owf12/paug conf days pro guard optimizer and obfuscator for android, eric lafortune, ceo at saikoa
DESCRIPTION
TRANSCRIPT
![Page 1: OWF12/PAUG Conf Days Pro guard optimizer and obfuscator for android, eric lafortune, ceo at saikoa](https://reader033.vdocuments.mx/reader033/viewer/2022051818/54ba70ca4a7959f20e8b45d0/html5/thumbnails/1.jpg)
ProGuardOptimizer and Obfuscator for Android
Eric LafortuneSaikoa
![Page 2: OWF12/PAUG Conf Days Pro guard optimizer and obfuscator for android, eric lafortune, ceo at saikoa](https://reader033.vdocuments.mx/reader033/viewer/2022051818/54ba70ca4a7959f20e8b45d0/html5/thumbnails/2.jpg)
Eric Lafortune
● 1991 – 1996 K.U.Leuven (Belgium), Phd Eng CompSci
● 1996 – 1999 Cornell University (Ithaca, NY)
● 1999 – 2011 Java GIS
● 2012 Founder Saikoa
Maybe more importantly:
● 1982 TMS-9900 processor
● 1995 ARM2/ARM3 processor
● 2001 Java bytecode
● 2010 Dalvik bytecode
![Page 3: OWF12/PAUG Conf Days Pro guard optimizer and obfuscator for android, eric lafortune, ceo at saikoa](https://reader033.vdocuments.mx/reader033/viewer/2022051818/54ba70ca4a7959f20e8b45d0/html5/thumbnails/3.jpg)
ProGuard
Open source
Generic
ShrinkerOptimizer
Obfuscator
For Java bytecode
![Page 4: OWF12/PAUG Conf Days Pro guard optimizer and obfuscator for android, eric lafortune, ceo at saikoa](https://reader033.vdocuments.mx/reader033/viewer/2022051818/54ba70ca4a7959f20e8b45d0/html5/thumbnails/4.jpg)
ProGuard historyJava applications
Applets
2002
Midlets
2010 2012
Android apps
● May 2002 First download!
● Sep 2010 Recommended for protecting LVL
● Dec 2010 Part of Android SDK
● Jan 2012 Startup Saikoa
![Page 5: OWF12/PAUG Conf Days Pro guard optimizer and obfuscator for android, eric lafortune, ceo at saikoa](https://reader033.vdocuments.mx/reader033/viewer/2022051818/54ba70ca4a7959f20e8b45d0/html5/thumbnails/5.jpg)
Why use ProGuard?
● Application size
● Performance
● Remove logging, debugging, testing code
● Battery life
● Protection
![Page 6: OWF12/PAUG Conf Days Pro guard optimizer and obfuscator for android, eric lafortune, ceo at saikoa](https://reader033.vdocuments.mx/reader033/viewer/2022051818/54ba70ca4a7959f20e8b45d0/html5/thumbnails/6.jpg)
Application size
classes.dex size .apk size
Without ProGuard
With ProGuard
ReductionWithout
ProGuardWith
ProGuardReduction
ApiDemos 716 K 482 K 33% 2.6 M 2.5 M 4%
ApiDemosin Scala*
~6 M 542 K ~90% ~8 M 2.5 M ~70%
* [Stéphane Micheloud, http://lampwww.epfl.ch/~michelou/android/library-code-shrinking.html]
![Page 7: OWF12/PAUG Conf Days Pro guard optimizer and obfuscator for android, eric lafortune, ceo at saikoa](https://reader033.vdocuments.mx/reader033/viewer/2022051818/54ba70ca4a7959f20e8b45d0/html5/thumbnails/7.jpg)
Performance: CaffeineMark
Without ProGuard
Sieve score = 6833
Loop score = 14831
Logic score = 19038
String score = 7694
Float score = 6425
Method score = 4850
Overall score = 8794
With ProGuard
Sieve score = 6666
Loop score = 15473
Logic score = 47840
String score = 7717
Float score = 6488
Method score = 5229
Overall score = 10436
Improvement: 18%
[Acer Iconia Tab A500, nVidia Tegra 2, 1.0 GHz, Android 3.2.1]
![Page 8: OWF12/PAUG Conf Days Pro guard optimizer and obfuscator for android, eric lafortune, ceo at saikoa](https://reader033.vdocuments.mx/reader033/viewer/2022051818/54ba70ca4a7959f20e8b45d0/html5/thumbnails/8.jpg)
Battery life
Extreme example:
“5 x better battery life,by removing verbose logging code
in a background service”
(but don't count on it)
![Page 9: OWF12/PAUG Conf Days Pro guard optimizer and obfuscator for android, eric lafortune, ceo at saikoa](https://reader033.vdocuments.mx/reader033/viewer/2022051818/54ba70ca4a7959f20e8b45d0/html5/thumbnails/9.jpg)
How to enable ProGuard?
