Your SlideShare is downloading. ×
Droidcon2013 pro guard, optimizer and obfuscator in the android sdk_eric lafortune_saikoa
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Droidcon2013 pro guard, optimizer and obfuscator in the android sdk_eric lafortune_saikoa

1,882
views

Published on

Published in: Technology, Education

0 Comments
3 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,882
On Slideshare
0
From Embeds
0
Number of Embeds
4
Actions
Shares
0
Downloads
69
Comments
0
Likes
3
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. ProGuardOptimizer and Obfuscatorin the Android SDKEric LafortuneDeveloper of ProGuard
  • 2. Eric Lafortune●1991 – 1996 K.U.Leuven (Belgium), Phd Eng CompSci●1996 – 1999 Cornell University (Ithaca, NY)●1999 – 2011 Java GIS●2012 Founder SaikoaMaybe more importantly:●1982 TMS-9900 processor●1995 ARM2/ARM3 processor●2001 Java bytecode●2010 Dalvik bytecode
  • 3. ProGuardOpen sourceGenericShrinkerOptimizerObfuscatorFor Java bytecode
  • 4. ProGuard historyJava applicationsApplets2002Midlets2010 2012Android apps●May 2002 First release●Sep 2010 Recommended for protecting LVL●Dec 2010 Part of Android SDK●Jan 2012 Startup Saikoa
  • 5. Why use ProGuard?●Application size●Performance●Remove logging, debugging, testing code●Battery life●Protection
  • 6. Application sizeclasses.dex size .apk sizeWithoutProGuardWithProGuardReductionWithoutProGuardWithProGuardReductionApiDemos 716 K 482 K 33 % 2.6 M 2.5 M 4 %GoogleIOApp3.4 M 905 K 75 % 1.9 M 906 K 53 %ApiDemosin Scala*~6 M 542 K ~90 % ~8 M 2.5 M ~70 %* [Stéphane Micheloud, http://lampwww.epfl.ch/~michelou/android/library-code-shrinking.html]
  • 7. Performance: CaffeineMarkWithout ProGuardSieve score = 6833Loop score = 14831Logic score = 19038String score = 7694Float score = 6425Method score = 4850Overall score = 8794With ProGuardSieve score = 6666Loop score = 15473Logic score = 47840String score = 7717Float score = 6488Method score = 5229Overall score = 10436Improvement: 18%[Acer Iconia Tab A500, nVidia Tegra 2, 1.0 GHz, Android 3.2.1]
  • 8. Battery lifeExtreme example:“5 x better battery life,by removing verbose logging codein a background service”(but dont count on it)
  • 9. How to enable ProGuard?project.properties:→ only applied when building release versions# To enable ProGuard to shrink and obfuscateyour code, uncomment this#proguard.config=${sdk.dir}/tools/proguard/proguard-android.txt:proguard-project.txtTip
  • 10. ShrinkingAlso called treeshaking, minimizing, shrouding
  • 11. Shrinking●Classes, fields, methods
  • 12. Entry points1) Activities, applications, services, fragments,...→ provided automatically by Android build process-keep public class * extends android.app.Activity-keep public class * extends android.app.Application-keep public class * extends android.app.Service…
  • 13. Entry points2) Introspection, e.g. Guice, RoboGuice→ must be specified in proguard-project.txt:-keepclassmembers class * {@javax.inject.** <fields>;@com.google.inject.** <fields>;@roboguice.** <fields>;@roboguice.event.Observes <methods>;}Tip
  • 14. Notes and warnings“Closed-world assumption”→ if debug build works fine,then ok to ignore in proguard-project.txt:Warning: com.dropbox.client2.DropboxAPI:cant find referenced class org.json.simple.JSONArray-dontwarn twitter4j.internal.logging.**-dontwarn com.dropbox.client2.**Warning: twitter4j.internal.logging.Log4JLoggerFactory:cant find referenced class org.apache.log4j.LoggerWarning: twitter4j.internal.logging.SLF4JLoggerFactory:cant find referenced class org.slf4j.LoggerFactory...Tip
  • 15. OptimizationAt the bytecode instruction level:●Dead code elimination●Constant propagation●Method inlining●Class merging●Remove logging code●Peephole optimizations●Devirtualization●...
  • 16. Optimization exampleint answer = computeAnswer(1, 2, 3, 7);int computeAnswer(int f1, int f2, int f3, int f4) {if (f2 == 1 && f3 == 1 && f4 == 1) {return f1;} else {return computeAnswer(f1 * f2, f3, f4, 1);}}
  • 17. Optimization exampleint answer = computeAnswer(1, 2, 3, 7);int computeAnswer(int f1, int f2, int f3, int f4) {if (f2 == 1 && f3 == 1 && f4 == 1) {return f1;} else {return computeAnswer(f1 * f2, f3, f4, 1);}}int computeAnswer(int f1, int f2, int f3, int f4) {do {if (f2 == 1 && f3 == 1 && f4 == 1) {return f1;} else {f1 = f1 * f2; f2 = f3, f3 = f4, f4 = 1;}} while (true);}
