ProGuard
Tomik
790 views
43 slides
Nov 12, 2015
Slide 1 of 43
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
About This Presentation
Lecture on ProGuard, primarily from the Android perspective. Presented at aDevMeetup #22.
Slide Content
ProGuard
Tomáš Kypta
Tomáš Kypta
ProGuard
•free tool
•shrinker, optimizer, obfuscator
•free tool
•shrinker, optimizer, obfuscator
ProGuard
Configuration
Configuration
•Empty configuration?
•You have to specify '-keep' options for the
shrinking step.
•Empty configuration?
•You have to specify '-keep' options for the
shrinking step.
Configuration
•define entry points
•define entry points
Inputs & Outputs
-injars
-libraryjars
-outjars
-injars
-libraryjars
-outjars
Keep rules
-keep
•keep class and class members
-keepclassmembers
•keep class members if their class is kept
-keepclasseswithmembers
•keep class with members if all the class members
are present
-keep
•keep class and class members
-keepclassmembers
•keep class members if their class is kept
-keepclasseswithmembers
•keep class with members if all the class members
are present
Keep rules
-keepnames
•short for -keep,allowshrinking class_specification
-keepclassmembernames
-keepclasseswithmembernames
-keepnames
•short for -keep,allowshrinking class_specification
-keepclassmembernames
-keepclasseswithmembernames
Keep Attributes
•-keepattributes Signature
•for generics (JDK 5.0 and higher)
•-keepattributes Exceptions
•for exceptions
•-keepattributes Signature
•for generics (JDK 5.0 and higher)
•-keepattributes Exceptions
•for exceptions
Keep Attributes
-keepattributes *Annotation*
*Annotation* =
RuntimeVisibleAnnotations,
RuntimeInvisibleAnnotations,
RuntimeVisibleParameterAnnotations,
RuntimeInvisibleParameterAnnotations,
AnnotationDefault
-keepattributes *Annotation*
*Annotation* =
RuntimeVisibleAnnotations,
RuntimeInvisibleAnnotations,
RuntimeVisibleParameterAnnotations,
RuntimeInvisibleParameterAnnotations,
AnnotationDefault
Keep Attributes
-keepattributes EnclosingMethod
•specified the method in which the class was
defined
-keepattributes InnerClasses
•if you have inner class that can be reference from
outside of the library
-keepattributes EnclosingMethod
•specified the method in which the class was
defined
-keepattributes InnerClasses
•if you have inner class that can be reference from
outside of the library
Other
-keepparameternames
•keeps parameter names in LocalVariableTable
and LocalVariableTypeTable
•might be useful for IDEs
-keepparameternames
•keeps parameter names in LocalVariableTable
and LocalVariableTypeTable
•might be useful for IDEs
Keep Modifiers
allowshrinking
•Specifies whether the entry points specified in the keep tag may
be shrunk.
allowoptimization
•Specifies whether the entry points specified in the keep tag may
be optimized.
allowobfuscation
•Specifies whether the entry points specified in the keep tag may
be obfuscated.
allowshrinking
•Specifies whether the entry points specified in the keep tag may
be shrunk.
allowoptimization
•Specifies whether the entry points specified in the keep tag may
be optimized.
allowobfuscation
•Specifies whether the entry points specified in the keep tag may
be obfuscated.
Output Files
dump.txt
•internal structure of code
mapping.txt
•obfuscation mapping
seeds.txt
•unobfuscated code
usage.txt
•stripped code
dump.txt
•internal structure of code
mapping.txt
•obfuscation mapping
seeds.txt
•unobfuscated code
usage.txt
•stripped code
Notes & Warnings
•Notes
•-dontnote <filter>
•Warnings
•-dontwarn <filter>
•Notes
•-dontnote <filter>
•Warnings
•-dontwarn <filter>
Problems
•Reflection!!!
•missing attributes
•Reflection!!!