project.properties:
→ only applied when building release versions
# To enable ProGuard to shrink and obfuscate your code, uncomment this#proguard.config= ${sdk.dir}/tools/proguard/proguard-android.txt: proguard-project.txt
Tip
![Page 10: OWF12/PAUG Conf Days Pro guard optimizer and obfuscator for android, eric lafortune, ceo at saikoa](https://reader033.vdocuments.mx/reader033/viewer/2022051818/54ba70ca4a7959f20e8b45d0/html5/thumbnails/10.jpg)
Build process[A
ndro
id d
ocu
men
tation] ProGuardProGuard
![Page 11: OWF12/PAUG Conf Days Pro guard optimizer and obfuscator for android, eric lafortune, ceo at saikoa](https://reader033.vdocuments.mx/reader033/viewer/2022051818/54ba70ca4a7959f20e8b45d0/html5/thumbnails/11.jpg)
Shrinking
Also called treeshaking, minimizing, shrouding
![Page 12: OWF12/PAUG Conf Days Pro guard optimizer and obfuscator for android, eric lafortune, ceo at saikoa](https://reader033.vdocuments.mx/reader033/viewer/2022051818/54ba70ca4a7959f20e8b45d0/html5/thumbnails/12.jpg)
Shrinking
● Classes, fields, methods
![Page 13: OWF12/PAUG Conf Days Pro guard optimizer and obfuscator for android, eric lafortune, ceo at saikoa](https://reader033.vdocuments.mx/reader033/viewer/2022051818/54ba70ca4a7959f20e8b45d0/html5/thumbnails/13.jpg)
Entry points
1) Activities, applications, services, fragments,...
→ provided automatically by Android build process
-keep public class * extends android.app.Activity-keep public class * extends android.app.Application-keep public class * extends android.app.Service…
![Page 14: OWF12/PAUG Conf Days Pro guard optimizer and obfuscator for android, eric lafortune, ceo at saikoa](https://reader033.vdocuments.mx/reader033/viewer/2022051818/54ba70ca4a7959f20e8b45d0/html5/thumbnails/14.jpg)
Entry points
2) Introspection, e.g. Google License Verification Library
→ must be specified in proguard-project.txt
-keep public interface com.android.vending.licensing.ILicensingService
Tip
![Page 15: OWF12/PAUG Conf Days Pro guard optimizer and obfuscator for android, eric lafortune, ceo at saikoa](https://reader033.vdocuments.mx/reader033/viewer/2022051818/54ba70ca4a7959f20e8b45d0/html5/thumbnails/15.jpg)
Entry points
More introspection, e.g. Google vending library
→ must be specified in proguard-project.txt
-keepclassmembers public class com.google.android.vending.expansion.downloader.impl.DownloadsDB$* { public static final java.lang.String[][] SCHEMA; public static final java.lang.String TABLE_NAME;}
![Page 16: OWF12/PAUG Conf Days Pro guard optimizer and obfuscator for android, eric lafortune, ceo at saikoa](https://reader033.vdocuments.mx/reader033/viewer/2022051818/54ba70ca4a7959f20e8b45d0/html5/thumbnails/16.jpg)
Entry points
More introspection, e.g. Guice, RoboGuice
→ must be specified in proguard-project.txt:
-keepclassmembers class * { @javax.inject.** <fields>; @com.google.inject.** <fields>; @roboguice.** <fields>; @roboguice.event.Observes <methods>;}
![Page 17: OWF12/PAUG Conf Days Pro guard optimizer and obfuscator for android, eric lafortune, ceo at saikoa](https://reader033.vdocuments.mx/reader033/viewer/2022051818/54ba70ca4a7959f20e8b45d0/html5/thumbnails/17.jpg)
Notes and warnings
“Closed-world assumption”
→ if debug build works fine,then ok to ignore in proguard-project.txt:
Warning: com.dropbox.client2.DropboxAPI: can't find referenced class org.json.simple.JSONArray
dontwarn twitter4j.internal.logging.**dontwarn com.dropbox.client2.**
Warning: twitter4j.internal.logging.Log4JLoggerFactory: can't find referenced class org.apache.log4j.LoggerWarning: twitter4j.internal.logging.SLF4JLoggerFactory: can't find referenced class org.slf4j.LoggerFactory...
