I am trying to use Tyrus (org.glassfish.tyrus.bundles:tyrus-standalone-client:1.10) in Android. Here is my proguard related part:
-dontoptimize
-keepparameternames
-keepclassmembers,allowoptimization enum * {
public static **[] values();
public static ** valueOf(java.lang.String);
}
-keep class org.glassfish.tyrus.** { *; }
-keep class org.glassfish.grizzly.** { *; }
-keep class javax.websocket.** { *; }
I make a call to ClientManager connectToServer and this method doesnt return and hangs.But it works if i disable proguard. How can i make it work in Android with proguard?
You need to add following line for the Fragment or Activity that use Tyrus
-keep,includedescriptorclasses class com.package.YourClass$* { *; }
For tyrus you need to add following lines
-keepattributes Signature,InnerClasses,*Annotation*
-keep,includedescriptorclasses class org.glassfish.tyrus.** { *; }
-keep,includedescriptorclasses class org.glassfish.grizzly.** { *; }
-keep,includedescriptorclasses class javax.websocket.** { *; }
By adding these lines, i managed to use Tyrus in Android.
Here is a reference for Tyrus: https://blogs.oracle.com/PavelBucek/entry/reducing_websocket_client_jar_size
Related
I have a library on Kotlin I want to obfuscate almost completely but leave the public classes, properties and methods untouched. Here is an example of one of the public classes I intend to obfuscate:
class SomeClass(val propertyToShow: SomePublicClass, private val propertyToHide: SomeOtherPublicClass) {
fun methodToShow(someArg: SomeArg) {
// Some code
}
private fun methodToHide(someOtherArg: SomeOtherArg) {
// Some more code
}
}
The ProGuard file is based on a typical library ProGuard file and looks like this:
-keepattributes SourceFile,LineNumberTable
-renamesourcefileattribute SourceFile
-dontwarn javax.annotation.**
-keepnames class okhttp3.internal.publicsuffix.PublicSuffixDatabase
-dontwarn org.codehaus.mojo.animal_sniffer.*
-dontwarn okhttp3.internal.platform.ConscryptPlatform
-keepattributes Signature
-keepattributes *Annotation*
-dontwarn sun.misc.**
-keep class com.google.gson.stream.** { *; }
-keep class * implements com.google.gson.TypeAdapterFactory
-keep class * implements com.google.gson.JsonSerializer
-keep class * implements com.google.gson.JsonDeserializer
-keepclassmembers,allowobfuscation class * {
#com.google.gson.annotations.SerializedName <fields>;
}
-keep public class * {
public protected *;
}
-keepclassmembernames class * {
java.lang.Class class$(java.lang.String);
java.lang.Class class$(java.lang.String, boolean);
}
-keepclasseswithmembernames class * {
native <methods>;
}
-keeppackagenames **
-keepattributes Exceptions,InnerClasses,Signature,Deprecated,SourceFile,LineNumberTable,*Annotation*,EnclosingMethod,Synthetic,PermittedSubclasses
-keepparameternames
-renamesourcefileattribute SourceFile
-keepclassmembers class **$WhenMappings {
<fields>;
}
-keep class kotlin.Metadata { *; }
-keep class kotlin.** { *; }
-keep class kotlin.Metadata { *; }
-keep class kotlin.reflect.** { *; }
-dontwarn kotlin.reflect.**
-dontwarn kotlin.**
-keepclassmembers class **$WhenMappings {
<fields>;
}
-keepclassmembers class kotlin.Metadata {
public <methods>;
}
-assumenosideeffects class kotlin.jvm.internal.Intrinsics {
static void checkParameterIsNotNull(java.lang.Object, java.lang.String);
}
-keepclassmembers,allowobfuscation class * {
#javax.inject.* *;
#dagger.* *;
<init>();
}
-keep class javax.inject.** { *; }
-keep class **$$ModuleAdapter
-keep class **$$InjectAdapter
-keep class **$$StaticInjection
-keep class dagger.** { *; }
-keepclassmembers class * extends java.lang.Enum {
public static **[] values();
public static ** valueOf(java.lang.String);
}
-keepclassmembers class * implements java.io.Serializable {
static final long serialVersionUID;
static final java.io.ObjectStreamField[] serialPersistentFields;
private void writeObject(java.io.ObjectOutputStream);
private void readObject(java.io.ObjectInputStream);
java.lang.Object writeReplace();
java.lang.Object readResolve();
}
Running ./gradlew assembleRelease results in .aar file. The SomeClass.class from it looks like this (if we take a look at it via Android Studio)
public final class SomeClass public constructor(propertyToShow: SomePublicClass, propertyToHide: SomeOtherPublicClass) {
public final val propertyToShow: SomePublicClass /* compiled code */
private final val propertyToHide: SomeOtherPublicClass /* compiled code */
public final fun methodToShow(someArg: SomeArg): kotlin.Unit { /* compiled code */ }
private final fun a(someOtherArg: SomeOtherArg): kotlin.Unit { /* compiled code */ }
}
As we can see, the name of the private method has been obfuscated but its argument is not as well as the private property. It doesn’t matter if we obfuscate it with ProGuard or R8, the result is the same.
