In Android Studio, where are the ProGuard mapping files generated after compiling a signed APK?
I'm not sure if it isn't working or if I just forgot the file path, and my compulsory Google/Stack Overflow search did not answer this
It should be located at build/outputs/proguard/release/mapping.txt in your application module's directory.
In the latest version of ProGuard and Android Studio, the file is located at build/outputs/mapping/release/mapping.txt.
For me they are at 'build/outputs/mapping/release'
I found it cleaner to configure proguard to write the mapping.txt file to a location outside of the build/ directory tree, so that it could be more conveniently checked into version control.
To achieve this, put this in your proguard-rules.pro file:
-printmapping mapping.txt
This will (most likely) place it in the same directory as your proguard-rules.pro file. Ultimately, you probably want to write it to the same directory as your APK file and with an equivalent name (which might include flavor, build type etc).
Note: in my experience, this is not overruled by the proguard template file (which was suggested by a commenter to another answer here).
UPDATE: If you have multiple product flavors, then this is a much better solution: https://stackoverflow.com/a/31116608/444761
I found that it was not being generated, so I added this to the rules file
-printmapping build/outputs/mapping/release/mapping.txt
Its quite late to answer this question but just in case someone need my answer.
Location of Mapping file to deobfuscate:
ProGuard saves the file in the app
app/build/outputs/mapping/FLAVOR/release/mapping.txt
Generally in debug mode you don't need the mapping file because there generally obfuscation is disabled.
If it is not that case then make sure in build.gradle file you have below code for debug variant.
debug {
minifyEnabled false
debuggable true
}
Some Gotchas:
mapping.txt file gets overwritten every time you create a release build with ProGuard, so first take backup of that file before creating a new release. It will help to obfuscated stack trace from an older version of your app.
Apart from that there are two ways to obfuscate your code :
1. Upload your mapping.txt file to Google play Console:
When publishing your app on Google Play, you can upload the mapping.txt file for each version of your APK. Then Google Play will deobfuscate incoming stack traces from user-reported issues so you can review them in the Google Play Console.
2. Use local sdk tool retrace.sh/retrace.bat:
Some times you want to run the release version of your app(by changing build variant to release and running it) to cross check and fix the errors so that it does not happens in production ( when released to play-store).
To convert an obfuscated stack-trace to a readable one yourself, use the retrace script (retrace.bat on Windows; retrace.sh on Mac/Linux).
It is located in the <sdk-root>/tools/proguard/bin/ directory.
<sdk-root> is the place where your all android libraries and sdks were installed.
The script takes the mapping.txt file and your stack trace, producing a new, readable stack trace.
Command Syntax:
retrace.bat|retrace.sh [-verbose] mapping.txt [<stacktrace_file>]
For example:
retrace.bat -verbose mapping.txt obfuscated_trace.txt
I prefer local version of obfuscating as is quite handy to pre-check production errors.
I hope it helps.
Here it is in a picture - you will find it in the mapping folder:
I am using version Android Studio 2.2.2. For me it's located in the following locations:
For debug:
\app\build\outputs\mapping\debug\mapping.txt
For release:
\app\build\outputs\mapping\release\mapping.txt
If anyone is still searching for mapping.txt:
minifyEnabled in build.gradle has to be set to true
I'm using Android Studio 4.2 Beta 4 and the standard-setting was false.
If minifyEnable is set to false the build is not "minified", so a mapping-file is of course not necessary, but google-play-console asks for the mapping file anyway.
... Very confusing for a beginner
Because I'm dumb and get lost even when somebody tells me where the file is:
cd StudioProjects/fooProject
find . -name "mapping.txt" | xargs less
Proguard[About] outputs are located
<module_name>/build/outputs/mapping/<buildType>/
//e.g.
/Users/alex/Desktop/MyProject/MyModule/build/outputs/mapping/releasefree
Related
I am trying to obfuscate my simple HelloWorld project (that I just created) with ProGuard.
The configuration files are below.
[project.properties]
proguard.config=${sdk.dir}/tools/proguard/proguard-android.txt:proguard-project.txt
target=android-20
[proguard-project.txt]
Nothing valid. all the lines are commented.
Lastly, I created signed apk file through the menu, File - Export - Export Android Application,
with a new key.
To make sure that the apk is obfuscated properly, I unzip the apk and decompiled classes.dex to view the inner class files. but NOT obfuscated at all. all the function names in MainActivity.java are
still the same.
Anything I missed out?
Thank you.
Look at the "Enabling ProGuard" section at http://developer.android.com/tools/help/proguard.html to see exactly how ProGuard determines which configuration file(s) to use. Look carefully at the different ways to specify the file(s) for Eclipse builds vs. Android Studio (or Gradle) builds. The ProGuard configuration files delivered with the SDK are simple starting points (examples) that almost certainly will not do exactly what you want. You should copy them to an appropriate location and change them as needed for your particular needs.
I have typed proguard.config=proguard.cfg and renamed keepclasseswithmembernames to keepclasseswithmembers and it has successfully exported signed .apk.
How to find out if proguard was successful in obfuscating the code?
Am I missing something or is it good to go to market?
