Upgrade to Pro — share decks privately, control downloads, hide ads and more …

ProGuard

 ProGuard

Lecture on ProGuard, primarily from the Android perspective. Presented at aDevMeetup #22.

Tomáš Kypta

November 11, 2015
Tweet

More Decks by Tomáš Kypta

Other Decks in Technology

Transcript

  1. Keep rules -keep • keep class and class members -keepclassmembers

    • keep class members if their class is kept -keepclasseswithmembers • keep class with members if all the class members are present
  2. Keep Attributes • -keepattributes Signature • for generics (JDK 5.0

    and higher) • -keepattributes Exceptions • for exceptions
  3. Keep Attributes -keepattributes EnclosingMethod • specified the method in which

    the class was defined -keepattributes InnerClasses • if you have inner class that can be reference from outside of the library
  4. Keep Modifiers allowshrinking • Specifies whether the entry points specified

    in the keep tag may be shrunk. allowoptimization • Specifies whether the entry points specified in the keep tag may be optimized. allowobfuscation • Specifies whether the entry points specified in the keep tag may be obfuscated.
  5. Output Files dump.txt • internal structure of code mapping.txt •

    obfuscation mapping seeds.txt • unobfuscated code usage.txt • stripped code
  6. Gradle config buildTypes {
 debug {
 minifyEnabled true
 proguardFiles getDefaultProguardFile('proguard-android.txt'),

    ‘proguard-rules.pro’, ‘proguard-rules-debug.pro'
 } release {
 minifyEnabled true
 proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.pro'
 }
 }
  7. Config merging -printconfiguration configuration.txt • merging is a bit stupid

    -keepattributes *Annotation*,SourceFile,LineNumberTable,Signature,Excepti ons,*Annotation*,Exceptions,*Annotation*,Exceptions,*Anno tation*,Signature,Exceptions,*Annotation*,Exceptions,Sign ature,*Annotation*,Signature,Exceptions,*Annotation*,Exce ptions,*Annotation*,Signature,Exceptions,*Annotation*,Sig nature,Signature,Exceptions,*Annotation*,Signature
  8. Deobfuscation • ReTrace • retrace.sh mapping.txt [<stacktrace_file>] • completeness depends

    on presence of line number tables • -keepattributes SourceFile,LineNumberTable • ambiguous without these attributes - it will list all possible original method names • -renamesourcefileattribute MyApp • resolve unknown source
  9. Some library configs • Retrofit -dontwarn retrofit.** -keep class retrofit.**

    { *; } -keepattributes Signature -keepattributes Exceptions • ButterKnife -keep class butterknife.** { *; } -dontwarn butterknife.internal.** -keep class **$$ViewBinder { *; } -keepclasseswithmembernames class * { @butterknife.* <fields>; } -keepclasseswithmembernames class * { @butterknife.* <methods>; }
  10. Some library configs • Otto -keepattributes *Annotation* -keepclassmembers class **

    { @com.squareup.otto.Subscribe public *; @com.squareup.otto.Produce public *; }
  11. Some library configs • Dagger 2 • doesn’t require anything

    • Rx • dependency compile 'com.artemzin.rxjava:proguard- rules:1.0.14.2'
  12. Tips, Tricks & Traps • in library projects, in customerProguardFiles

    don’t use: • -printconfiguration configuration.txt • -dontobfuscate, -dontoptimize, … • -keepattributes SourceFile,LineNumberTable,LocalVariableTable,L ocalVariableTypeTable • declare the bare minimum
  13. Tips, Tricks & Traps -applymapping <file> • reuse previous mapping

    -obfuscationdictionary <file> • custom dictionary • you can e.g. use Java keywords there (not that helpful)
  14. Tips, Tricks & Traps -repackageclasses 'com.example.obfuscated' • in Java there

    can be a problem when class tries to load resource in the same directory
  15. DexGuard • comercial • extra features • resource obfuscation •

    string encryption • class encryption • dex splitting • native code obfuscation
  16. Q&A