All,
I'm trying to use proguard to obfuscate .APK file and it seems not working. As Proguard mainly works for Java bytecode, I use dex2jar to convert the apk file to jar file, use Proguard to obfuscate it, and then repackage the output jar into apk. The resulting apk seems problematic. I got a lot of error like Could not read file: Expected chunk of type 0x80003, read 0x6d783f3c. Is there anyway that I can obfuscate the Android bytecode directly on .apk instead of source code? Please help.
Thanks!
You need to use proguard with the proper configuration for android.
There is also a predefined setting for your gradle build file (when using android studio)
android {
...
buildTypes {
release {
minifyEnabled true
proguardFiles getDefaultProguardFile('proguard-android.txt'),
'proguard-rules.pro'
}
}
}
Source: http://developer.android.com/tools/help/proguard.html
Related
I want to optimize my app size.For that,I want to analyze my app with android studio analyze apk tool.But it only show the file size not details report.
Please see https://medium.com/#arungiri.10/managing-application-size-50810d03b16c for detailed info.
Use below lines to enable app shrinking using R8.
buildTypes {
...
release {
...
useProguard false
minifyEnabled true
shrinkResources true
proguardFiles getDefaultProguardFile('proguard-android-optimize.txt'), 'proguard-rules.pro'
...
}
}
where proguard-rules.pro must be written by you based on your app. Generally this file contains lines of code to not obfuscate data / model classes.
Once you do this, a APK will be generated in the output/release directory. Use that APK in APK analyzer tool.
As we can see the data present inside a APK below.
If you click on classes.dex, it would show the classes present inside this dex file.
As you can see, the code is proguarded, you will also get option to add respective mapping.txt file which would help in reverse engineering and see the APK package data.
mapping.txt file is auto-generated and is present under outputs/mapping/release/. Use this to reverse engineer and see the actual class names.
Also, to add proguard rules for data classes, it's easy. Just select the class or package you want to keep from proguarding, right click on it and select "Generate Proguard Keep rule" as shown below.
Proguard rules will be auto generated, copy this and put it in above proguard-rules.pro file.
Hope this answer helps.
in the build.gradle file i set the minifyEnabled to be true as shown in the code below. my question is how can i see the effect of this statement? or in other words, as i am trying to minify the code and obfuscating it,
where can i see the code minified and obfuscated where is the result of this statement.
build.gradle:
buildTypes {
debug {
debuggable true
}
release {
minifyEnabled true
proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.pro'
}
}
The probably easiest way to verify that shrinking and obfuscation has been applied to your project is to check for the existence of the mapping file.
When ProGuard is executed during the android build using gradle, the following files are generated automatically (located in build/outputs/mapping/<buildtype>/):
mapping.txt: contains the mapping from original class / class member names to obfuscated ones
seeds.txt: contains the seeds that were used during shrinking, i.e. the classes / class members specified in -keep rules
usage.txt: contains the removed classes during shrinking
With the presence and contents of these files you can verify that ProGuard was executed correctly.
You can check it in simple way, just extract your apk, decompile .dex files and look at decompile sources.
Obfuscated code should have changed classes, functions, variables names.
Here is insightful post about how to do it.
I am using Android Studio version v2.1.2 and Proguard doesn't work when I try to sign the release build, the build fails dramatically.
According to this link from developer docs Jack does obfuscation automatically.
Handles shrinking, obfuscation, repackaging and multidex Using a
separate package such as ProGuard is no longer necessary.
I had to disable minifyEnabled flag and remove the line where we load proguard file; to get it working, after doing this; I inspected the apk file generated by doing the above and I cannot tell whether Jack really obfuscated and reduced redundant code as the release apk size is same as the debug apk size.
I need to understand how to make obfuscation work with the newer compiler as the documentation doesn't really help.
I am looking forward to understand the following questions.
Does Jack work without Proguard file?
Is there a way to specify Proguard file?
The Jack compiler has its own Shrinker and Obfuscator that re-uses existing Proguard rules (see supported directives).
The configuration should be the same as before, so you need to add the following to your buildType configuration:
minifyEnabled true
proguardFile getDefaultProguardFile('proguard-android.txt')
proguardFile 'your-proguard-file.txt'
I would like to use some xml files as mockups to preview different states of a layout, but I don't want to include it in the apk because thes xml files are only dedicated to preview purposes. I would like to tell gradle which files/directories to ignore for resources.
It would also be useful to easily reduce apk size for low memory devices by using products flavors, in a similar way as this excellent article explains.
Maybe proguard could help?
If you are using the android studio you can add resources by build flavors your want example you can add string resource for debug build only and different string resource for main release build. You just right click add a xml resource choose a resource type and specify the source set.
if you add a layout for debug flavor only and not in main release then everytime you sign an apk the those layout will not be included in apk. Hope it helps :)
We call it "Resource shrinking". All info about it is here.
Look at shrinkResources true. Build system will try to find unused resources files with this flag, and will remove them from the build. You can add it to your debug buildType, and on any build flavor.
android {
...
buildTypes {
release {
minifyEnabled true
shrinkResources true
proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.pro'
}
}
}
ProGuard is not doing a very complete job of obfuscating my Android project. When I decompile my apk at decompileandroid.com I see that it is only changing the name of local temporary variables and nothing else. It is not changing class names, variable names, method names, or anything else.
After reading the manual all of the optional commands seem to be telling it NOT to do something so I am left to think it should obfuscate everything by default.
my build.gradle has the following...
buildTypes {
release {
minifyEnabled false
proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.txt'
}
}
Neither of those two files exist is the project. The project is as it was converted from Eclipse by Android Studio.
What am I missing. Do I need to create those two files and put some proguard parameters in them - if so what. I want maximum obfuscation.
Thanks,
Dean
Set minifyEnabled true in order to turn on code shrinking, and
then shrinkResources true to turn on resource shrinking.
Reference for the quote