Confidential

Dart Literals Obfuscator to Defend Against Static Reverse Engineering

Get Started

Protect your sensitive literals

Define your obfuscation algorithm and secret literals in a YAML configuration file.

confidential.yaml 
algorithm:
  - encrypt using aes-256-gcm
  - compress using bzip2
  - shuffle

defaultNamespace: create Secrets

secrets:
  - name: apiKey
    value: "sk_live_51H..."
  - name: suspiciousLibraries
    value:
      - Substrate
      - FridaGadget
      - Substitute
lib/generated/confidential.dart 
// GENERATED CODE - DO NOT MODIFY BY HAND
import 'package:confidential/confidential.dart';

class Secrets {
  static final apiKey = ObfuscatedValue<String>(
    Secret(
      data: Uint8List.fromList([0x14, 0x4b, 0xe5, 0x48, /* ... */]),
      nonce: 13452749969377545032,
    ),
    _deobfuscateData,
  );

  static final suspiciousLibraries = ObfuscatedValue<List<String>>(
    Secret(
      data: Uint8List.fromList([0x04, 0xdf, 0x99, 0x61, /* ... */]),
      nonce: 4402772458530791297,
    ),
    _deobfuscateData,
  );

  static T _deobfuscateData<T>(Uint8List data, int nonce) {
    // Deobfuscation implementation
  }
}

Generated obfuscated code

The CLI tool generates Dart code with your literals obfuscated using your custom algorithm, making static analysis much harder.

Use obfuscated values safely

Access your obfuscated literals with type safety. The values are deobfuscated at runtime only when needed.

main.dart 
import 'generated/confidential.dart';

void main() {
  // Access obfuscated API key
  final apiKey = Secrets.apiKey.\$;
  print('API Key: \${apiKey.substring(0, 8)}...');

  // Check for suspicious libraries
  final suspiciousLibs = Secrets.suspiciousLibraries.\$;
  final loadedLibs = getLoadedLibraries();

  final isSafe = loadedLibs.every((lib) =>
    !suspiciousLibs.any((suspicious) =>
      lib.toLowerCase().contains(suspicious.toLowerCase())
    )
  );

  if (!isSafe) {
    print('⚠️ Suspicious library detected!');
    exit(1);
  }
}

Features

Powerful obfuscation techniques to protect your sensitive literals

🔐

Multi-Algorithm Obfuscation

Supports AES-256-GCM, ChaCha20-Poly1305, RSA, XOR, and compression algorithms.

🎯

Type-Safe API

Strongly typed obfuscated values with compile-time safety and runtime deobfuscation.

🛡️

Security-First Design

Defense against static analysis and reverse engineering with polymorphic obfuscation.

🔧

CLI & Build Integration

Complete toolchain with build_runner support for automatic code generation.

High Performance

Optimized algorithms with minimal runtime overhead and lazy deobfuscation.

🌐

Platform-Aware Security

Web-specific warnings and platform-optimized protection for all Dart platforms.