banner
fwrite

fwrite

好好生活
twitter
github
email
Home归档作品集关于

Obfuscation

#Android106
AI Translation
This post is translated from Chinese into English through AI.View Original
AI-generated summary
Java is a cross-platform, interpreted language that compiles source code into bytecode stored in class files. To prevent reverse engineering of this bytecode, Java obfuscators can be used to make the code harder to understand while maintaining its functionality. Obfuscation involves renaming variables, functions, and classes to short identifiers, making the code difficult to read even if decompiled. This process is irreversible and can also reduce the size of compiled files by about 25%, which is beneficial for costly wireless transmissions. The document outlines various syntax options for configuring the obfuscation process, including commands for including files, specifying directories, and preserving certain class members. It also covers options for shrinking, optimizing, and obfuscating code, as well as keeping specific attributes intact. Additionally, it provides information on generated files like mapping.txt, dump.txt, seed.txt, and usage.txt, which help in tracking changes and understanding the structure of the obfuscated code. Common issues and troubleshooting tips related to Proguard, a popular obfuscation tool, are also discussed, including solutions for errors and exceptions that may arise during the obfuscation process. Key points include that reflection, system interfaces, and JNI interfaces cannot be obfuscated.

Obfuscation#

Official Website

Principle#

Java is a cross-platform, interpreted language. Java source code is compiled into intermediate "bytecode" stored in class files. Due to the need for cross-platform compatibility, Java bytecode includes a lot of source code information, such as variable names and method names, and accesses variables and methods through these names. These symbols carry a lot of semantic information and can easily be decompiled back into Java source code. To prevent this phenomenon, we can use a Java obfuscator to obfuscate Java bytecode.

Obfuscation is the process of reorganizing and processing the released program so that the processed code performs the same function as the original code, while the obfuscated code is difficult to decompile. Even if decompilation is successful, it is hard to derive the true semantics of the program. The obfuscated program code still adheres to the original file format and instruction set, and the execution results are the same as before obfuscation. The obfuscator changes all variable, function, and class names in the code to short English letter codes. In the absence of corresponding function names and program comments, even if decompiled, it will be difficult to read. At the same time, obfuscation is irreversible; during the obfuscation process, some non-essential information will be permanently lost, making the program harder to understand.

The role of the obfuscator is not only to protect the code but also to reduce the size of the compiled program. Due to the shortening of variable and function names and the loss of some information mentioned above, the size of the compiled jar file can be reduced by about 25%, which is significant for the currently expensive wireless network transmission.

Syntax#


-include {filename}    Read configuration parameters from the given file 
-basedirectory {directoryname}    Specify the base directory for subsequent relative file names 
-injars {class_path}    Specify the application jars, wars, ears, and directories to be processed 
-outjars {class_path}    Specify the names of the jars, wars, ears, and directories to output after processing 
-libraryjars {classpath}    Specify the library files needed for the application jars, wars, ears, and directories to be processed 
-dontskipnonpubliclibraryclasses    Specify not to ignore non-public library classes. 
-dontskipnonpubliclibraryclassmembers    Specify not to ignore package-visible library class members.

Keep options 
-keep {Modifier} {class_specification}    Protect the specified class files and class members 
-keepclassmembers {modifier} {class_specification}    Protect the members of the specified class; if this class is protected, they will be better protected
-keepclasseswithmembers {class_specification}    Protect the specified class and class members, provided that all specified classes and class members exist. 
-keepnames {class_specification}    Protect the names of the specified classes and class members (if they are not removed in the shrinking step) 
-keepclassmembernames {class_specification}    Protect the names of the members of the specified class (if they are not removed in the shrinking step) 
-keepclasseswithmembernames {class_specification}    Protect the names of the specified classes and class members if all specified class members are present (after the shrinking step) 
-printseeds {filename}    List the classes and class members -keep options in a file output to the given file 

Shrinking 
-dontshrink    Do not shrink the input class files 
-printusage {filename} 
-whyareyoukeeping {class_specification}     

Optimization 
-dontoptimize    Do not optimize the input class files 
-assumenosideeffects {class_specification}    Assume that the specified methods have no side effects during optimization 
-allowaccessmodification    Allow access and modification of classes and class members with modifiers during optimization 

Obfuscation 
-dontobfuscate    Do not obfuscate the input class files 
-printmapping {filename} 
-applymapping {filename}    Reuse mapping to increase obfuscation 
-obfuscationdictionary {filename}    Use keywords from the given file as names for obfuscated methods 
-overloadaggressively    Apply intrusive overloading during obfuscation 
-useuniqueclassmembernames    Determine uniform obfuscation class member names to increase obfuscation 
-flattenpackagehierarchy {package_name}    Repackage all renamed packages into a single given package 
-repackageclass {package_name}    Repackage all renamed class files into a single given package 
-dontusemixedcaseclassnames    Do not produce mixed-case class names during obfuscation 
-keepattributes {attribute_name,...}    Protect the given optional attributes, such as LineNumberTable, LocalVariableTable, SourceFile, Deprecated, Synthetic, Signature, and InnerClasses. 
-renamesourcefileattribute {string}    Set the given string constant in the source file

Files#

mapping.txt

A reference table of the code before and after obfuscation, used for log tracing, decompilation, etc.

dump.txt

Describes the internal structure of all class files within the apk

seed.txt

Lists the classes and members that have not been obfuscated

usage.txt

Lists the code that has been removed from the source code and does not exist in the apk

Frequently Asked Questions#

  1. Proguard returned with error code

  • Update the proguard version

  • Do not obfuscate android-support-v4

  • Add the missing corresponding libraries

  1. When using the gson package to parse data, a missing type parameter exception occurs
  • Add to proguard.cfg

-dontobfuscate
-dontoptimize

  • Add to proguard.cfg
# removes such information by default, so configure it to keep all of it.         
-keepattributes Signature         
# Gson specific classes        
-keep class sun.misc.Unsafe { *; }                          
#-keep class com.google.gson.stream.** { *; }   
# Application classes that will be serialized/deserialized over Gson                           
-keep class com.google.gson.examples.android.model.** { *; }
  1. Type conversion error

-keepattributes Signature

  1. Null pointer exception

Obfuscation filtered out related classes and methods

  1. java.lang.NoSuchMethodError

No related method, the method has been obfuscated; filtering out related methods will suffice

Bug tracing: http://proguard.sourceforge.net/index.html#manual/troubleshooting.html

Note#

  • Reflection cannot be obfuscated
  • System interfaces cannot be obfuscated
  • JNI interfaces cannot be obfuscated
  • There are also some special cases that require customization
Loading...
Ownership of this post data is guaranteed by blockchain and smart contracts to the creator alone.