Upload
tomas-kypta
View
342
Download
2
Embed Size (px)
Citation preview
ProGuardTomáš Kypta
ProGuard
• free tool
• shrinker, optimizer, obfuscator
ProGuard
Configuration
Configuration
• Empty configuration?
• You have to specify '-keep' options for the shrinking step.
Configuration
• define entry points
Inputs & Outputs
-injars
-libraryjars
-outjars
Keep rules-keep
• keep class and class members
-keepclassmembers
• keep class members if their class is kept
-keepclasseswithmembers
• keep class with members if all the class members are present
Keep rules
-keepnames
• short for -keep,allowshrinking class_specification
-keepclassmembernames
-keepclasseswithmembernames
Keep Attributes
• -keepattributes Signature
• for generics (JDK 5.0 and higher)
• -keepattributes Exceptions
• for exceptions
Keep Attributes
-keepattributes *Annotation*
*Annotation* = RuntimeVisibleAnnotations, RuntimeInvisibleAnnotations, RuntimeVisibleParameterAnnotations, RuntimeInvisibleParameterAnnotations, AnnotationDefault
Keep Attributes-keepattributes EnclosingMethod
• specified the method in which the class was defined
-keepattributes InnerClasses
• if you have inner class that can be reference from outside of the library
Other
-keepparameternames
• keeps parameter names in LocalVariableTable and LocalVariableTypeTable
• might be useful for IDEs
Keep Modifiersallowshrinking
• Specifies whether the entry points specified in the keep tag may be shrunk.
allowoptimization
• Specifies whether the entry points specified in the keep tag may be optimized.
allowobfuscation
• Specifies whether the entry points specified in the keep tag may be obfuscated.
Output Filesdump.txt
• internal structure of code
mapping.txt
• obfuscation mapping
seeds.txt
• unobfuscated code
usage.txt
• stripped code
Notes & Warnings
• Notes
• -dontnote <filter>
• Warnings
• -dontwarn <filter>
Problems
• Reflection!!! • missing attributes
ProGuard & Android
Output files
• created in build/outputs/mapping
Gradle config
Gradle config
buildTypes { release { minifyEnabled true proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.pro' } }
Gradle configbuildTypes { debug { minifyEnabled true proguardFiles getDefaultProguardFile('proguard-android.txt'), ‘proguard-rules.pro’, ‘proguard-rules-debug.pro' } release { minifyEnabled true proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.pro' } }
Gradle config
productFlavors { flavor1 { proguardFile ‘proguard-rules-flavor1.pro' } }
ProGuard & Android Libraries
Gradle config - library
defaultConfig { consumerProguardFiles ‘proguard-rules-lib.pro’}
• packed into aar
• proguard.txt
Generated ProGuard config
• build/intermediates/proguard-rules
• components in AndroidManifest.xml
• custom views in layouts
• only when minifyEnabled true
Config merging
-printconfiguration configuration.txt
• merging is a bit stupid
-keepattributes *Annotation*,SourceFile,LineNumberTable,Signature,Exceptions,*Annotation*,Exceptions,*Annotation*,Exceptions,*Annotation*,Signature,Exceptions,*Annotation*,Exceptions,Signature,*Annotation*,Signature,Exceptions,*Annotation*,Exceptions,*Annotation*,Signature,Exceptions,*Annotation*,Signature,Signature,Exceptions,*Annotation*,Signature
Apk build
• ProGuard output in apk build
• build/intermediates/classes-proguard/{variant}/classes.jar
Deobfuscation• ReTrace
• retrace.sh mapping.txt [<stacktrace_file>]
• completeness depends on presence of line number tables • -keepattributes SourceFile,LineNumberTable
• ambiguous without these attributes - it will list all possible original method names
• -renamesourcefileattribute MyApp
• resolve unknown source
Deobfuscation
Frequent library configs
Some library configs• Retrofit
-dontwarn retrofit.** -keep class retrofit.** { *; } -keepattributes Signature -keepattributes Exceptions
• ButterKnife -keep class butterknife.** { *; } -dontwarn butterknife.internal.** -keep class **$$ViewBinder { *; } -keepclasseswithmembernames class * { @butterknife.* <fields>; } -keepclasseswithmembernames class * { @butterknife.* <methods>; }
Some library configs
• Otto -keepattributes *Annotation* -keepclassmembers class ** { @com.squareup.otto.Subscribe public *; @com.squareup.otto.Produce public *; }
Some library configs
• Dagger 2
• doesn’t require anything
• Rx
• dependency compile 'com.artemzin.rxjava:proguard-rules:1.0.14.2'
Tips, Tricks & Traps
Tips, Tricks & Traps
• never use
-dontwarn **
-dontnote **
Tips, Tricks & Traps• in library projects, in customerProguardFiles don’t
use: • -printconfiguration configuration.txt
• -dontobfuscate, -dontoptimize, …
• -keepattributes SourceFile,LineNumberTable,LocalVariableTable,LocalVariableTypeTable
• declare the bare minimum
Tips, Tricks & Traps-applymapping <file>
• reuse previous mapping
-obfuscationdictionary <file>
• custom dictionary
• you can e.g. use Java keywords there (not that helpful)
Tips, Tricks & Traps
-repackageclasses 'com.example.obfuscated'
• in Java there can be a problem when class tries to load resource in the same directory
DexGuard• comercial
• extra features
• resource obfuscation
• string encryption
• class encryption
• dex splitting
• native code obfuscation
Links
• http://proguard.sourceforge.net/
• https://www.guardsquare.com/dexguard
Q&A
THE END