Menu
I am trying to obfuscate a spring web application using ProGuard. I want to keep class and method names, especially the ones used as spring beans.
But ProGuard renames local variables to local[class name], for example if I have a User object it renames the local variable to localUser. It also renames method parameters to param[Class name], for example if I have a User parameter the variable name in obfuscated method becomes paramUser. So the obfuscated code becomes pretty readable.
I want to prevent ProGuard using local and param prefixes and class names. For example I want it to use x1 instead of localUser. I checked configuration options but I could not find how to do that.
426
By default, ProGuard obfuscates the code: it assigns new short random names to classes and class members. It removes internal attributes that are only useful for debugging, such as source files names, variable names, and line numbers. Specifies to print the mapping from old names to new names for classes and class members that have been renamed.
Because ProGuard renamed your fields to a and b, everything will seem to work, data will be saved and loaded correctly. However, when you build your app again and release version N+1 of your app, ProGuard might decide to rename your fields to something different, such as c and d.
If you specify a class, without class members, ProGuard only preserves the class and its parameterless constructor as entry points. It may still remove, optimize, or obfuscate its other class members. If you specify a method, ProGuard only preserves the method as an entry point.
By default, ProGuard optimizes all code. It inlines and merges classes and class members, and it optimizes all methods at a bytecode level. Specifies the optimizations to be enabled and disabled, at a more fine-grained level.
ProGuard manual > Troubleshooting > Unexpected observations after processing > Variable names not being obfuscated
If the names of the local variables and parameters in your obfuscated code don't look obfuscated, because they suspiciously resemble the names of their types, it's probably because the decompiler that you are using is coming up with those names. ProGuard's obfuscation step does remove the original names entirely, unless you explicitly keep the LocalVariableTable or LocalVariableTypeTable attributes.
165
The variable x1 isn't giving away any more information than paramUser, given that the viewed code would be:
public void foo(User x1)
{
...
}
Unless your methods are really long, it wouldn't be hard for anyone reading the method to remember that it's a parameter of type User, which is all that paramUser is saying. Yes, there's a bit of a difference in readability but I wouldn't say it's worth worrying about, personally - if someone's investing enough time to decompile your code to start with, a very small difference like that would be unlikely to deter them. If the class names were obfuscated as well, that makes a bigger difference IMO.
27
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