Tip
![Page 18: OWF12/PAUG Conf Days Pro guard optimizer and obfuscator for android, eric lafortune, ceo at saikoa](https://reader033.vdocuments.mx/reader033/viewer/2022051818/54ba70ca4a7959f20e8b45d0/html5/thumbnails/18.jpg)
Optimization
At the bytecode instruction level:
● Dead code elimination
● Constant propagation
● Method inlining
● Class merging
● Remove logging code
● Peephole optimizations
● Devirtualization
● ...
![Page 19: OWF12/PAUG Conf Days Pro guard optimizer and obfuscator for android, eric lafortune, ceo at saikoa](https://reader033.vdocuments.mx/reader033/viewer/2022051818/54ba70ca4a7959f20e8b45d0/html5/thumbnails/19.jpg)
Dead code elimination
boolean debug = false;…
if (debug) Log.v(“.....”);…
Note: showing equivalent source code instead of bytecode
![Page 20: OWF12/PAUG Conf Days Pro guard optimizer and obfuscator for android, eric lafortune, ceo at saikoa](https://reader033.vdocuments.mx/reader033/viewer/2022051818/54ba70ca4a7959f20e8b45d0/html5/thumbnails/20.jpg)
Dead code elimination
boolean debug = false;…
if (debug) Log.v(“.....”);…
Note: showing equivalent source code instead of bytecode
![Page 21: OWF12/PAUG Conf Days Pro guard optimizer and obfuscator for android, eric lafortune, ceo at saikoa](https://reader033.vdocuments.mx/reader033/viewer/2022051818/54ba70ca4a7959f20e8b45d0/html5/thumbnails/21.jpg)
Constant propagation
Inside methods:
int f1 = 6;…int f2 = 7;…int answer = f1 * f2;
![Page 22: OWF12/PAUG Conf Days Pro guard optimizer and obfuscator for android, eric lafortune, ceo at saikoa](https://reader033.vdocuments.mx/reader033/viewer/2022051818/54ba70ca4a7959f20e8b45d0/html5/thumbnails/22.jpg)
Constant propagation
Inside methods:
int f1 = 6;…int f2 = 7;…int answer = f1 * f2;
…int answer = 6 * 7;
![Page 23: OWF12/PAUG Conf Days Pro guard optimizer and obfuscator for android, eric lafortune, ceo at saikoa](https://reader033.vdocuments.mx/reader033/viewer/2022051818/54ba70ca4a7959f20e8b45d0/html5/thumbnails/23.jpg)
Constant propagation
Inside methods:
int f1 = 6;…int f2 = 7;…int answer = f1 * f2;
…int answer = 6 * 7;
…int answer = 42;
![Page 24: OWF12/PAUG Conf Days Pro guard optimizer and obfuscator for android, eric lafortune, ceo at saikoa](https://reader033.vdocuments.mx/reader033/viewer/2022051818/54ba70ca4a7959f20e8b45d0/html5/thumbnails/24.jpg)
Constant propagation
Across methods:
int answer = computeAnswer(6, 7);
int computeAnswer(int f1, int f2) { return f1 * f2;}
![Page 25: OWF12/PAUG Conf Days Pro guard optimizer and obfuscator for android, eric lafortune, ceo at saikoa](https://reader033.vdocuments.mx/reader033/viewer/2022051818/54ba70ca4a7959f20e8b45d0/html5/thumbnails/25.jpg)
Constant propagation
Across methods:
int answer = computeAnswer(6, 7);
int computeAnswer(int f1, int f2) { return 6 * 7;}
int computeAnswer(int f1, int f2) { return f1 * f2;}
