Upgrade to Pro — share decks privately, control downloads, hide ads and more …

ProGuard

 ProGuard

An introduction to how ProGuard works.

Edward Dale

August 31, 2017
Tweet

More Decks by Edward Dale

Other Decks in Technology

Transcript

  1. ProGuard
    Edward Dale
    @scompt
    Freeletics
    https://www.freeletics.com
    August 31, 2017
    © Edward Dale, 2017 1

    View Slide

  2. Agenda
    • Overview
    • Steps
    • Problems
    • Future
    © Edward Dale, 2017 2

    View Slide

  3. Purpose
    ProGuard is the most popular optimizer for Java bytecode. It
    makes your Java and Android applications up to 90% smaller and
    up to 20% faster. ProGuard also provides minimal protection
    against reverse engineering by obfuscating the names of classes,
    fields and methods.
    — https://www.guardsquare.com/en/proguard
    © Edward Dale, 2017 3

    View Slide

  4. Purpose
    ProGuard is the most popular optimizer for Java bytecode. It
    makes your Java and Android applications up to 90% smaller
    and up to 20% faster. ProGuard also provides minimal protection
    against reverse engineering by obfuscating the names of
    classes, fields and methods.
    — https://www.guardsquare.com/en/proguard
    © Edward Dale, 2017 4

    View Slide

  5. Highlights 1
    • ProGuard is a command-line tool with an optional graphical
    user interface.
    • ProGuard is easy to configure. A few intuitive command line
    options or a simple configuration file is all it takes. All
    available options are detailed in the user manual.
    1 https://www.guardsquare.com/en/proguard
    © Edward Dale, 2017 5

    View Slide

  6. Highlights 1 (continued)
    • ProGuard is fast. It processes small Android applications and
    entire run-time libraries in seconds.
    • ProGuard is the default tool in development environments
    like Oracle’s Wireless Toolkit, NetBeans, EclipseME, Intel’s
    TXE SDK and Google’s Android SDK.
    1 https://www.guardsquare.com/en/proguard
    © Edward Dale, 2017 6

    View Slide

  7. Highlights (annotated)
    • ProGuard is easy to configure. A
    few intuitive command line options
    or a simple configuration file is all it
    takes. All available options are
    detailed in the user manual.
    • ProGuard is fast. It processes small
    Android applications and entire run-
    time libraries in seconds.
    © Edward Dale, 2017 7

    View Slide

  8. Steps
    start shrink end
    optimize obfuscate preverify
    © Edward Dale, 2017 8

    View Slide

  9. Shrink Step
    • Enabled by default
    • Disabled with -dontshrink
    • Removes all classes, methods, resources not reachable from
    from an entry point (seeds)
    • Dynamically referenced classes/methods need to be "kept"
    using -keep or -keepclasseswithmembers
    © Edward Dale, 2017 9

    View Slide

  10. Example Class Diagram
    LoginActivity
    UserManager
    UserApi
    FeedActivity
    FeedApi OldUserManager
    OldUserApi
    © Edward Dale, 2017 10

    View Slide

  11. After Shrinking
    • No seeds
    LoginActivity
    UserManager
    UserApi
    FeedActivity
    FeedApi OldUserManager
    OldUserApi
    © Edward Dale, 2017 11

    View Slide

  12. After Shrinking
    • -keep MainActivity
    • -keep SecondActivity
    LoginActivity
    UserManager
    UserApi
    FeedActivity
    FeedApi OldUserManager
    OldUserApi
    © Edward Dale, 2017 12

    View Slide

  13. After Shrinking
    • -keep public class * extends android.app.Activity
    LoginActivity
    UserManager
    UserApi
    FeedActivity
    FeedApi OldUserManager
    OldUserApi
    © Edward Dale, 2017 13

    View Slide

  14. Keep Options
    -keep
    Specifies classes and class members (fields and methods) to be preserved as
    entry points to your code.
    -keepclassmembers
    Specifies class members to be preserved, if their classes are preserved as well.
    -keepclasseswithmembers
    Specifies classes and class members to be preserved, on the condition that all of
    the specified class members are present.
    © Edward Dale, 2017 14

    View Slide

  15. Optimize Step
    • Enabled by default
    • Disabled with -dontoptimize
    • Performs lots of different bytecode-level optimizations to
    the code
    © Edward Dale, 2017 15