  • 18. Optimization exampleint answer = computeAnswer(1, 2, 3, 7);int computeAnswer(int f1, int f2, int f3, int f4) {if (f2 == 1 && f3 == 1 && f4 == 1) {return f1;} else {return computeAnswer(f1 * f2, f3, f4, 1);}}int computeAnswer(int f1, int f2, int f3, int f4) {do {if (f2 == 1 && f3 == 1 && f4 == 1) {return f1;} else {f1 = f1 * f2; f2 = f3, f3 = f4, f4 = 1;}} while (true);}1 2 3 7
  • 19. Optimization exampleint answer = computeAnswer(1, 2, 3, 7);int computeAnswer(int f1, int f2, int f3, int f4) {if (f2 == 1 && f3 == 1 && f4 == 1) {return f1;} else {return computeAnswer(f1 * f2, f3, f4, 1);}}int computeAnswer(int f1, int f2, int f3, int f4) {do {if (f2 == 1 && f3 == 1 && f4 == 1) {return f1;} else {f1 = f1 * f2; f2 = f3, f3 = f4, f4 = 1;}} while (true);}int computeAnswer() {return 42;}
  • 20. Optimization exampleint answer = computeAnswer(1, 2, 3, 7);int computeAnswer(int f1, int f2, int f3, int f4) {if (f2 == 1 && f3 == 1 && f4 == 1) {return f1;} else {return computeAnswer(f1 * f2, f3, f4, 1);}}int computeAnswer(int f1, int f2, int f3, int f4) {do {if (f2 == 1 && f3 == 1 && f4 == 1) {return f1;} else {f1 = f1 * f2; f2 = f3, f3 = f4, f4 = 1;}} while (true);}int computeAnswer() {return 42;}int answer = 42;
  • 21. How to enable optimization?project.properties:# To enable ProGuard to shrink and obfuscateyour code, uncomment thisproguard.config=${sdk.dir}/tools/proguard/proguard-android-optimize.txt:proguard-project.txtTip
  • 22. Remove logging codeSpecify assumptions in proguard-project.txt:-assumenosideeffects class android.util.Log {public static boolean isLoggable(java.lang.String, int);public static int v(...);public static int i(...);public static int w(...);public static int d(...);public static int e(...);public static java.lang.String getStackTraceString(java.lang.Throwable);}Tip
  • 23. ObfuscationTraditional name obfuscation:●Rename identifiers:class/field/method names●Remove debug information:line numbers, local variable names,...
  • 24. Obfuscationpublic class MyComputationClass {private MySettings settings;private MyAlgorithm algorithm;private int answer;public int computeAnswer(int input) {…return answer;}}
  • 25. Obfuscationpublic class MyComputationClass {private MySettings settings;private MyAlgorithm algorithm;private int answer;public int computeAnswer(int input) {…return answer;}}public class a {private b a;private c b;private int c;public int a(int a) {…return c;}}
  • 26. Complementary stepsOptimization ObfuscationIrreversibly remove information
  • 27. ProGuard guide – Android SDKdeveloper.android.comdeveloper.android.com
  • 28. ProGuard websiteproguard.sourceforge.netproguard.sourceforge.net
  • 29. ProGuard manualproguard.sourceforge.netproguard.sourceforge.netTip
  • 30. Startup: SaikoaProGuardProGuard supportDexGuard
  • 31. ProGuard - DexGuardOpen sourceGenericShrinkerOptimizerObfuscatorFor Java bytecodeClosed sourceSpecializedShrinkerOptimizerObfuscatorProtectorFor AndroidCompatible
  • 32. Hacking and cracking●Anti-malware research●Reverse-engineeringprotocols, formats,...●Fun●Translation●Game cheating●Software piracy●Remove ads●Different ads●Different market●Extract assets●Extract API keys●Insert malware●Extorsion●...
  • 33. Solutions?●Ignore it●Different business model (open source, service)●Regular updates●Lock down device●Server●Remove motivations●Obfuscation, application protection
  • 34. More application protectionNothing is unbreakable, but you can raise the bar:●Reflection●String encryption●Class encryption●Resource obfuscation●Tamper detection●Debug detection●Emulator detection●…→ Automatically applied by DexGuard
  • 35. DexGuard strategy●Tight integration●Multiple layers●Unique protection for every application●Follow up
  • 36. DexGuard reactions“My app usually gets pirated after a few hours,but now it hasnt been pirated after several weeks,thanks to DexGuard!”“Installation was simple.”“The support is fantastic.”“Im enjoying DexGuard.”“Support from Saikoa is awesome!”“Youre doing an awesome job!”
  • 37. Saikoa websitewww.saikoa.comwww.saikoa.com
  • 38. Questions?Open sourceShrinkingOptimizationObfuscationJava bytecodeProGuardSaikoaDexGuardDalvik bytecodeProtection

×