ansaurus

Question

Answer 1

+1 A:

You only need to obfuscate the other libraries in the case where you need to protect them against whatever you think obfuscation is doing for your code. However you should read the licences for those other libraries to see whether they restrict you from distributing modified versions.

Paul Clapham 2010-01-23 18:12:08

+1 for advising me to check those licenses of those libraries.

Yatendra Goel 2010-01-23 18:14:10

Answer 2

+7 A:

"I checked out [the Proguard] website but it contains a lot of material to read."

Seriously, you're asking a question here because you can't be bothered reading the manual or searching for examples?

Q2: Don't obfuscate libraries.

Q4: You need the mapping table for when you're trying to decipher a stack trace.

Christopher 2010-01-23 18:19:18

@Christopher... I didn't ask you to read that manual... That question was for those persons who already know how to deal with ProGuard.

Yatendra Goel 2010-01-23 18:23:47

I never said you did. I know how to use ProGuard -- because I *have* read the manual.

Christopher 2010-01-23 18:26:16

So keep your knowledge with you... :)

Yatendra Goel 2010-01-23 18:29:42

I think I should also give you a Nobel Prize for you have read that manual :)

Yatendra Goel 2010-01-23 18:30:25

Oh come on. Seriously you couldn't click Manual > Examples, then read the *very first item*?

Christopher 2010-01-23 18:40:33

Oh.. really ... now you have got time to share your knowledge and telling me how to find that example :)Keep your knowledge in safe. You will get reward acc. to the amount of knowledge you have kept secret with you.Please don't bother to tell me that. Just search other questions on SO to down vote them and fill useless comments and answers.:)

Yatendra Goel 2010-01-23 18:54:23

You're right.. I'm not sharing my knowledge, I'm sharing common sense instead. There is no reason for us to **duplicate** the already-comprehensive ProGuard manual and examples by repeating them on here. If you had actually made an effort and had a problem, then I and others would be happy to help you solve it -- that's why we are on this site. But if you can't be bothered to even read **the basics** why should we waste our time to help the lazy?

Christopher 2010-01-23 19:05:11

{...why should we waste our time...} I didn't aware of the fact that positing such useless answers and comments don't waste our time...:)

Yatendra Goel 2010-01-23 19:11:39

Clearly neither of us want to spend more time on this. **Please** just take a moment to read the comments on your question and understand **why** so many people have voted negatively or made comments similar to mine. We *are* all here to help, but you have to try things for yourself. If you can better appreciate how this site works and put some effort into your problems first, it *will* cut down on wasted time for everyone and increases the quality of answers we all get to share here on Stack Overflow.

Christopher 2010-01-23 20:27:23

Answer 3

+1 A:

regarding Q4: The mapping is used when users send you bug reports that contain exception stacktraces from the obfuscated code. ProGuard allows you to translate these stacktraces back to the original class names and line numbers if you have the mapping.

x4u 2010-01-23 18:20:36

Answer 4

+1 A:

Just answering Q4…

There is a good reason to keep the mapping. If the client ever sends you a stacktrace, it can be very useful to know where in the code that stacktrace came from. The purpose of an obfuscator is to get rid of that information ;-) By keeping the mapping, you enable the conversion of the stacktrace into where the problem occurred in the original code.

Paul Wagland 2010-01-23 18:20:49

+1 for your answer...

Yatendra Goel 2010-01-23 18:22:53

Answer 5

+1 A:

I can answer question 4. You should retain it for debugging. Say you have a bug in function "printTheAlphabet()" on line 23, after obfuscating the stack trace might say something like "Error in j6z9r() on line 27" which makes it pretty impossible to locate the error in your source code.

ZoFreX 2010-01-23 18:22:03

Answer 6

+1 A:

Q1. So could anyone tell me please some simple obfuscators or some simple steps to use proguard so that I can just input "abc.jar" and it outputs "obfuscate_abc.jar" or something simple like that.

Just go for ProGard, it's definitely a good tool (recommended in many answers here on SO like this one, this one and this one).

Q2. One more thing, as my java program uses external libraries, so should i need to obfuscate those libraries too?

No need IMHO (not even mentioning that you may not).

Q3. Is there any eclipse or netbeans plugin availabe to this obfuscation?

I'd rather suggest to use the Ant Task or the proguard-maven-plugin. See this question about the maven plugin if required.

Q4. So, one more question is Why do we need to keep that mapping-table with us. We can simply retain a copy of un-obfuscated application so as to make changes in that (if required in future). Is there any reason to retain that mapping-table file with us?

Yes, to "translate" stacktrace.

Pascal Thivent 2010-01-23 18:28:17

I got all of my answers in a simple and clear way from you. Thanks

Yatendra Goel 2010-01-23 18:32:05

and accepted another answer instead :(

KevinDTimm 2010-01-26 14:36:04

Answer 7

+1 A:

I tried this from scratch. It should get you started. I think the key will be to understand the "keep options" in the configuration file.

Using this code:

import java.util.*;

public class Example {

    public static void main(String... args) {
        Example ex = new Example();
        ex.go();
    }

    public void go() {
        String[] strings = { "abc", "def", "ijk" };
        for (String s : strings) {
            System.out.println(s);
        }
    }

}

I created an Example.jar. I copied the proguard.jar from the ProGuard lib directory, and ran this command-line

java -jar proguard.jar @myconfig.pro

where myconfig.pro contains:

-injars Example.jar
-outjars ExampleOut.jar
-libraryjars <java.home>/lib/rt.jar

-keep public class Example {
    public static void main(java.lang.String[]);
}

This produces ExampleOut.jar which contains the same functionality and is obfuscated (verified with JAD). Note that I did not use a manifest, so to test functionality, I unjarred and tested the class. Execution entry-points within jars are left to the reader.

There are many more keep options listed in the Usage section.

Michael Easter 2010-01-23 18:46:09

It is showing that <b>Warning: scraper.Main: can't find referenced class com.gargoylesoftware.htmlunit.html.HtmlTableCell</b> means it can't find the com.garg... lib but it it there in the same folder. Should I need to mention the external libraries too in the .pro file

Yatendra Goel 2010-01-23 19:19:19

Answer 8

A:

I have had a quick look at yGuard before and liked the fact that you could integrate the obfuscation steps into an Ant script. This allows you to use it very easily in Eclipse etc if you want.

The documentation it comes with provide a number of ready made Ant scripts to get you started. These just need to be modified to work with your projects layout, ie setting the correct package names etc.

If your not clear on how to get Ant going in Eclipse, you pretty much just need to add a build.xml file to the project, copy the example script that comes with yGuard into it, modify the script to work with your project and run the yGuard task from the Ant view.

With regards to your mapping table question. The only reason I can think you might need something like this would be if you can't replicate a bug your obfuscated jar exhibits, from your original code. At this point you might need to work with the obfuscated version, maybe to determine if the obfuscation has caused a problem.

Binary Nerd 2010-01-23 19:01:19

ansaurus

tags:

views:

answers:

How to obfuscate java code quickly?

related questions