This document summarizes the presentation on ProGuard by Eric Lafortune at the #mceconf conference on January 11, 2014. ProGuard is an optimizer and obfuscator tool included in the Android SDK. It shrinks, optimizes, and obfuscates Android applications bytecode. Using ProGuard can significantly reduce application sizes and improve performance. It removes unused code, performs optimizations at the bytecode level, and obfuscates the code to make reverse engineering more difficult. The document provides examples of how ProGuard can reduce application sizes by 20-90%, improve performance by up to 20%, and demonstrates optimizations like inlining, constant propagation, and enum handling. It also explains how to configure and enable ProGuard in Android builds
Eric Lafortune - ProGuard and DexGuard for optimization and protectionGuardSquare
ProGuard and DexGuard are tools that optimize and obfuscate Android applications. ProGuard can shrink code size by 20-90% and improve performance by up to 20% through techniques like dead code elimination, constant propagation, and method inlining. It also protects applications from reverse engineering by obfuscating symbols through renaming and eliminating unused code and resources.
Eric Lafortune - ProGuard: Optimizer and obfuscator in the Android SDKGuardSquare
ProGuard is an open source tool that can optimize and obfuscate Android apps. It shrinks code size by removing unused code and optimizes code through techniques like constant propagation and inlining. It also obfuscates code by renaming classes, fields and methods to hide intellectual property and prevent reverse engineering. ProGuard is part of the Android SDK and can help reduce app size, improve performance, and protect code from decompilation.
ITT 2014 - Eric Lafortune - ProGuard, Optimizer and Obfuscator in the Android...Istanbul Tech Talks
Eric presents ProGuard - the open-source optimizer and obfuscator that is integrated in the Android SDK. ProGuard reduces the size of applications, improves their performance, and makes them more difficult to reverse-engineer. Eric presents some typical results on what to expect from ProGuard, discuss the latest developments and provide some background that should help mobile developers get the best out of ProGuard.
OWF12/PAUG Conf Days Pro guard optimizer and obfuscator for android, eric l...Paris Open Source Summit
This document provides biographical information about Eric Lafortune, the creator of ProGuard, and describes ProGuard's capabilities and history. ProGuard is an open source tool that can optimize and obfuscate Java bytecode, including Android bytecode. It helps reduce app size and improve performance by removing unused code and optimizing the bytecode. It also allows obfuscating code to prevent reverse engineering. ProGuard has been used since 2002 for Java applications and since 2010 is recommended for Android apps to help prevent cracking of license verification.
Eric Lafortune - ProGuard: Optimizer and obfuscator in the Android SDKGuardSquare
ProGuard is an open source tool that optimizes and obfuscates Java bytecode. It can shrink code size by removing unused classes, fields, and methods. It optimizes code through optimizations like constant propagation and method inlining. It obfuscates code by renaming classes, fields, and methods to obscure their purpose. ProGuard is included in the Android SDK and can help protect Android apps from reverse engineering.
Eric Lafortune - Fighting application size with ProGuard and beyondGuardSquare
The document discusses various techniques for reducing Android application size, including compressing resources and assets, trimming unused resources and assets, splitting APK files, shrinking libraries, shrinking the application bytecode, and splitting dex files. It provides examples of using tools like ProGuard, DexGuard, and the Android Gradle plugin to apply these techniques at build time in order to reduce the overall size of the packaged Android application.
Eric Lafortune - ProGuard and DexGuard for optimization and protectionGuardSquare
ProGuard and DexGuard are tools that optimize and obfuscate Android applications. ProGuard can shrink code size by 20-90% and improve performance by up to 20% through techniques like dead code elimination, constant propagation, and method inlining. It also protects applications from reverse engineering by obfuscating symbols through renaming and eliminating unused code and resources.
Eric Lafortune - ProGuard: Optimizer and obfuscator in the Android SDKGuardSquare
ProGuard is an open source tool that can optimize and obfuscate Android apps. It shrinks code size by removing unused code and optimizes code through techniques like constant propagation and inlining. It also obfuscates code by renaming classes, fields and methods to hide intellectual property and prevent reverse engineering. ProGuard is part of the Android SDK and can help reduce app size, improve performance, and protect code from decompilation.
ITT 2014 - Eric Lafortune - ProGuard, Optimizer and Obfuscator in the Android...Istanbul Tech Talks
Eric presents ProGuard - the open-source optimizer and obfuscator that is integrated in the Android SDK. ProGuard reduces the size of applications, improves their performance, and makes them more difficult to reverse-engineer. Eric presents some typical results on what to expect from ProGuard, discuss the latest developments and provide some background that should help mobile developers get the best out of ProGuard.
