![Decoding Obfuscated Stack Traces
When your obfuscated code outputs a stack trace, the method names are obfuscated, which
makes debugging hard, if not impossible. Fortunately, whenever ProGuard runs, it outputs a
mapping.txt file, which shows you the original class, method, and field names mapped to their
obfuscated names.
The retrace.bat script on Windows or the retrace.sh script on Linux or Mac OS X can convert an
obfuscated stack trace to a readable one. It is located in the <sdk_root>/tools/proguard/ directory.
The syntax for executing the retrace tool is:
For example:
If you do not specify a value for <stacktrace_file>, the retrace tool reads from standard input.
retrace.bat|retrace.sh [-verbose] mapping.txt [<stacktrace_file>]
retrace.bat -verbose mapping.txt obfuscated_trace.txt](https://image.slidesharecdn.com/proguardandroid-180415150544/85/Proguard-android-16-320.jpg)
Proguard android
- 1. PROGUARD - ANDROID By Bhavya Rattan
- 2. What is Proguard ? ProGuard is a free Java class file shrinker, optimizer, obfuscator, and preverifier. It detects and removes unused classes, fields, methods, and attributes. It optimizes bytecode and removes unused instructions. It renames the remaining classes, fields, and methods using short meaningless names.
- 3. Why Proguard ? ● The result is a smaller sized .apk file. ● Making programs and libraries harder to reverse- engineer. ● Use it when your application utilizes features that are sensitive to security like when you are Licensing Your Applications.
- 4. Basic Funda Difficult to reverse Engineer .apk + Smaller Code
- 5. Implementation Set minifyEnabled true in app’s build.gradle for buildType : release Point to ponder : The getDefaultProguardFile('proguard-android.txt') method obtains the default ProGuard settings from the Android SDK tools/proguard/ folder. The proguard-android-optimize.txt file is also available in this Android SDK folder with the same rules but with optimizations enabled. ProGuard optimizations perform analysis at the bytecode level, inside and across methods to help make your app smaller and run faster.
- 6. Key Issues faced while configuration It’s not that easy to implement proguard in a real time project as Android Developer guys say in their guide. Many situations are hard for ProGuard to analyze correctly and it might remove code that it thinks is not used, but your application actually needs. Some examples include: A class that is referenced only in the AndroidManifest.xml file. Methods used and referenced by Third party libraries and jars. Dynamically referenced fields and methods.
- 7. The default ProGuard configuration file tries to cover general cases, but you might encounter exceptions such as : ClassNotFoundException, which happens when ProGuard strips away an entire class that your application calls. You can fix errors when ProGuard strips away your code by adding a -keep line in the ProGuard configuration file. For example: -keep public class <MyClass> Some Quick Fixes
- 9. See what we got, just checkout proguard support for retrofit and modify your proguard-rules.pro accordingly. Similarly you can resolve proguard warnings for other third party libraries in your project, in case you get stuck.
- 15. Final Output….Yeah you did it, but let’s cross check a few things !!! Checkpoints : ● Ensure that mapping folder is generated at : Project → app → build → outputs → mapping ● Mapping folder must contain a release folder with following files : ○ dump.txt ○ mapping.txt ○ seeds.txt ○ usage.txt Save the mapping.txt file for every release that you publish to your users. By retaining a copy of the mapping.txt file for each release build, you ensure that you can debug a problem if a user encounters a bug and submits an obfuscated stack trace. A project's mapping.txt file is overwritten every time you do a release build, so you must be careful about saving the versions that you need.
- 16. Decoding Obfuscated Stack Traces When your obfuscated code outputs a stack trace, the method names are obfuscated, which makes debugging hard, if not impossible. Fortunately, whenever ProGuard runs, it outputs a mapping.txt file, which shows you the original class, method, and field names mapped to their obfuscated names. The retrace.bat script on Windows or the retrace.sh script on Linux or Mac OS X can convert an obfuscated stack trace to a readable one. It is located in the <sdk_root>/tools/proguard/ directory. The syntax for executing the retrace tool is: For example: If you do not specify a value for <stacktrace_file>, the retrace tool reads from standard input. retrace.bat|retrace.sh [-verbose] mapping.txt [<stacktrace_file>] retrace.bat -verbose mapping.txt obfuscated_trace.txt
- 17. Got stuck somewhere, here are the quick links to help you out !!! ● https://stuff.mit.edu/afs/sipb/project/android /sdk/android-sdk- linux/tools/proguard/docs/index.html#manu al/troubleshooting.html ● https://android.googlesource.com/platform/ sdk/+/android-4.1.2_r2/files/proguard- android.txt ● http://omgitsmgp.com/2013/09/09/a- conservative-guide-to-proguard-for- android/ ● https://gist.github.com/Jackgris/c4a71328b 1ae346cba04 ● https://github.com/krschultz/android-
- 18. What we accomplished ➢Optimized apk that can’t be reverse engineered ➢.apk size without proguard : 21.46 MB ➢.apk size with proguard : 19.36 MB ➢Percentage reduction : 9.78 % Apk links for verification of facts : Treats Runner with proguard : https://www.distributeapps.com/droidapp/treats_runner_proguard- 3XpgZOedEQ5wyX1-10022016055650/home.php Treats Runner without proguard : https://www.distributeapps.com/droidapp/treats_runner-nckroFY4ew6YwOU- 10022016060759/home.php