    View Slide

  16. Optimize Step
    • -optimizationpasses declares how many times to
    optimize/shrink
    • Freeletics does 5 passes
    © Edward Dale, 2017 16

    View Slide

  17. Optimize Step
    • -optimizations can be used to disable specific
    optimizations
    • Freeletics disables optimizations that cause problems on
    Android
    • More information in $ANDROID_HOME/tools/proguard/
    proguard-android-optimize.txt
    © Edward Dale, 2017 17

    View Slide

  18. Example Optimizations 2
    • Marks methods as final, whenever possible.
    • Removes unused method parameters.
    • Propagates the values of method parameters from method invocations to the
    invoked methods.
    • Propagates the values of method return values from methods to their invocations.
    • Inlines short methods.
    • Inlines methods that are only called once.
    2 https://www.guardsquare.com/en/proguard/manual/optimizations
    © Edward Dale, 2017 18

    View Slide

  19. Obfuscate Step
    • Enabled by default
    • Disabled with -dontobfuscate
    • Classes and class members receive new short random
    names, except for the ones listed by the various
    -keep options
    • Internal attributes that are useful for debugging are
    removed
    © Edward Dale, 2017 19

    View Slide

  20. After Obfuscation
    LoginActivity
    A
    B
    FeedActivity
    C
    OldUserManager
    OldUserApi
    © Edward Dale, 2017 20

    View Slide

  21. Preverification Step
    • Enabled by default
    • Disabled with -dontpreverify
    • When loading class files, the class loader performs some
    sophisticated verification of the byte code.
    • Unnecessary on Android
    © Edward Dale, 2017 21

    View Slide

  22. Problems
    © Edward Dale, 2017 22

    View Slide

  23. Problem 1
    Class is unintentionally removed/obfuscated
    Symptom: Runtime crash
    java.lang.NoClassDefFoundError: Failed resolution of: Lcom/freeletics/LoginActivity;
    © Edward Dale, 2017 23

    View Slide

  24. Problem 1
    Class is unintentionally removed/obfuscated
    Symptom: Runtime crash
    java.lang.NoClassDefFoundError: Failed resolution of: Lcom/freeletics/LoginActivity;
    Solution: Ensure class is kept
    -keep com.freeletics.LoginActivity
    © Edward Dale, 2017 24

    View Slide

  25. Problem 2
    Code references a class not available
    Symptom:: Build failure
    Warning: rx.internal.util.unsafe.ConcurrentCircularArrayQueue: can't find referenced class sun.misc.Unsafe
    ...
    Warning: there were 47 unresolved references to classes or interfaces.
    © Edward Dale, 2017 25

    View Slide

  26. Problem 2
    Code references a class not available
    Symptom:: Build failure
    Warning: rx.internal.util.unsafe.ConcurrentCircularArrayQueue: can't find referenced class sun.misc.Unsafe
    ...
    Warning: there were 47 unresolved references to classes or interfaces.
    Solution: Don't warn about classes unavailable on Android
    -dontwarn sun.misc.Unsafe
    © Edward Dale, 2017 26

    View Slide

  27. Problem 3
    Adding a new library breaks build
    Symptom: Build failure
    © Edward Dale, 2017 27

    View Slide

  28. Problem 3
    Adding a new library breaks build
    Symptom: Build failure
    Solution: Google
    Should only happen with non-Android-specific libraries.
    Android-specific Libraries can add a ProGuard configuration
    that should be used.
    © Edward Dale, 2017 28

    View Slide

  29. The Future
    we are also working on R8, which is a Proguard replacement for
    whole program minification and optimization3
    — James Lau, Product Manager
    3 https://android-developers.googleblog.com/2017/08/next-generation-dex-compiler-now-in.html
    © Edward Dale, 2017 29

    View Slide

  30. The Future
    • D8 is a dexer that converts java byte code to dex code.
    • R8 is a java program shrinking and minification tool that
    converts java byte code to optimized dex code.
    • R8 is a Proguard replacement for whole-program
    optimization, shrinking and minification. R8 uses the
    Proguard keep rule format for specifying the entry points for
    an application.
    © Edward Dale, 2017 30

    View Slide

  31. Questions?
    Edward Dale
    @scompt
    Freeletics
    https://www.freeletics.com
    © Edward Dale, 2017 31

    View Slide

  32. Citations
    • http://knowyourmeme.com/memes/yao-ming-face-bitch-
    please
    © Edward Dale, 2017 32

    View Slide