OWF12/PAUG Conf Days Pro guard optimizer and obfuscator for android, eric l...Paris Open Source Summit
This document provides biographical information about Eric Lafortune, the creator of ProGuard, and describes ProGuard's capabilities and history. ProGuard is an open source tool that can optimize and obfuscate Java bytecode, including Android bytecode. It helps reduce app size and improve performance by removing unused code and optimizing the bytecode. It also allows obfuscating code to prevent reverse engineering. ProGuard has been used since 2002 for Java applications and since 2010 is recommended for Android apps to help prevent cracking of license verification.
Eric Lafortune - ProGuard: Optimizer and obfuscator in the Android SDKGuardSquare
ProGuard is an open source tool that optimizes and obfuscates Java bytecode. It can shrink code size by removing unused classes, fields, and methods. It optimizes code through optimizations like constant propagation and method inlining. It obfuscates code by renaming classes, fields, and methods to obscure their purpose. ProGuard is included in the Android SDK and can help protect Android apps from reverse engineering.
Eric Lafortune - Fighting application size with ProGuard and beyondGuardSquare
The document discusses various techniques for reducing Android application size, including compressing resources and assets, trimming unused resources and assets, splitting APK files, shrinking libraries, shrinking the application bytecode, and splitting dex files. It provides examples of using tools like ProGuard, DexGuard, and the Android Gradle plugin to apply these techniques at build time in order to reduce the overall size of the packaged Android application.
This document discusses PEG.js, a JavaScript parser generator. It begins with an agenda that includes understanding PEG.js, how to use it, and making a domain-specific language (DSL) and parser. The document then covers how parsers are generally made, what PEG.js is, trying out some simple PEG grammars, and making a DSL for conditional logic. Key points include that PEG.js uses Parsing Expression Grammar to easily generate parsers without needing a separate lexer, how to write grammars and generate parsers with PEG.js, and an example of developing a DSL and parser for conditional logic configuration files.
This document provides an overview and reference for QE, a 3D game engine. It describes the development environment including DirectX, OpenGL and Visual Studio. It outlines the engine's directory structure and key files. It also summarizes input handling, adding functions and classes to the engine loop, and deriving from the qeUpdateBase class. The document provides examples of initializing input, remapping keys, and reading the keyboard buffer. It references important QE API functions.
Benoit Baudry (KTH and H2020 STAMP project scientific leader) introduces and illustrates the benefits of mutation testing to assess the quality of test suites.
TDD, BDD, ATDD are all methodologies that enable incremental design that is suitable for Agile environments. It seems that every day a new xDD methodology is born with the promise to be better than what came before. Should you use behaviour-driven tests or plain old unit tests? Which methodology is better? And how exactly would it benefit the development life cycle?
In this session, Dror will help to sort out the various methodologies – explaining where they came from, the tools they use, and discussing how and when to use each one. Here we will once and for all answer the question as to whether or not there’s one “DD” to rule them all.
The document describes the development of a scientific calculator application using Java. It includes 3 main sections: features of the calculator, screenshots of the graphical user interface, and explanations of the source code. The calculator allows arithmetic, geometric, and memory functions. The GUI was created using NetBeans IDE. The source code uses action listeners for buttons, parses user input, and performs calculations by calling Java math methods. Memory functions save, read, and clear values from a dedicated display.
The document discusses procedural abstraction and predefined functions in computer programming. It provides examples of for loops and nested for loops to iterate through ranges of values. The for loop examples demonstrate how the initialization, boolean expression, and update components work together to execute the loop body. Tracing is used to step through multiple iterations of the for loops.
The document contains a sample code with multiple questions and answers related to Java programming. The questions cover topics like arrays, exceptions, object-oriented programming concepts, and more. The provided code snippets have compilation errors, runtime exceptions or produce specific output. The correct answers are explained to assess the understanding of Java programming concepts.
The document discusses classes and files in C++. It covers:
1) Classes in C++, including declaring classes, private, protected, and public members, and examples of classes.
2) Files in C++, including streams, reading from and writing to files, and the standard input/output streams.
3) Specific file classes in C++ - ifstream for input, ofstream for output, and fstream for both. It also covers opening files using the open() function.
