VM bytecode obfuscation for Lua, JavaScript, Python, Java, PHP, Go, Ruby, and Kotlin. Your source is compiled into encrypted bytecode that runs inside a custom virtual machine, so there is nothing readable left to copy.
Joker is an online code obfuscator built for developers who ship source. Most obfuscators stop at renaming variables and encrypting strings, which a beautifier or a modern LLM reverses in minutes. Joker takes a different route: it compiles your code into custom bytecode and executes it inside a virtual machine, so the original source never exists at runtime.
Every build is polymorphic (two copies of the same file share no structure), strings are encrypted, and built-in tamper detection makes an edited file quietly produce wrong results instead of yours.
| Language | Best for | Page |
|---|---|---|
| Lua / Luau | Roblox, FiveM, Garry's Mod scripts | Lua obfuscator |
| Roblox | LocalScripts, ModuleScripts (no loadstring) | Roblox obfuscator |
| FiveM | ESX, QBCore, standalone resources | FiveM obfuscator |
| Garry's Mod | gLua addons and gamemodes | GMod obfuscator |
| JavaScript | Node and browser, Discord bots | JavaScript obfuscator |
| Python | Bots, scripts, business logic | Python obfuscator |
| Java | Spigot, Paper, Bukkit plugins, JARs | Java obfuscator |
| PHP | WordPress plugins, Laravel, SaaS | PHP obfuscator |
| Go | Compiled apps, symbol and string hardening | Go obfuscator |
| Ruby | Rails apps, gems, scripts | Ruby obfuscator |
| Kotlin | JVM and Android source | Kotlin obfuscator |
- VM bytecode, not renaming. Your code is compiled and virtualized. There is no source-shaped thing left to rename back or beautify.
- Unique every build. Polymorphic output means no two builds look alike, so per-family deobfuscators do not amortize.
- Anti-tamper. Edited output silently produces wrong results instead of crashing, which makes patching impractical.
- Runs where you ship. Tested on real Roblox games, FiveM resources, Garry's Mod addons, and Spigot and Paper plugins. No loadstring required on Roblox.
- We never store your source. Code is processed in memory and deleted. Free tier gives 200 credits on signup, no card required.
Joker offers an optional server-keyed protected mode. The payload is encrypted and the decryption key is held on our server and fetched at runtime, so a static tool or an LLM cannot rebuild your source from the file alone. Access can be gated with license keys, hardware ID lock, expiry, and instant revocation, which is ideal for selling paid scripts.
The honest limit: any code that actually runs can, in principle, be dumped from memory while running. No obfuscator on earth prevents that. What server-keying adds is that access becomes authenticated, revocable, and traceable, not that the code becomes physically unextractable. We would rather tell you that than sell you a myth.
Read the full breakdown: Can AI deobfuscate protected code?
In-depth, hype-free writing on how code protection actually works:
- How Lua obfuscation actually works (VM bytecode explained)
- VM obfuscation vs identifier renaming: why renaming isn't protection
- Can AI deobfuscate protected code? An honest answer
- Protecting Roblox and FiveM scripts from theft
- How to protect Java and Spigot plugins from decompilation
- Symbol stripping vs obfuscation for Go binaries
Browse all: jokerobfuscator.com/articles
- Go to jokerobfuscator.com and sign up (200 free credits, no card).
- Upload your file, or use the Discord bot.
- Pick light, medium, or heavy protection.
- Download your protected file. It runs exactly the same, just protected.
Does the obfuscated code still run normally? Yes. Your program behaves identically. Only the source becomes unreadable.
Will it slow my code down? For typical game scripts and app logic the overhead is negligible.
Does it work with Roblox and FiveM? Yes. No loadstring required on Roblox, and it works with ESX and QBCore on FiveM. Tested on real games and resources.
Is my source code safe with you? We never store or log your code. It is processed in memory and deleted.