Menu
I was asked to crate a simple app for android. The first one in fact that I'll be paid for, so I really don't want to screw it up :). One of the requirements was that the code must be obfuscated.
I learned the general idea of obfuscating, but I don't want to make any silly mistakes.
What precisely do I have to do to make the code obfuscated? Does exporting it as release do the job, or some other steps are required? Any remarks are also appreciated.
PS. I'm using Eclipse if it matters.
EDIT
From the article suggested in the anwsers:
To enable ProGuard so that it runs as part of an Ant or Eclipse build, set the proguard.config property in the /project.properties file. The path can be an absolute path or a path relative to the project's root.
If you left the proguard.cfg file in its default location (the project's root directory), you can specify its location like this:
proguard.config=proguard.cfg
I indeed have the project.properties file in my project's dir. But I don't have the proguard.cfg file. Instead I have the proguard-project.txt file. I guess it's a replacement.
project.properties:
This file is automatically generated by Android Tools. Do not modify this file -- YOUR CHANGES WILL BE ERASED!
This file must be checked in Version Control Systems.
To customize properties used by the Ant build system edit "ant.properties", and override values to adapt the script to your project structure.
To enable ProGuard to shrink and obfuscate your code, uncomment this (available properties: sdk.dir, user.home):
proguard.config=${sdk.dir}\tools\proguard\proguard-android.txt:proguard-project.txt
Project target. target=android-7
Originally everything but the last line is commented out.
In proguard-project.txt everything is commented out.
I guess I'm lost here, so I'd be very thankful If somebody could tell me step by step what I am supposed to do and also how to check if it actually works.
661
Obfuscation means to make something difficult to understand. Programming code is often obfuscated to protect intellectual property or trade secrets, and to prevent an attacker from reverse engineering a proprietary software program. Encrypting some or all of a program's code is one obfuscation method.
Online Javascript Obfuscator makes javascript code harder to read in order to protect it. The tool provides four tools to use. You could compress or format your code, you can also obfuscate your code with eval and decode it. The obfuscated javascript code works well when it is used in your work.
In software development, obfuscation is the deliberate act of creating source or machine code that is difficult for humans to understand. Like obfuscation in natural language, it may use needlessly roundabout expressions to compose statements. Why obfuscate code?
Binary Display -- A obfuscated but useful binary display program. BlackJack -- An obfuscated Blackjack program. Morse Code -- Converts the standard input into morse code. Also, the source is mostly a bunch of DAH DIT DAH ... etc. which spells out a message in morse code.
The article on the official dev site is out of date. Starting with SDK Tools r17 they changed the way the ProGuard configuration works. Basically they split what used to be proguard.cfg into two files (and also simply made them .txt files): proguard-android.txt and proguard-project.txt. proguard-android.txt resides in your {SDK dir}\tools\proguard directory and proguard-project.txt is in each of your project directories.
They split the file so that general configuration/flags that the Android team deems pretty standard will be in the proguard-android.txt file and can be updated (basically silently) with each SDK Tools revision. And then any developer/project specific flags, the developer can add to the proguard-project.txt file.
This is why you noticed everything in your proguard-project.txt file was commented out, because in general most people don't have any project specific needs, they just want to run ProGuard with standard settings and be done with it.
For reference (a very good explanation): http://tools.android.com/recent/proguardimprovements
Step-by-Step (day by day :P)
(Using Eclipse IDE) To enable ProGuard and it's shrinking and obfuscation using only the default settings:
project.properties uncomment the line that says: proguard.config=${sdk.dir}\tools\proguard\proguard-android.txt:proguard-project.txt
If you created the project before r17 then you might not see the same things. If that's the case I suggest you create a new dummy project (after updating SDK Tools) and just copy over the proguard-project.txt and project.properties files.
That's it! ProGuard will now be enabled and it will run, but only on release builds (when you use Android Tools and export a signed/unsigned apk).
When you make a release build you'll notice that a new ProGuard folder will be created in your project folder. Within this folder you find four files with stuff like what classes/methods were kept or removed. Also note that when you obfuscate, you'll also obfuscate your stacktraces in the event of errors.
Edit: (9/4/12) Just wanted to update this answer to reflect changes in Tools r20.
The Android team has now added one additional proguard configuration file. It is proguard-android-optimize.txt and it also resides in the {SDK dir}\tools\proguard directory. This file is the same as the original proguard-android.txt config file, except it has proguard optimization turned on.
This additional file was added for convenience for those who wanted to turn on optimizations (maybe so they can do stuff like strip out Log calls, which requires optimizations be turned on). Now you can simply point to this file instead in your project.properties file like so:
proguard.config=${sdk.dir}\tools\proguard\proguard-android-optimize.txt:proguard-project.txt
As before, don't try to alter any of the proguard-android... config files. Any project specific flags should go in the proguard-project.txt file in your project folder.
177
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