Is it possible to obfuscate private properties and private methods' arguments for Kotlin source code? Or is it pointless, since it will not interfere with others doing reverse engineering?
So the answer to this question was more or less explained in this article. Basically the issue was that the code was indeed obfuscated properly but there was still Kotlin Metadata and Android Studio was reconstructing the code based on this Metadata.
I'm using the OpenCV library for Android for my app. I use minify and proguard for the release version of my app. This is my proguard-rules.pro:
-dontwarn okio.**
-dontwarn org.joda.convert.**
-dontwarn org.joda.time.**
-keep class org.joda.time.** { *; }
-keep interface org.joda.time.** { *;}
-keep class android.support.v7.widget.** { *; }
-keep class com.crashlytics.** { *; }
-dontwarn com.crashlytics.**
-keepattributes *Annotation*
-keepattributes SourceFile,LineNumberTable
-keep public class * extends java.lang.Exception
-keep class com.theartofdev.edmodo.cropper.*
-ignorewarnings
While using the app as a release version, I sometimes run into this error:
Fatal Exception: java.lang.NoSuchMethodError: no non-static method "Lorg/opencv/core/CvException;.<init>(Ljava/lang/String;)V"
at org.opencv.core.Mat.n_submat(Mat.java)
at org.opencv.core.Mat.submat(Mat.java:839)
at one.realnote.app.ImageAnchor.registerForDetectionAndTraking1(ImageAnchor.java:600)
.
.
.
If I decompile the release apk, I get this as the content of CvException.java:
package org.opencv.core;
public class CvException extends RuntimeException {
private static final long serialVersionUID = 0x1L;
}
which does not have an init method or rather a constructor like the exception says. The correct content of the class should be this:
package org.opencv.core;
public class CvException extends RuntimeException {
private static final long serialVersionUID = 1L;
public CvException(String msg) {
super(msg);
}
#Override
public String toString() {
return "CvException [" + super.toString() + "]";
}
}
So how do I tell my proguard to leave the CvException class or even better all of the OpenCv code just like it is and neither obfuscate nor minify it?
Thanks in advance!
I think that you have to add this line in your proguard file:
-keep class org.opencv.** { *; }
You don't need to obfuscate opencv modules!
I have the following class
class CodeRequest(#JsonProperty("phone") val phoneNumber: String)
When I send request (using retrofit) with an object of this class as body (while minification is not enabled) everything works and request will be send in this form {"phone": "123"}
But enabling minification with the following proguard-rules.pro will result in a {"phoneNumber": "123"} request body.
# Jackson
-keep class com.fasterxml.jackson.databind.ObjectMapper {
public <methods>;
protected <methods>;
}
-keep class com.fasterxml.jackson.databind.ObjectWriter {
public ** writeValueAsString(**);
}
-keep #com.fasterxml.jackson.annotation.* class * { *; }
-keep #com.fasterxml.jackson.annotation.** class * { *; }
-keep class com.fasterxml.** { *; }
-keepattributes *Annotation*,EnclosingMethod,Signature,Exceptions,InnerClasses
-keep class * {
#com.fasterxml.jackson.annotation.* *;
}
-keep class * { #com.fasterxml.jackson.annotation.JsonProperty *;}
# Application classes that will be serialized/deserialized over Jackson
-keepclassmembers class my.application.data.models.** { *; }
-keepclassmembers class my.application.domain.network.rest.** { *; }
What's missing here?
Thank you.
Found solution a couple of minutes after posting the question.
The problem is not with proguard nor jackson, it's that Kotlin erases required data which are stored in kotlin.Metadata.
Adding the following rule to proguard fixed the issue:
-keep class kotlin.Metadata { *; }
i have developed which is working fine at weblogic on managed server and admin server.
then i obfuscate it for security requirement by using eclipse proguard tool.
please look at project.propertis file
proguard.config=${sdk.dir}/tools/proguard/proguard-android.txt:proguard-project.txt
target=android-19
android.library.reference.1=../../../Desktop/XYZ/CaptureActivity
android.library.reference.2=CordovaLib
and proguard-project.text file
-keep public class * extends com.phonegap.api.Plugin
-keep public class * extends org.apache.cordova.api.Plugin
-keep public class org.apache.cordova.DroidGap
-keep public class org.apache.cordova.**
-keep public class org.apache.cordova.camera
-keep public class com.plugin.datepicker.**
-keep public class com.credentek.imagetransfer.**
-keep public class mobi.roshka.cordova.callphone.**
-keep public class org.apache.cordova.dialogs.**
-keep public class de.appplant.cordova.plugin.emailcomposer.**
-keep public class fr.louisbl.cordova.gpslocation.**
-keep public class org.apache.cordova.camera.**
-keep public class com.phonegap.plugins.barcodescanner.**
-keep public class org.apache.cordova.networkinformation.**
-dontwarn android.webkit.*
-dontwarn org.apache.**
-keep public class * extends org.apache.cordova.api.CordovaPlugin
-keep class org.apache.cordova.**
{
*;
}
-keepclassmembers class *
{
#android.webkit.JavascriptInterface <methods>;
}
-keep public class org.apache.commons.** { *; }
after obfuscating application stop working. not even connecting to server.