•missing attributes
ProGuard & Android
Output files
•created in build/outputs/mapping
•created in build/outputs/mapping
Gradle config
Gradle config
buildTypes {
release {
minifyEnabled true
proguardFiles
getDefaultProguardFile('proguard-android.txt'),
'proguard-rules.pro'
}
}
buildTypes {
release {
minifyEnabled true
proguardFiles
getDefaultProguardFile('proguard-android.txt'),
'proguard-rules.pro'
}
}
Gradle config
buildTypes {
debug {
minifyEnabled true
proguardFiles
getDefaultProguardFile('proguard-android.txt'),
‘proguard-rules.pro ’,
‘proguard-rules-debug.pro'
}
release {
minifyEnabled true
proguardFiles
getDefaultProguardFile('proguard-android.txt'),
'proguard-rules.pro'
}
}
buildTypes {
debug {
minifyEnabled true
proguardFiles
getDefaultProguardFile('proguard-android.txt'),
‘proguard-rules.pro ’,
‘proguard-rules-debug.pro'
}
release {
minifyEnabled true
proguardFiles
getDefaultProguardFile('proguard-android.txt'),
'proguard-rules.pro'
}
}
Gradle config
productFlavors {
flavor1 {
proguardFile
‘proguard-rules-flavor1 .pro'
}
}
productFlavors {
flavor1 {
proguardFile
‘proguard-rules-flavor1 .pro'
}
}
ProGuard & Android
Libraries
Libraries
Gradle config - library
defaultConfig {
consumerProguardFiles ‘proguard-rules-lib.pro’
}
•packed into aar
•proguard.txt
defaultConfig {
consumerProguardFiles ‘proguard-rules-lib.pro’
}
•packed into aar
•proguard.txt
Generated ProGuard config
•build/intermediates/proguard-rules
•components in AndroidManifest.xml
•custom views in layouts
•only when minifyEnabled true
•build/intermediates/proguard-rules
•components in AndroidManifest.xml
•custom views in layouts
•only when minifyEnabled true
Config merging
-printconfiguration configuration.txt
•merging is a bit stupid
-keepattributes
*Annotation*,SourceFile,LineNumberTable,Signature,Excepti
ons,*Annotation*,Exceptions,*Annotation*,Exceptions,*Anno
tation*,Signature,Exceptions,*Annotation*,Exceptions,Sign
ature,*Annotation*,Signature,Exceptions,*Annotation*,Exce
ptions,*Annotation*,Signature,Exceptions,*Annotation*,Sig
nature,Signature,Exceptions,*Annotation*,Signature
-printconfiguration configuration.txt
•merging is a bit stupid
-keepattributes
*Annotation*,SourceFile,LineNumberTable,Signature,Excepti
ons,*Annotation*,Exceptions,*Annotation*,Exceptions,*Anno
tation*,Signature,Exceptions,*Annotation*,Exceptions,Sign
ature,*Annotation*,Signature,Exceptions,*Annotation*,Exce
ptions,*Annotation*,Signature,Exceptions,*Annotation*,Sig
nature,Signature,Exceptions,*Annotation*,Signature
Apk build
•ProGuard output in apk build
•build/intermediates/classes-
proguard/{variant}/classes.jar
•ProGuard output in apk build
•build/intermediates/classes-
proguard/{variant}/classes.jar
Deobfuscation
•ReTrace
•retrace.sh mapping.txt [<stacktrace_file>]
•completeness depends on presence of line
number tables
•-keepattributes SourceFile,LineNumberTable
•ambiguous without these attributes - it will list
all possible original method names
•-renamesourcefileattribute MyApp
•resolve unknown source
•ReTrace
•retrace.sh mapping.txt [<stacktrace_file>]
•completeness depends on presence of line
number tables
•-keepattributes SourceFile,LineNumberTable
•ambiguous without these attributes - it will list
all possible original method names
•-renamesourcefileattribute MyApp
•resolve unknown source
Deobfuscation
Frequent library
configs
configs
Some library configs
•Retrofit
-dontwarn retrofit.**
-keep class retrofit.** { *; }
