I created two simple java class files and converted in to jar file.
Setup config.pro file
-injars /home/XXXX/lib/XXXX.jar
-outjars /home/XXXX/lib/XXXX-out.jar
-printmapping proguard.map
-libraryjars /usr/lib/jvm/jdk1.7.0_79/jre/lib/rt.jar
-verbose
-keep public class com.XXXX.main.Main
When I run the proguard code using these command
sudo java -jar proguard.jar #config.pro
-keep option file only showing in output jar file. That one also not working. I am newbie to proguard and doing anything wrong ? help me out
Map file output
com.XXXX.main.Main -> com.XXXX.main.Main:
void <init>() -> <init>
In your configuration you only instruct ProGuard to keep your main class, not including any methods that might need to be kept as well.
For a working sample, you need to extend this to the following:
-keep public class com.XXXX.main.Main {
public static void main(java.lang.String[]);
}
Related
I'm obfuscating an executable jar using ProGuard version 5.3.3.
My jar contains other libraries which I do not want to obfuscate or optimize.
This is my ProGuard config:
-libraryjars 'C:\Program Files\Java\jre1.8.0_131\lib\rt.jar'
-injars myjar-debug.jar
-outjars myjar-release.jar
-skipnonpubliclibraryclasses
-dontoptimize
-dontshrink
-useuniqueclassmembernames
-keeppackagenames org.**
-keepattributes Exceptions,InnerClasses,Signature,Deprecated,SourceFile,LineNumberTable,LocalVariable*Table,*Annotation*,Synthetic,EnclosingMethod
-ignorewarnings
-keep class org.** { *; }
-keepclassmembers class org.** { *; }
-dontwarn org.**
-keepclasseswithmembers public class * {
public static void main(java.lang.String[]);
}
-keepclasseswithmembers class * {
native <methods>;
}
-keepclasseswithmembernames class * {
native <methods>;
}
The obfuscation works perfectly fine and there are no errors in executing the jar. However, if I compare the original jar and the obfuscated jar, I can see that ProGuard has modified classes within package org.**. Most of the class files size is more than the original size.
I don't want ProGuard to modify these files at all. How can I completely exclude this package so that the binary of the class files in org.** are exactly same?
I think you need to tweak your jar building process, and obfuscate first then make executable jar.
I am not sure if you are using maven/gradle however this will make your life easy compared to using command line
I am using Eclipse for Mac.
When I want to export a signed apk I get a "Proguard returned with error code 1. See console" error.
I have these 2 files in my project root folder:
"proguard-android.txt" and "project.properties"
Inside project.properties I have:
target=android-17
proguard.config=proguard-project.txt
android.library.reference.1=../google-play-services_lib
android.library.reference.2=../FacebookSDK
Among many other warnings I get when I try to create a signed apk, I get:
com.my.app.va.debug.ConfigureLog4j: can't find referenced class de.mindpipe.android.logging.log4j.LogConfigurator
com.my.app.va.debug.HockeyAppHelper: can't find referenced class net.hockeyapp.android.ExceptionHandler
I already put these lines inside "proguard-android.txt" , but the errors persist:
-keep public class de.mindpipe.android.logging.**
-dontwarn de.mindpipe.android.logging.**
-keep public class net.hockeyapp.**
-dontwarn net.hockeyapp.**
What could I be doing wrong?
UPDATE:
I have changed the filename from "proguard-android.txt" to "proguard-project" and added this to my Proguard, and the "referenced class" error messages are gone:
-dontwarn de.mindpipe.android.**
-keep public class de.mindpipe.android.**
-dontwarn net.hockeyapp.android.**
-keep public class net.hockeyapp.android.**
Neverthless... Is this an actual solution? or, am I just hiding the problem?
Other warnings still persist:
Warning: com.facebook.widget.UserSettingsFragment: can't find referenced method 'android.support.v4.app.FragmentActivity getActivity()' in class com.facebook.widget.UserSettingsFragment
Warning: there were 138 unresolved references to program class members.
The proguard file name should be defined in project.properties if using Eclipse or in build.gradle if using Gradle or Android Studio.
It usually contains proguard.config=${sdk.dir}/tools/proguard/proguard-android.txt:proguard-project.txt.
You should also include the following:
-keep class android.support.v4.app.** { *; }
-keep interface android.support.v4.app.** { *; }
More official info at http://developer.android.com/tools/help/proguard.html.