The document discusses programming paradigms and introduces aspect-oriented programming (AOP). It provides an example of implementing logging functionality as an aspect to separate cross-cutting concerns from the core program logic. The example of a health monitoring system using remote method invocation (RMI) demonstrates how AOP can help modularize distributed functionality and address issues like tangled and spread code.
This document discusses using functional programming techniques in Java to improve KPIs like quality, performance, and developer productivity. It outlines issues with imperative Java like shared mutability and verbosity. Functional approaches can reduce bugs, duplicated code, and complexity. Techniques like immutable collections, streams, and lambdas improve performance by reducing memory usage and garbage collection. Functional Java allows writing more concise, testable code while leveraging the existing Java ecosystem.
The Ring programming language version 1.2 book - Part 59 of 84Mahmoud Samir Fayed
This document provides an overview of using the Ring code generator to wrap C/C++ libraries and interfaces in order to use them in Ring applications. It describes the configuration file format, syntax elements like defining functions, structures, constants, classes and more. It also gives an example configuration file for wrapping the Allegro game library. The code generator takes the configuration file as input and generates Ring wrapper code to interface with the native library in Ring.
Applying Compiler Techniques to Iterate At Blazing SpeedPascal-Louis Perez
In this session, we will present real life applications of compiler techniques helping kaChing achieve ultra confidence and power its incredible 5 minutes commit-to-production cycle [1]. We'll talk about idempotency analysis [2], dependency detection, on the fly optimisations, automatic memoization [3], type unification [4] and more! This talk is not suitable for the faint-hearted... If you want to dive deep, learn about advanced JVM topics, devoure bytecode and see first hand applications of theoretical computer science, join us.
[1] http://eng.kaching.com/2010/05/deployment-infrastructure-for.html
[2] http://en.wikipedia.org/wiki/Idempotence
[3] http://en.wikipedia.org/wiki/Memoization
[4] http://eng.kaching.com/2009/10/unifying-type-parameters-in-java.html
The document describes exercises for a test-driven development (TDD) boot camp on converting wiki text to HTML. The exercises start with writing tests to convert simple text strings to the same strings in HTML. Tests are added to handle headings with = and ==. The code is refactored to use regular expressions to match heading levels. Further tests and code are added to support headings up to level 6 and return unmodified text for unsupported higher levels.
JavaScript ist eine sehr dynamische Sprache und verhält sich zudem je nach Browser unterschiedlich. Daher sind automatisierte Tests besonders wertvoll. Dieser Vortrag von Tobias Bosch und Stefan Scheidt (OPITZ CONSULTING) zeigt, wie Cross-Browser-Tests für JavaScript entwickelt werden können.
Improving Android Performance at Droidcon UK 2014Raimon Ràfols
The document discusses ways to improve Android application performance by optimizing Java bytecode. It covers topics like:
- How the Java compiler does not optimize code like C/C++ compilers do
- Examples of optimizations like avoiding autoboxing, using primitives over objects when possible, and using StringBuilder for string concatenation
- Tips for loops like caching array lengths and using backwards loops when applicable
- Tools for disassembling and analyzing bytecode like dexdump, smali, and oatdump
- The impact of obfuscation on optimizing bytecode
- Best practices for benchmarking like running tests separately to avoid JIT compiler effects
The document discusses sequence points in C and C++ programming. It explains that sequence points govern the order of evaluation and side effects in a program. However, the order of evaluation between sequence points is unspecified, meaning compilers are free to rearrange operations as long as the observable behavior is consistent with the sequence points. This can lead to undefined behavior if a program relies on a specific evaluation order. Several examples are provided to illustrate this.
This document provides an introduction to the Erlang programming language. It demonstrates Erlang's core syntax including numbers, atoms, booleans, strings, lists, tuples, and pattern matching. It also shows functions, guards, recursion, higher order functions, list comprehensions, and common list functions. The document introduces Erlang processes for concurrency and messaging, and discusses fault tolerance and distribution. Examples include functions, FizzBuzz, and profiling process spawning. The conclusion discusses tail call recursion, asynchronous programming, small functions, spawning processes, and handling process deaths.