![Page 26: OWF12/PAUG Conf Days Pro guard optimizer and obfuscator for android, eric lafortune, ceo at saikoa](https://reader033.vdocuments.mx/reader033/viewer/2022051818/54ba70ca4a7959f20e8b45d0/html5/thumbnails/26.jpg)
Constant propagation
Across methods:
int answer = computeAnswer(6, 7);
int computeAnswer(int f1, int f2) { return 6 * 7;}
int computeAnswer(int f1, int f2) { return f1 * f2;}
int computeAnswer() { return 42;}
![Page 27: OWF12/PAUG Conf Days Pro guard optimizer and obfuscator for android, eric lafortune, ceo at saikoa](https://reader033.vdocuments.mx/reader033/viewer/2022051818/54ba70ca4a7959f20e8b45d0/html5/thumbnails/27.jpg)
Constant propagation
Across methods:
int answer = computeAnswer(6, 7);
int computeAnswer(int f1, int f2) { return 6 * 7;}
int computeAnswer(int f1, int f2) { return f1 * f2;}
int computeAnswer() { return 42;}
int answer = 42;
![Page 28: OWF12/PAUG Conf Days Pro guard optimizer and obfuscator for android, eric lafortune, ceo at saikoa](https://reader033.vdocuments.mx/reader033/viewer/2022051818/54ba70ca4a7959f20e8b45d0/html5/thumbnails/28.jpg)
Method inlining
int answer = image.getPixel(i, j);
int getPixel(int x, int y) { return array[y * width + x];}
Short methods (or methods that are only invoked once):
![Page 29: OWF12/PAUG Conf Days Pro guard optimizer and obfuscator for android, eric lafortune, ceo at saikoa](https://reader033.vdocuments.mx/reader033/viewer/2022051818/54ba70ca4a7959f20e8b45d0/html5/thumbnails/29.jpg)
Method inlining
int answer = image.getPixel(i, j);
int getPixel(int x, int y) { return array[y * width + x];}
Short methods (or methods that are only invoked once):
int answer = image.array[j * image.width + i];
![Page 30: OWF12/PAUG Conf Days Pro guard optimizer and obfuscator for android, eric lafortune, ceo at saikoa](https://reader033.vdocuments.mx/reader033/viewer/2022051818/54ba70ca4a7959f20e8b45d0/html5/thumbnails/30.jpg)
Class merging: horizontally
Class A
Class B Class C
Class D Class E
![Page 31: OWF12/PAUG Conf Days Pro guard optimizer and obfuscator for android, eric lafortune, ceo at saikoa](https://reader033.vdocuments.mx/reader033/viewer/2022051818/54ba70ca4a7959f20e8b45d0/html5/thumbnails/31.jpg)
Class merging: horizontally
Class A
Class B Class C
Class D Class E
Class A
Class B/C
Class D Class E
![Page 32: OWF12/PAUG Conf Days Pro guard optimizer and obfuscator for android, eric lafortune, ceo at saikoa](https://reader033.vdocuments.mx/reader033/viewer/2022051818/54ba70ca4a7959f20e8b45d0/html5/thumbnails/32.jpg)
Class merging: vertically
Class A
Class B
Class C Class D
![Page 33: OWF12/PAUG Conf Days Pro guard optimizer and obfuscator for android, eric lafortune, ceo at saikoa](https://reader033.vdocuments.mx/reader033/viewer/2022051818/54ba70ca4a7959f20e8b45d0/html5/thumbnails/33.jpg)
Class merging: vertically
Class A
Class B
Class C Class D Class C Class D
Class A/B
![Page 34: OWF12/PAUG Conf Days Pro guard optimizer and obfuscator for android, eric lafortune, ceo at saikoa](https://reader033.vdocuments.mx/reader033/viewer/2022051818/54ba70ca4a7959f20e8b45d0/html5/thumbnails/34.jpg)