-keepattributes Signature
-keepattributes Exceptions
•ButterKnife
-keep class butterknife.** { *; }
-dontwarn butterknife.internal.**
-keep class **$$ViewBinder { *; }
-keepclasseswithmembernames class * {
@butterknife.* <fields>;
}
-keepclasseswithmembernames class * {
@butterknife.* <methods>;
}
•Retrofit
-dontwarn retrofit.**
-keep class retrofit.** { *; }
-keepattributes Signature
-keepattributes Exceptions
•ButterKnife
-keep class butterknife.** { *; }
-dontwarn butterknife.internal.**
-keep class **$$ViewBinder { *; }
-keepclasseswithmembernames class * {
@butterknife.* <fields>;
}
-keepclasseswithmembernames class * {
@butterknife.* <methods>;
}
Some library configs
•Otto
-keepattributes *Annotation*
-keepclassmembers class ** {
@com.squareup.otto.Subscribe public *;
@com.squareup.otto.Produce public *;
}
•Otto
-keepattributes *Annotation*
-keepclassmembers class ** {
@com.squareup.otto.Subscribe public *;
@com.squareup.otto.Produce public *;
}
Some library configs
•Dagger 2
•doesn’t require anything
•Rx
•dependency compile 'com.artemzin.rxjava:proguard-
rules:1.0.14.2'
•Dagger 2
•doesn’t require anything
•Rx
•dependency compile 'com.artemzin.rxjava:proguard-
rules:1.0.14.2'
Tips, Tricks & Traps
Tips, Tricks & Traps
•never use
-dontwarn **
-dontnote **
•never use
-dontwarn **
-dontnote **
Tips, Tricks & Traps
•in library projects, in customerProguardFiles don’t
use:
•-printconfiguration configuration.txt
•-dontobfuscate, -dontoptimize, …
•-keepattributes
SourceFile,LineNumberTable, LocalVariableTable,L
ocalVariableTypeTable
•declare the bare minimum
•in library projects, in customerProguardFiles don’t
use:
•-printconfiguration configuration.txt
•-dontobfuscate, -dontoptimize, …
•-keepattributes
SourceFile,LineNumberTable, LocalVariableTable,L
ocalVariableTypeTable
•declare the bare minimum
Tips, Tricks & Traps
-applymapping <file>
•reuse previous mapping
-obfuscationdictionary <file >
•custom dictionary
•you can e.g. use Java keywords there (not that
helpful)
-applymapping <file>
•reuse previous mapping
-obfuscationdictionary <file >
•custom dictionary
•you can e.g. use Java keywords there (not that
helpful)
Tips, Tricks & Traps
-repackageclasses 'com.example.obfuscated '
•in Java there can be a problem when class tries
to load resource in the same directory
-repackageclasses 'com.example.obfuscated '
•in Java there can be a problem when class tries
to load resource in the same directory
DexGuard
•comercial
•extra features
•resource obfuscation
•string encryption
•class encryption
•dex splitting
•native code obfuscation
•comercial
•extra features
•resource obfuscation
•string encryption
•class encryption
•dex splitting
•native code obfuscation
Links
•http://proguard.sourceforge.net/
•https://www.guardsquare.com/dexguard
•http://proguard.sourceforge.net/
•https://www.guardsquare.com/dexguard
Q&A
THE END
Download
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 790
- Slides 43
- Favorites 2
- Age 3683 days
Related Slideshows
1
DTI BPI Pivot Small Business - BUSINESS START UP PLAN
MeljunCortes
39 views
1
CATHOLIC EDUCATIONAL Corporate Responsibilities
MeljunCortes
40 views
11
Karin Schaupp – Evocation; lançamento: 2000
alfeuRIO
39 views
10
Pillars of Biblical Oneness in the Book of Acts
JanParon
33 views
31
7-10. STP + Branding and Product & Services Strategies.pptx
itsyash298
35 views
44
Business Legislation PPT - UNIT 1 jimllpkggg
slogeshk98
38 views