ProGuard

730df0227780e818df8ce1e19c9a6c48?s=47 Edward Dale
August 31, 2017
Technology
0
140

 ProGuard

An introduction to how ProGuard works.

730df0227780e818df8ce1e19c9a6c48?s=128

Edward Dale

August 31, 2017
Tweet

More Decks by Edward Dale

See All by Edward Dale
730df0227780e818df8ce1e19c9a6c48?s=48 scompt
0
90
730df0227780e818df8ce1e19c9a6c48?s=48 scompt
0
230
730df0227780e818df8ce1e19c9a6c48?s=48 scompt
1
1.6k
730df0227780e818df8ce1e19c9a6c48?s=48 scompt
2
230
730df0227780e818df8ce1e19c9a6c48?s=48 scompt
1
300
730df0227780e818df8ce1e19c9a6c48?s=48 scompt
7
1.5k
730df0227780e818df8ce1e19c9a6c48?s=48 scompt
2
270

Other Decks in Technology

See All in Technology
74948d1118cd84528f7861a3069dd8d9?s=48 qryuu
8
2k
Ed0857744ec644c8ec83cf04e3a1f5fd?s=48 mizushimac
0
2.3k
8a84268593355816432ceaf78777d585?s=48 dena_tech
0
130
8a84268593355816432ceaf78777d585?s=48 dena_tech
0
220
966e29b84ae7dbde170f66b0bc75b7a6?s=48 ishiayaya
2
160
9f96c3fd49e6a294e521175f2ad80b71?s=48 usamomokawa
0
170
F01c8fdfa64bdfc00a94896e0b1359e0?s=48 tmdoi
0
150
Dd7fa413be25d8672c03a487db6a8fe6?s=48 fujiihda
14
2.9k
Dafc4723e9a1c067796c0fec6f509774?s=48 lemiorhan
0
190
0f993881fa8709dbe986bcade6c1fbad?s=48 satonaoki
0
110
2102a6b8760bd6f57f672805723dd83a?s=48 line_developers_tw
0
210
F1e7eb88ee8989e5d642b111a2fa2343?s=48 makinoy
0
220

Featured

See All Featured
2f5463832ccb768ccb4a1ca3607c27ef?s=48 jacobian
251
19k
A415db3ac9e9668acbc1fb36eead84ac?s=48 mthomps
37
2.2k
8081b26e05bb4354f7d65ffc34cbbd67?s=48 chriscoyier
142
19k
7559f6cff1f5efc2d210965febd4d71c?s=48 bermonpainter
340
26k
F68cb25ae3e5c2106997454b13b7737d?s=48 brad_frost
154
6.2k
C1daf20e5c49ff910745198ef9869ac2?s=48 hatefulcrawdad
257
16k
Af6a12710770ad9a7cfd08c97efd40d3?s=48 pedronauck
648
110k
9fa239b3154a0169d99ab7bf1422dd12?s=48 marcelosomers
220
14k
Fe6b81005d1553accd6b2a28f6a2bef1?s=48 phodgson
84
3.8k
C157b16234f1e75e8eac3698c1d4414a?s=48 ddemaree
274
31k
25c7c18223fb42a4c6ae1c8db6f50f9b?s=48 mojombo
356
62k
F383c6a4dc55e331bbe2987b622cee6b?s=48 stephaniewalter
256
10k

Transcript

  1. ProGuard Edward Dale @scompt Freeletics https://www.freeletics.com August 31, 2017 ©

    Edward Dale, 2017 1

  2. Agenda • Overview • Steps • Problems • Future ©

    Edward Dale, 2017 2

  3. Purpose ProGuard is the most popular optimizer for Java bytecode.

    It makes your Java and Android applications up to 90% smaller and up to 20% faster. ProGuard also provides minimal protection against reverse engineering by obfuscating the names of classes, fields and methods. — https://www.guardsquare.com/en/proguard © Edward Dale, 2017 3

  4. Purpose ProGuard is the most popular optimizer for Java bytecode.

    It makes your Java and Android applications up to 90% smaller and up to 20% faster. ProGuard also provides minimal protection against reverse engineering by obfuscating the names of classes, fields and methods. — https://www.guardsquare.com/en/proguard © Edward Dale, 2017 4

  5. Highlights 1 • ProGuard is a command-line tool with an

    optional graphical user interface. • ProGuard is easy to configure. A few intuitive command line options or a simple configuration file is all it takes. All available options are detailed in the user manual. 1 https://www.guardsquare.com/en/proguard © Edward Dale, 2017 5

  6. Highlights 1 (continued) • ProGuard is fast. It processes small

    Android applications and entire run-time libraries in seconds. • ProGuard is the default tool in development environments like Oracle’s Wireless Toolkit, NetBeans, EclipseME, Intel’s TXE SDK and Google’s Android SDK. 1 https://www.guardsquare.com/en/proguard © Edward Dale, 2017 6

  7. Highlights (annotated) • ProGuard is easy to configure. A few

    intuitive command line options or a simple configuration file is all it takes. All available options are detailed in the user manual. • ProGuard is fast. It processes small Android applications and entire run- time libraries in seconds. © Edward Dale, 2017 7