C++ CoreHard Autumn 2018. Concurrency and Parallelism in C++17 and C++20/23 -...corehard_by
What do threads, atomic variables, mutexes, and conditional variables have in common? They are the basic building blocks of any concurrent application in C++, which are even for the experienced C++ programmers a big challenge. This massively changed with C++17 and change even more with C++20/23. What did we get with C++17, what can we hope for with C++20/23? With C++17, most of the standard template library algorithms are available in sequential, parallel, and vectorised variants. With the upcoming standards, we can look forward to executors, transactional memory, significantly improved futures and coroutines. To make it short. These are just the highlights from the concurrent and parallel perspective. Thus there is the hope that in the future C++ abstractions such as executors, transactional memory, futures and coroutines are used and that threads, atomic variables, mutexes and condition variables are just implementation details.
Talk feito no CocoaHeads RJ edição Novembro/2015 sobre Segurança no desenvolvimento de aplicativos iOS, considerando Persistência, Comunicação e Segurança do Código.
The document summarizes a security analysis report of the LinkedIn website performed by Minded Security using the DOMinatorPro Enterprise security scanner. The analysis found a reflected DOM-based cross-site scripting (XSS) vulnerability that allows an attacker to inject arbitrary HTML and JavaScript into the browser DOM context of LinkedIn. The vulnerability is due to unsanitized user input being used to generate HTML output without encoding. A proof-of-concept exploit is provided to demonstrate the vulnerability by triggering a popup alert on the victim's browser when a specially crafted URL is visited while logged into LinkedIn.
This document discusses PEG.js, a JavaScript parser generator. It begins with an agenda that includes understanding PEG.js, how to use it, and making a domain-specific language (DSL) and parser. The document then covers how parsers are generally made, what PEG.js is, trying out some simple PEG grammars, and making a DSL for conditional logic. Key points include that PEG.js uses Parsing Expression Grammar to easily generate parsers without needing a separate lexer, how to write grammars and generate parsers with PEG.js, and an example of developing a DSL and parser for conditional logic configuration files.
This document provides an overview and reference for QE, a 3D game engine. It describes the development environment including DirectX, OpenGL and Visual Studio. It outlines the engine's directory structure and key files. It also summarizes input handling, adding functions and classes to the engine loop, and deriving from the qeUpdateBase class. The document provides examples of initializing input, remapping keys, and reading the keyboard buffer. It references important QE API functions.
Benoit Baudry (KTH and H2020 STAMP project scientific leader) introduces and illustrates the benefits of mutation testing to assess the quality of test suites.
TDD, BDD, ATDD are all methodologies that enable incremental design that is suitable for Agile environments. It seems that every day a new xDD methodology is born with the promise to be better than what came before. Should you use behaviour-driven tests or plain old unit tests? Which methodology is better? And how exactly would it benefit the development life cycle?
In this session, Dror will help to sort out the various methodologies – explaining where they came from, the tools they use, and discussing how and when to use each one. Here we will once and for all answer the question as to whether or not there’s one “DD” to rule them all.
The document describes the development of a scientific calculator application using Java. It includes 3 main sections: features of the calculator, screenshots of the graphical user interface, and explanations of the source code. The calculator allows arithmetic, geometric, and memory functions. The GUI was created using NetBeans IDE. The source code uses action listeners for buttons, parses user input, and performs calculations by calling Java math methods. Memory functions save, read, and clear values from a dedicated display.
The document discusses procedural abstraction and predefined functions in computer programming. It provides examples of for loops and nested for loops to iterate through ranges of values. The for loop examples demonstrate how the initialization, boolean expression, and update components work together to execute the loop body. Tracing is used to step through multiple iterations of the for loops.
The document contains a sample code with multiple questions and answers related to Java programming. The questions cover topics like arrays, exceptions, object-oriented programming concepts, and more. The provided code snippets have compilation errors, runtime exceptions or produce specific output. The correct answers are explained to assess the understanding of Java programming concepts.
The document discusses classes and files in C++. It covers:
1) Classes in C++, including declaring classes, private, protected, and public members, and examples of classes.
2) Files in C++, including streams, reading from and writing to files, and the standard input/output streams.
3) Specific file classes in C++ - ifstream for input, ofstream for output, and fstream for both. It also covers opening files using the open() function.
The document discusses programming paradigms and introduces aspect-oriented programming (AOP). It provides an example of implementing logging functionality as an aspect to separate cross-cutting concerns from the core program logic. The example of a health monitoring system using remote method invocation (RMI) demonstrates how AOP can help modularize distributed functionality and address issues like tangled and spread code.