Tail recursion simplification
int computeAnswer(int f1, int f2, int f3, int f4) { if (f2 == 1 && f3 == 1 && f4 == 1) { return f1; } else { return computeAnswer(f1 * f2, f3, f4, 1); }}
int answer = computeAnswer(1, 2, 3, 7);
![Page 35: OWF12/PAUG Conf Days Pro guard optimizer and obfuscator for android, eric lafortune, ceo at saikoa](https://reader033.vdocuments.mx/reader033/viewer/2022051818/54ba70ca4a7959f20e8b45d0/html5/thumbnails/35.jpg)
Tail recursion simplification
int answer = computeAnswer(1, 2, 3, 7);
int computeAnswer(int f1, int f2, int f3, int f4) { if (f2 == 1 && f3 == 1 && f4 == 1) { return f1; } else { return computeAnswer(f1 * f2, f3, f4, 1); }}
int computeAnswer(int f1, int f2, int f3, int f4) { do { if (f2 == 1 && f3 == 1 && f4 == 1) { return f1; } else { f1 = f1 * f2; f2 = f3, f3 = f4, f4 = 1; } } while (true);}
![Page 36: OWF12/PAUG Conf Days Pro guard optimizer and obfuscator for android, eric lafortune, ceo at saikoa](https://reader033.vdocuments.mx/reader033/viewer/2022051818/54ba70ca4a7959f20e8b45d0/html5/thumbnails/36.jpg)
Tail recursion simplification
int answer = computeAnswer(1, 2, 3, 7);
int computeAnswer(int f1, int f2, int f3, int f4) { if (f2 == 1 && f3 == 1 && f4 == 1) { return f1; } else { return computeAnswer(f1 * f2, f3, f4, 1); }}
int computeAnswer(int f1, int f2, int f3, int f4) { do { if (f2 == 1 && f3 == 1 && f4 == 1) { return f1; } else { f1 = f1 * f2; f2 = f3, f3 = f4, f4 = 1; } } while (true);}
int answer = 42;
![Page 37: OWF12/PAUG Conf Days Pro guard optimizer and obfuscator for android, eric lafortune, ceo at saikoa](https://reader033.vdocuments.mx/reader033/viewer/2022051818/54ba70ca4a7959f20e8b45d0/html5/thumbnails/37.jpg)
How to enable optimization?
project.properties:
# To enable ProGuard to shrink and obfuscate your code, uncomment thisproguard.config= ${sdk.dir}/tools/proguard/proguard-android-optimize.txt: proguard-project.txt
Tip
![Page 38: OWF12/PAUG Conf Days Pro guard optimizer and obfuscator for android, eric lafortune, ceo at saikoa](https://reader033.vdocuments.mx/reader033/viewer/2022051818/54ba70ca4a7959f20e8b45d0/html5/thumbnails/38.jpg)
Remove logging code
Specify assumptions in proguard-project.txt:
assumenosideeffects class android.util.Log { public static boolean isLoggable(java.lang.String, int); public static int v(...); public static int i(...); public static int w(...); public static int d(...); public static int e(...); public static java.lang.String getStackTraceString (java.lang.Throwable);}
Tip
![Page 39: OWF12/PAUG Conf Days Pro guard optimizer and obfuscator for android, eric lafortune, ceo at saikoa](https://reader033.vdocuments.mx/reader033/viewer/2022051818/54ba70ca4a7959f20e8b45d0/html5/thumbnails/39.jpg)
Obfuscation
Traditional name obfuscation:
● Rename identifiers:class/field/method names
● Remove debug information: line numbers, local variable names,...