Some other relevant stackoverflow discussions: How to config my proguard-project.txt file to remove just Logs and How to automatically generate proguard-android.txt?
I'm trying to obfuscate google play services jar with proguard.
I tried two versions of the proguard config file.
First one contains
-keep class ** {
public protected *;
}
And the jar stays not obfuscated. It looks ok.
Second one contains
-keep class com.** {
public protected *;
}
And proguard deletes everithing. I get an error:
Error: The output jar is empty. Did you specify the proper '-keep' options?
Why is it empty, as the main google play services package is com.google.android.gms?
The following ProGuard configuration shrinks the Google Play Services jar, without optimization or obfuscation, keeping only the ads-related API:
-injars android-sdk/extras/google/google_play_services/libproject/google-play-services_lib/libs/google-play-services.jar
-outjars google-play-services-ads.jar
-libraryjars android-sdk/extras/android/support/v4/android-support-v4.jar
-libraryjars android-sdk/platforms/android-20/android.jar
-verbose
-forceprocessing
-dontoptimize
-dontobfuscate
-dontwarn com.google.**.R
-dontwarn com.google.**.R$*
-dontnote
-keep public class com.google.ads.** {
public protected *;
}
-keep public class com.google.android.gms.ads.** {
public protected *;
}
-keep class com.google.android.gms.common.internal.safeparcel.SafeParcelable {
java.lang.String NULL;
}
It reduces the original jar from 2819 classes to 409 classes (2.7M to 476K). I haven't tested the result yet. If any removed classes are accessed by reflection, they need to be kept in the configuration as well.
After exporting signed package from eclipse, application started crashing when one of activities is invoked.
05-30 23:05:43.814: E/AndroidRuntime(11578): FATAL EXCEPTION: main
05-30 23:05:43.814: E/AndroidRuntime(11578): java.lang.NoClassDefFoundError: com.encryptomatic.alockbin.ItemListActivity
I completely excluded that class from obfuscation with all members and I see it listed in seeds.txt .
Only difference from other activities is that this one extends SherlockFragmentActivity.
I excluded dependencies altogether using:
-keep class android.support.v4.app.** { *; }
-keep interface android.support.v4.app.** { *; }
-keep class com.actionbarsherlock.** { *; }
-keep interface com.actionbarsherlock.** { *; }
-keepattributes *Annotation*
What could be wrong here? How can I check if my class really ended in apk?
The quick answer is: ProGuard was unable to detect that the class com.encryptomatic.alockbin.ItemListActivity is used by your code and therefore has removed it. This can happen if it is loaded dynamically or in a different unusual way.
Therefore if you use ProGuard you should simply add the mentioned class as class to "keep":
-keep class com.encryptomatic.alockbin.ItemListActivity { public *; }
Then re-build the APK and try it. Test all features of your app as most likely there are other classes that has to be configured to keep. If you have identified all classes also check the ProGuard warnings as they usually contain other classes that may be wise to keep.
android-support-v4.jar was not set to export under Java Build Path in project properties:
Right click on Project -> Properties -> Java Build Path -> Order and export -> Check checkbox "Android private libraries" (the node where android-support-v4.jar resides on Library tab)
I am trying to obfuscate my GWT (Vaadin) application using Proguard. Ive never obfuscated java code before and this is my first attempt using Proguard.