This thread should not be limited to source code suggestions. ANY and ALL suggestions about posting an app to the android market would be appreciated by not only me, but any other nooobs that might be posting their first app to the market and researching this topic on SO.
Look in the proguard folder : You will see files like mapping.txt, dump.txt, usage.txt etc. Also if you look in the logcat you will see that Class names and Method names are obfuscated.
For more details go here.
Another hardcore way will be to use dex2jar and java decompiler to decompile your app and see how much you'll suceed. If obfuscation went well you'll see that it's impossible.
ProGuard will run when you build your app in Release mode. You can tell it successfully obfuscated the code if the following files are generated
dump.txt
mapping.txt
seeds.txt
usage.txt
The location of these files are:
<project_root>/bin/proguard if you are using Ant.
<project_root>/proguard if you are using Eclipse.
For more details and to learn about the contents of these files look at http://developer.android.com/tools/help/proguard.html
Convert apk to jar and extract it. if you see file names are not changed proguard not affect on code
Goodluck
Use this gradle task. This gradle task will allow you to automate the detection of files as mentioned by Binoy Babu and monkybonk05. This needs no visual inspection. Your build will fail if the files don't exist. Generally proguarding in done on the release version of the application
tasks.whenTaskAdded { task ->
if (task.name == 'assembleFlavorRelease') {
task.finalizedBy checkProguardFlavor
}
}
task checkProguardFlavor << {
assert file("./build/outputs/mapping/Flavor/release/dump.txt").exists()
assert file("./build/outputs/mapping/Flavor/release/mapping.txt").exists()
}
I am using IntelliJ IDea 11.1.3 for Android development and I must admit it is a wonderful tool. I have few doubts about how to use Proguard with the IDE.
I have found the option of Run Progaurd under Open Module Settings -> Facets as in the image below
Run Proguard need a location of Config File which is defaulted to proguard-project.txt. Next is a check box which says Include system proguard file.
What System Proguard File is referred to in this checkbox option?
Given all the configuration of Proguard is in proguard-android.txt in Android SDK. How does proguard config works in the IntelliJ Idea?
P.S Any help will be highly appreciated I am trying to understand proguard with IntelliJ for almost a day now and having unsolved problems in another question.
After spending two days trying to work Proguard 4.7 with IntelliJ Idea, I have following points to conclude
It does not make any difference if you uncomment the line proguard.config=${sdk.dir}\tools\proguard\proguard-android.txt:proguard-project.txt in file project.properties.
I not sure if IntelliJ reads the proguard-android.txt file located at android-sdk/tools/proguard
IntelliJ idea reads the file proguard-project.txt files located in the project so suggestion is edit and place all your proguard configuration in this file.
I am still not clear what does Include system proguard file checkbox option do.
As per this google documentation http://developer.android.com/tools/help/proguard.html#enabling-gradle you need to change minifyEnabled false to minifyEnabled true in the projects build.gradle file.
...\app\proguard-rules.pro can be edited to add new rules if you need them. The default rules will probably do all you need, such as protect the names of methods that look like they might be invoked because of a layout xml onClick attribute. The document cited above also contains instructions for more complicated changes.
You will need to keep the mapping.txt file, which can be found under ...\app\build\outputs\mapping\release
My project does not enable proguard when creating it. Therefore I need to manually add proguard and enable it via project.properties.
Is there any way I can know whether my application has been obfuscated or not aside from reverse engineering?
If your application has been obfuscated you will see a new folder called proguard in you project folder.
It should contain four text files: dump, mapping, seeds and usage.
Note that your project will not be obfuscated unless you build it in release mode.
Just for records, if you want to check if your code was really obfuscated, you can generate the APK and analyse it in this webpage: http://www.javadecompilers.com/apktool
You can check using Android Studio as well by generating the APK and later going to Build -> Analyze APK... -> select your APK to analyze.
I hope this help.
I have an Android project that I recently published to the market after running it through obfuscation with ProGuard.
The project exported without any complications, but how do I know it's been obfuscated? Is there anything I could do to verify that obfuscation was successful?
Look for dump.txt, mapping.txt, seeds.txt and usage.txt. They will probably be in a proguard folder at your project directory. These are created when ProGuard is run on your code.
These are filled with information about the obfuscation, especially useful is mapping.txt which shows what ProGuard turned your various member names in to.
Try to reverse engineer your own application. See what you can read in the code.
Use the following questions:
decompiling DEX into Java sourcecode
http://www.taranfx.com/decompile-reverse-engineer-android-apk
DISCALIMER: I am not the owner of decompileandroid.com and I am not paid to promote it. I am a develper, who is satisfied with this service.
There is actually an easier way than acquiring several different tools and passing the output of one of them to the other (this of course gives you a better control of what's going on). You can use the service
decompileandroid.com
Basically you upload and .apk file and it does all of these steps for you.
Then you can download a .zip file, which contains the decompiled sources.
You can first upload your .apk built in debug mode, then upload an .apk built in release mode. Just make sure that the flag minifyEnabled is set to true in your build.gradle file for the release build.
The difference was pretty obvious in my case - most of my classes were named a,b,c, etc in the minified build.