This document discusses using functional programming techniques in Java to improve KPIs like quality, performance, and developer productivity. It outlines issues with imperative Java like shared mutability and verbosity. Functional approaches can reduce bugs, duplicated code, and complexity. Techniques like immutable collections, streams, and lambdas improve performance by reducing memory usage and garbage collection. Functional Java allows writing more concise, testable code while leveraging the existing Java ecosystem.
The Ring programming language version 1.2 book - Part 59 of 84Mahmoud Samir Fayed
This document provides an overview of using the Ring code generator to wrap C/C++ libraries and interfaces in order to use them in Ring applications. It describes the configuration file format, syntax elements like defining functions, structures, constants, classes and more. It also gives an example configuration file for wrapping the Allegro game library. The code generator takes the configuration file as input and generates Ring wrapper code to interface with the native library in Ring.
Applying Compiler Techniques to Iterate At Blazing SpeedPascal-Louis Perez
In this session, we will present real life applications of compiler techniques helping kaChing achieve ultra confidence and power its incredible 5 minutes commit-to-production cycle [1]. We'll talk about idempotency analysis [2], dependency detection, on the fly optimisations, automatic memoization [3], type unification [4] and more! This talk is not suitable for the faint-hearted... If you want to dive deep, learn about advanced JVM topics, devoure bytecode and see first hand applications of theoretical computer science, join us.
[1] http://eng.kaching.com/2010/05/deployment-infrastructure-for.html
[2] http://en.wikipedia.org/wiki/Idempotence
[3] http://en.wikipedia.org/wiki/Memoization
[4] http://eng.kaching.com/2009/10/unifying-type-parameters-in-java.html
The document describes exercises for a test-driven development (TDD) boot camp on converting wiki text to HTML. The exercises start with writing tests to convert simple text strings to the same strings in HTML. Tests are added to handle headings with = and ==. The code is refactored to use regular expressions to match heading levels. Further tests and code are added to support headings up to level 6 and return unmodified text for unsupported higher levels.
JavaScript ist eine sehr dynamische Sprache und verhält sich zudem je nach Browser unterschiedlich. Daher sind automatisierte Tests besonders wertvoll. Dieser Vortrag von Tobias Bosch und Stefan Scheidt (OPITZ CONSULTING) zeigt, wie Cross-Browser-Tests für JavaScript entwickelt werden können.
Improving Android Performance at Droidcon UK 2014Raimon Ràfols
The document discusses ways to improve Android application performance by optimizing Java bytecode. It covers topics like:
- How the Java compiler does not optimize code like C/C++ compilers do
- Examples of optimizations like avoiding autoboxing, using primitives over objects when possible, and using StringBuilder for string concatenation
- Tips for loops like caching array lengths and using backwards loops when applicable
- Tools for disassembling and analyzing bytecode like dexdump, smali, and oatdump
- The impact of obfuscation on optimizing bytecode
- Best practices for benchmarking like running tests separately to avoid JIT compiler effects
The document discusses sequence points in C and C++ programming. It explains that sequence points govern the order of evaluation and side effects in a program. However, the order of evaluation between sequence points is unspecified, meaning compilers are free to rearrange operations as long as the observable behavior is consistent with the sequence points. This can lead to undefined behavior if a program relies on a specific evaluation order. Several examples are provided to illustrate this.
This document provides an introduction to the Erlang programming language. It demonstrates Erlang's core syntax including numbers, atoms, booleans, strings, lists, tuples, and pattern matching. It also shows functions, guards, recursion, higher order functions, list comprehensions, and common list functions. The document introduces Erlang processes for concurrency and messaging, and discusses fault tolerance and distribution. Examples include functions, FizzBuzz, and profiling process spawning. The conclusion discusses tail call recursion, asynchronous programming, small functions, spawning processes, and handling process deaths.
C++ CoreHard Autumn 2018. Concurrency and Parallelism in C++17 and C++20/23 -...corehard_by
What do threads, atomic variables, mutexes, and conditional variables have in common? They are the basic building blocks of any concurrent application in C++, which are even for the experienced C++ programmers a big challenge. This massively changed with C++17 and change even more with C++20/23. What did we get with C++17, what can we hope for with C++20/23? With C++17, most of the standard template library algorithms are available in sequential, parallel, and vectorised variants. With the upcoming standards, we can look forward to executors, transactional memory, significantly improved futures and coroutines. To make it short. These are just the highlights from the concurrent and parallel perspective. Thus there is the hope that in the future C++ abstractions such as executors, transactional memory, futures and coroutines are used and that threads, atomic variables, mutexes and condition variables are just implementation details.