![Page 40: OWF12/PAUG Conf Days Pro guard optimizer and obfuscator for android, eric lafortune, ceo at saikoa](https://reader033.vdocuments.mx/reader033/viewer/2022051818/54ba70ca4a7959f20e8b45d0/html5/thumbnails/40.jpg)
Obfuscationpublic class MyComputationClass { private MySettings settings; private MyAlgorithm algorithm; private int answer;
public int computeAnswer(int input) { … return answer; }}
public class a { private b a; private c b; private int c;
public int a(int a) { … return c; }}
![Page 41: OWF12/PAUG Conf Days Pro guard optimizer and obfuscator for android, eric lafortune, ceo at saikoa](https://reader033.vdocuments.mx/reader033/viewer/2022051818/54ba70ca4a7959f20e8b45d0/html5/thumbnails/41.jpg)
Complementary steps
Optimization Obfuscation
Irreversibly remove information
![Page 42: OWF12/PAUG Conf Days Pro guard optimizer and obfuscator for android, eric lafortune, ceo at saikoa](https://reader033.vdocuments.mx/reader033/viewer/2022051818/54ba70ca4a7959f20e8b45d0/html5/thumbnails/42.jpg)
ProGuard guide – Android SDK
developer.android.comdeveloper.android.com
![Page 43: OWF12/PAUG Conf Days Pro guard optimizer and obfuscator for android, eric lafortune, ceo at saikoa](https://reader033.vdocuments.mx/reader033/viewer/2022051818/54ba70ca4a7959f20e8b45d0/html5/thumbnails/43.jpg)
ProGuard website
proguard.sourceforge.netproguard.sourceforge.net
![Page 44: OWF12/PAUG Conf Days Pro guard optimizer and obfuscator for android, eric lafortune, ceo at saikoa](https://reader033.vdocuments.mx/reader033/viewer/2022051818/54ba70ca4a7959f20e8b45d0/html5/thumbnails/44.jpg)
ProGuard manual
proguard.sourceforge.netproguard.sourceforge.net
![Page 45: OWF12/PAUG Conf Days Pro guard optimizer and obfuscator for android, eric lafortune, ceo at saikoa](https://reader033.vdocuments.mx/reader033/viewer/2022051818/54ba70ca4a7959f20e8b45d0/html5/thumbnails/45.jpg)
Startup: Saikoa
● Open source: ProGuard
● Services: Professional ProGuard support
● Product: DexGuard
![Page 46: OWF12/PAUG Conf Days Pro guard optimizer and obfuscator for android, eric lafortune, ceo at saikoa](https://reader033.vdocuments.mx/reader033/viewer/2022051818/54ba70ca4a7959f20e8b45d0/html5/thumbnails/46.jpg)
ProGuard - DexGuard
Open source
Generic
ShrinkerOptimizer
Obfuscator
For Java bytecode
Closed source
Specialized
ShrinkerOptimizer
ObfuscatorProtector
For Android
Compatible
![Page 47: OWF12/PAUG Conf Days Pro guard optimizer and obfuscator for android, eric lafortune, ceo at saikoa](https://reader033.vdocuments.mx/reader033/viewer/2022051818/54ba70ca4a7959f20e8b45d0/html5/thumbnails/47.jpg)
Motivations for hacking/cracking
● Anti-malware research
● Reverse-engineering protocols, formats,...
● Fun
● Translation
● Game cheating
● Software piracy
● Remove ads
● Different ads
● Different market
● Extorsion
● Extract assets
● Extract API keys
● Insert malware (SMS,...)
● ...
![Page 48: OWF12/PAUG Conf Days Pro guard optimizer and obfuscator for android, eric lafortune, ceo at saikoa](https://reader033.vdocuments.mx/reader033/viewer/2022051818/54ba70ca4a7959f20e8b45d0/html5/thumbnails/48.jpg)
Solutions?
● Ignore it
● Different business model (open source, service)
● Regular updates
● Lock down device
● Server
● Remove motivations
● Obfuscation, application protection
![Page 49: OWF12/PAUG Conf Days Pro guard optimizer and obfuscator for android, eric lafortune, ceo at saikoa](https://reader033.vdocuments.mx/reader033/viewer/2022051818/54ba70ca4a7959f20e8b45d0/html5/thumbnails/49.jpg)
More application protection
Nothing is unbreakable, but you can raise the bar:
● Reflection
● String encryption
● Class encryption
● Tamper detection
● Debug detection
● Emulator detection
● …
→ Automatically applied by DexGuard
![Page 50: OWF12/PAUG Conf Days Pro guard optimizer and obfuscator for android, eric lafortune, ceo at saikoa](https://reader033.vdocuments.mx/reader033/viewer/2022051818/54ba70ca4a7959f20e8b45d0/html5/thumbnails/50.jpg)
Saikoa website
www.saikoa.comwww.saikoa.com
![Page 51: OWF12/PAUG Conf Days Pro guard optimizer and obfuscator for android, eric lafortune, ceo at saikoa](https://reader033.vdocuments.mx/reader033/viewer/2022051818/54ba70ca4a7959f20e8b45d0/html5/thumbnails/51.jpg)
Questions?
Open source
ShrinkingOptimizationObfuscation
Java bytecode
ProGuard
Saikoa
DexGuardDalvik bytecode