  8. Steps start shrink end optimize obfuscate preverify © Edward Dale,

    2017 8

  9. Shrink Step • Enabled by default • Disabled with -dontshrink

    • Removes all classes, methods, resources not reachable from from an entry point (seeds) • Dynamically referenced classes/methods need to be "kept" using -keep or -keepclasseswithmembers © Edward Dale, 2017 9

  10. Example Class Diagram LoginActivity UserManager UserApi FeedActivity FeedApi OldUserManager OldUserApi

    © Edward Dale, 2017 10

  11. After Shrinking • No seeds LoginActivity UserManager UserApi FeedActivity FeedApi

    OldUserManager OldUserApi © Edward Dale, 2017 11

  12. After Shrinking • -keep MainActivity • -keep SecondActivity LoginActivity UserManager

    UserApi FeedActivity FeedApi OldUserManager OldUserApi © Edward Dale, 2017 12

  13. After Shrinking • -keep public class * extends android.app.Activity LoginActivity

    UserManager UserApi FeedActivity FeedApi OldUserManager OldUserApi © Edward Dale, 2017 13

  14. Keep Options -keep Specifies classes and class members (fields and

    methods) to be preserved as entry points to your code. -keepclassmembers Specifies class members to be preserved, if their classes are preserved as well. -keepclasseswithmembers Specifies classes and class members to be preserved, on the condition that all of the specified class members are present. © Edward Dale, 2017 14

  15. Optimize Step • Enabled by default • Disabled with -dontoptimize

    • Performs lots of different bytecode-level optimizations to the code © Edward Dale, 2017 15

  16. Optimize Step • -optimizationpasses declares how many times to optimize/shrink

    • Freeletics does 5 passes © Edward Dale, 2017 16

  17. Optimize Step • -optimizations can be used to disable specific

    optimizations • Freeletics disables optimizations that cause problems on Android • More information in $ANDROID_HOME/tools/proguard/ proguard-android-optimize.txt © Edward Dale, 2017 17

  18. Example Optimizations 2 • Marks methods as final, whenever possible.

    • Removes unused method parameters. • Propagates the values of method parameters from method invocations to the invoked methods. • Propagates the values of method return values from methods to their invocations. • Inlines short methods. • Inlines methods that are only called once. 2 https://www.guardsquare.com/en/proguard/manual/optimizations © Edward Dale, 2017 18

  19. Obfuscate Step • Enabled by default • Disabled with -dontobfuscate

    • Classes and class members receive new short random names, except for the ones listed by the various -keep options • Internal attributes that are useful for debugging are removed © Edward Dale, 2017 19

  20. After Obfuscation LoginActivity A B FeedActivity C OldUserManager OldUserApi ©

    Edward Dale, 2017 20

  21. Preverification Step • Enabled by default • Disabled with -dontpreverify

    • When loading class files, the class loader performs some sophisticated verification of the byte code. • Unnecessary on Android © Edward Dale, 2017 21

  22. Problems © Edward Dale, 2017 22

  23. Problem 1 Class is unintentionally removed/obfuscated Symptom: Runtime crash java.lang.NoClassDefFoundError:

    Failed resolution of: Lcom/freeletics/LoginActivity; © Edward Dale, 2017 23

  24. Problem 1 Class is unintentionally removed/obfuscated Symptom: Runtime crash java.lang.NoClassDefFoundError:

    Failed resolution of: Lcom/freeletics/LoginActivity; Solution: Ensure class is kept -keep com.freeletics.LoginActivity © Edward Dale, 2017 24

  25. Problem 2 Code references a class not available Symptom:: Build

    failure Warning: rx.internal.util.unsafe.ConcurrentCircularArrayQueue: can't find referenced class sun.misc.Unsafe ... Warning: there were 47 unresolved references to classes or interfaces. © Edward Dale, 2017 25

  26. Problem 2 Code references a class not available Symptom:: Build

    failure Warning: rx.internal.util.unsafe.ConcurrentCircularArrayQueue: can't find referenced class sun.misc.Unsafe ... Warning: there were 47 unresolved references to classes or interfaces. Solution: Don't warn about classes unavailable on Android -dontwarn sun.misc.Unsafe © Edward Dale, 2017 26

  27. Problem 3 Adding a new library breaks build Symptom: Build

    failure © Edward Dale, 2017 27

  28. Problem 3 Adding a new library breaks build Symptom: Build

    failure Solution: Google Should only happen with non-Android-specific libraries. Android-specific Libraries can add a ProGuard configuration that should be used. © Edward Dale, 2017 28

  29. The Future we are also working on R8, which is

    a Proguard replacement for whole program minification and optimization3 — James Lau, Product Manager 3 https://android-developers.googleblog.com/2017/08/next-generation-dex-compiler-now-in.html © Edward Dale, 2017 29

  30. The Future • D8 is a dexer that converts java

    byte code to dex code. • R8 is a java program shrinking and minification tool that converts java byte code to optimized dex code. • R8 is a Proguard replacement for whole-program optimization, shrinking and minification. R8 uses the Proguard keep rule format for specifying the entry points for an application. © Edward Dale, 2017 30

  31. Questions? Edward Dale @scompt Freeletics https://www.freeletics.com © Edward Dale, 2017

    31

  32. Citations • http://knowyourmeme.com/memes/yao-ming-face-bitch- please © Edward Dale, 2017 32