actually ajax call is not working.
if anybody have some idea please share. thanks...
It would be helpful if you could post any exceptions raised when running your program.
Whenever dealing with Proguard issues, one strategy is to disable optimization and keep everything. Something like this:
-keep class com.** { *; }
-keep class org.** { *; }
-keep class mobi.** { *; }
-keep class fr.** { *; }
-keep class de.** { *; }
-keepattributes '*'
-dontshrink
-dontoptimize
Make the configuration as pessimistic as possible until the configuration allows the app to work. After that, start removing packages from -keep. Also, remove -dontoptimize and -keepattributes, one at a time.
I am trying to enable ProGuard when compiling my Android application.
Below is the ProGuard configuration.
The problem I have is that I get a lot of warnings about duplicate definition (pretty much for all classes, in my app or the basic java classes) and what's worse is that when I make changes in my code, those do not get reflected when I run on the device.
I am compiling (and developing) using IntelliJ IDEA 11.1.5 (and just enable ProGuard in the project structure, I did not set it to use the system proguard configuration).
I saw that other question, but it does not help at all, I don't think my problem is limited to 3rd party libraries, I imagine it's more about setting the right input/output... ?
-injars bin/classes
-outjars bin/classes-processed.jar
-libraryjars /home/matthieu/android/platforms/android-17/android.jar
-dontpreverify
-repackageclasses ''
-allowaccessmodification
-optimizations !code/simplification/arithmetic
-keepattributes *Annotation*,SourceFile,LineNumberTable,*Annotation*
-renamesourcefileattribute SourceFile
-dontwarn java.awt.**,javax.security.**,java.beans.**,com.sun.**
-keep public class my.package.MainMenuActivity
-keep public class * extends android.app.Activity
-keep public class * extends android.app.Application
-keep public class * extends android.app.Service
-keep public class * extends android.content.BroadcastReceiver
-keep public class * extends android.content.ContentProvider
-keep public class * extends android.view.View {
public <init>(android.content.Context);
public <init>(android.content.Context,android.util.AttributeSet);
public <init>(android.content.Context,android.util.AttributeSet,int);
public void set*(...);
}
-keep public class * extends android.view.ViewGroup
-keep public class * extends android.support.v4.app.Fragment
-keep class android.support.v4.app.** { *; }
-keep interface android.support.v4.app.** { *; }
-keep class com.actionbarsherlock.** { *; }
-keep interface com.actionbarsherlock.** { *; }
-keepclasseswithmembers class * {
public <init>(android.content.Context,android.util.AttributeSet);
}
-keepclasseswithmembers class * {
public <init>(android.content.Context,android.util.AttributeSet,int);
}
-keepclassmembers class * extends android.os.Parcelable {
static android.os.Parcelable$Creator CREATOR;
}
-keepclassmembers class **.R$* {
public static <fields>;
}
#ACRA specifics
# keep this class so that logging will show 'ACRA' and not a obfuscated name like 'a'.
# Note: if you are removing log messages elsewhere in this file then this isn't necessary
-keep class org.acra.ACRA {
*;
}
# keep this around for some enums that ACRA needs
-keep class org.acra.ReportingInteractionMode {
*;
}
-keepnames class org.acra.sender.HttpSender$** {
*;
}
-keepnames class org.acra.ReportField {
*;
}
# keep this otherwise it is removed by ProGuard
-keep public class org.acra.ErrorReporter
{
public void addCustomData(java.lang.String,java.lang.String);
public void putCustomData(java.lang.String,java.lang.String);
public void removeCustomData(java.lang.String);
}
# keep this otherwise it is removed by ProGuard
-keep public class org.acra.ErrorReporter
{
public void handleSilentException(java.lang.Throwable);
}
-keepclassmembers enum * {
public static **[] values();
public static ** valueOf(java.lang.String);
}
Assuming you are building with Ant inside IntelliJ IDEA, you mustn't add -injars, -outjars, or -libraryjars options; the Ant script already does that for you. This explains the warnings about duplicates.
Note that it's better to remove the generic part of the configuration in your proguard-project.txt and rely on the configuration of the Android SDK. The latter is partly generated by aapt (tuned for your project) and partly maintained inside the SDK.