fields to meaningless identifiers, making the decompiled output much harder to understand and modify.

The Script Template enables ProGuard by default. If you are using the template, obfuscation is already configured and runs automatically when you build a release JAR.

!!! warning "ProGuard and the licensing library" If you use the LicenseChecker, you must add a ProGuard keep rule for any classes the library references. Check the Adding Verification page for the required configuration.

Keep your public key out of plain text

The public key embedded in your script is used to verify license responses from the Cereal server. Store it in a way that is not immediately obvious to someone browsing the decompiled output — for example, split across multiple constants or reconstructed at runtime.

Minimise what you ship

Only include code and resources that your script actually needs. Smaller JARs have a smaller attack surface and are faster to load.