I have my config file set as follows:
-libraryjars JAVA_HOME\rt.jar
-libraryjars MYPATH\test\WebContent\WEB-INF\lib\appfoundation.jar
-libraryjars MYPATH\test\WebContent\WEB-INF\lib\blackboard-2.1.1.jar
-libraryjars MYPATH\test\WebContent\WEB-INF\lib\cssinject-0.9.jar
-libraryjars MYPATH\test\WebContent\WEB-INF\lib\eclipselink.jar
-libraryjars MYPATH\test\WebContent\WEB-INF\lib\eclipselink-jpa-modelgen_2.0.2.v20100323-r6872.jar
-libraryjars MYPATH\test\WebContent\WEB-INF\lib\gwt-visualization.jar
-libraryjars MYPATH\test\WebContent\WEB-INF\lib\iText-5.0.4.jar
-libraryjars MYPATH\test\WebContent\WEB-INF\lib\javax.persistence_1.0.0.jar
-libraryjars MYPATH\test\WebContent\WEB-INF\lib\javax.persistence_2.0.0.v201002051058.jar
-libraryjars MYPATH\test\WebContent\WEB-INF\lib\vaadin-6.4.4.jar
-libraryjars MYPATH\test\WebContent\WEB-INF\lib\vaadin-calendar-0.5.1.jar
-libraryjars MYPATH\test\WebContent\WEB-INF\lib\vaadin-chameleon-theme-1.0.1.jar
-libraryjars MYPATH\test\WebContent\WEB-INF\lib\VisualizationsForVaadin.jar
-libraryjars "C:\Program Files\eclipse\configuration\com.vaadin.integration.eclipse\download\gwt-dev\2.0.3\gwt-dev.jar"
-libraryjars "C:\Program Files\eclipse\configuration\com.vaadin.integration.eclipse\download\gwt-user\2.0.3\gwt-user.jar"
-injars test.war
-outjar test_after.war
-printseeds
-ignorewarnings
-keep public class TestApplication extends com.vaadin.Application {
public void init();
}
I then execute using the proguard command:
java -jar proguard.jar #test.pro
I dont get any errors with the configuration file but i do receive lots of warnings. The output file is created but im concerned about the warnings. Do i need to specify further jar files in my config file? I have listed all the jars that i am using in my application. Is there anything else i am doing wrong?
Below is a snipped of the last 20~ lines of the command line output
Thanks in advance
S.
Maybe this is library method 'sun.jdbc.odbc.JdbcOdbcStatement { java.sql.Connection getConnection(); }'
Maybe this is library method 'sun.jdbc.odbc.ee.CommonDataSource { java.sql.Connection getConnection(); }'
Maybe this is library method 'sun.jdbc.odbc.ee.ConnectionPoolDataSource {java.sql.Connection getConnection(); }'
Maybe this is library method 'sun.jdbc.odbc.ee.DataSource { java.sql.Connection getConnection(); }'
Maybe this is library method 'sun.jdbc.odbc.ee.PooledConnection { java.sql.Connection getConnection(); }'
Maybe this is library method 'sun.rmi.transport.StreamRemoteCall { sun.rmi.transport.Connection getConnection(); }'
Note: org.eclipse.persistence.sdo.helper.DynamicClassWriter accesses a declared method 'writeReplace()' dynamically
Maybe this is program method 'org.eclipse.persistence.sdo.SDODataObject {java.lang.Object writeReplace(); }'
Maybe this is program method 'org.eclipse.persistence.sdo.helper.ListWrapper { java.lang.Object writeReplace(); }'
Maybe this is library method 'com.sun.corba.se.impl.presentation.rmi.InvocationHandlerFactoryImpl$CustomCompositeInvocationHandlerImpl {
Note: there were 4 unresolved dynamic references to classes or interfaces.
You should check if you need to specify additional program jars.
Note: there were 10 accesses to class members by means of introspection.
You should consider explicitly keeping the mentioned class members
(using '-keep' or '-keepclassmembers').
Warning: there were 3649 unresolved references to classes or interfaces.
You may need to specify additional library jars (using '-libraryjars').
Warning: there were 173 unresolved references to program class members.
Your input classes appear to be inconsistent.
You may need to recompile them and try again.
Alternatively, you may have to specify the option
'-dontskipnonpubliclibraryclassmembers'.
GWT generates code in two parts.
Client side code. This is what runs in your browser and consists of the user interface plus any async calls to the server. While you write Java source it is transformed from the source straight into Javascript. i.e. the GWT compiler doesn't even look at the class files. To obfuscate the generated JS, use the GWT compiler flags (see below)
Server side code. The server code would be the end points your client app calls. e.g. you might invoke GWT RPC calls and have GWT servlets as end point. Obfuscate your web app like you would any other - trial and error through Proguard or similar. Start off with a simple configuration that lightly obfuscates and then proceed from there.
As the GWT client side is generated from Java source code there is no easy way to obfuscate before feeding to GWT. I suppose you could somehow obfuscate through Proguard and then decompile that and feed it to the GWT compiler. It seems like overkill but it may be possible.
The normal way to obfuscate is to specify -style OBF to the GWT compiler. This will thoroughly obfuscate your code. You could probably go further and run it through another JS obfuscator though the law of diminishing returns, bugs etc. applies.
I suggest you understand what gets generated when you supply OBF as the style. It's probably quite sufficient for your purposes. Obviously the more stuff you put on the server side (e.g. security, cookie validation etc.) the less it matters what code is in the client.