Talk feito no CocoaHeads RJ edição Novembro/2015 sobre Segurança no desenvolvimento de aplicativos iOS, considerando Persistência, Comunicação e Segurança do Código.
The document summarizes a security analysis report of the LinkedIn website performed by Minded Security using the DOMinatorPro Enterprise security scanner. The analysis found a reflected DOM-based cross-site scripting (XSS) vulnerability that allows an attacker to inject arbitrary HTML and JavaScript into the browser DOM context of LinkedIn. The vulnerability is due to unsanitized user input being used to generate HTML output without encoding. A proof-of-concept exploit is provided to demonstrate the vulnerability by triggering a popup alert on the victim's browser when a specially crafted URL is visited while logged into LinkedIn.
The document describes multiple reflected cross-site scripting (XSS) vulnerabilities identified in Concrete5 version 5.7.3.1. User input passed through various request parameters was not properly sanitized before being used to generate HTML output, allowing attackers to potentially inject arbitrary JavaScript code. The vulnerabilities were addressed in Concrete5 version 5.7.4. The vulnerabilities included issues in files related to page versions, user selection, group searching, language setup, single page loading, and attribute selection.
- Concrete5 version 5.7.3.1 is vulnerable to remote code execution (RCE) via a vulnerability in its sendmail functionality that allows arbitrary command execution when sending registration notification emails. An authenticated administrator can be tricked via CSRF into configuring notification emails with a specially crafted address that executes code. This allows an attacker to execute code by registering a new user account. The vulnerability is fixed in version 5.7.4.
This document compares DOM XSS identification tools by testing them on a real-world DOM XSS vulnerability found on pastebin.com. The vulnerability involves a JavaScript file loaded from an external domain that contains complex code. Most tools had difficulty analyzing this accurately. Runtime tools that use taint analysis were best able to follow the execution flow and identify the vulnerability, while static analyzers struggled with the indirect source and produced false positives or missed it entirely.
Mobile Banking Security: Challenges, SolutionsCognizant
With the proliferation of online mobile banking services, security is a key issue. We offer a primer on security challenges and applicable controls/remedies. This includes solutions such as Trusteer Mobile SDK, Arxon's EnsureIT and Dexguard.
This document discusses JavaScript deobfuscation techniques using abstract syntax trees (ASTs). It begins by explaining goals of JavaScript obfuscation like blocking reverse engineering and bypassing antivirus detection. Common obfuscation techniques like eval packing and JSFuck are described. The document then discusses approaches to deobfuscation including runtime execution and manual analysis. It focuses on the benefits of partial evaluation using AST traversal and subtree reduction to perform operations like constant folding and function inlining. Examples are provided of challenges in evaluating complex data structures and functions. The conclusion is that AST-based deobfuscation is difficult but can counter some obfuscation techniques through multi-pass analysis and function hoisting.
The document discusses security testing of mobile applications. It outlines common threats like accessing sensitive stored data, intercepting data in transit, and exploiting tainted inputs. The document demonstrates analyzing an example Android app to identify potential issues, including looking at application binaries, network traffic, and content handlers. It also briefly discusses SQL injection risks for mobile apps.
The document provides information about reverse engineering iOS apps. It discusses analyzing apps both externally using traffic sniffing and SSL proxying tools like Charles, and internally by disassembling, decompiling, and debugging the app binary and resource files. The internal analysis involves using tools like otool, class-dump, Hopper, and IDA to disassemble and decompile the binary and analyze the Mach-O structure, Objective-C metadata, and control flow. It also discusses analyzing techniques like decrypting encrypted binaries and models, extracting image and interface files, and working with the app at runtime using Cycript. The document notes additional protection techniques apps may use like SSL pinning, method obfuscation, string obfuscation, and
The old is new, again. CVE-2011-2461 is back!Luca Carettoni
As a part of an ongoing investigation on Adobe Flash SOP bypass techniques, we identified a vulnerability affecting old releases of the Adobe Flex SDK compiler. Further investigation traced the issue back to a well known vulnerability (CVE20112461), already patched by Adobe. Old vulnerability, let's move on? Not this time. CVE20112461 is a very interesting bug. As long as the SWF file was compiled with a vulnerable Flex SDK, attackers can still use this vulnerability against the latest web browsers and Flash plugin. Even with the most recent updates, vulnerable Flex applications hosted on your domain can be exploited. In this presentation, we will disclose the details of this vulnerability (Adobe has never released all technicalities) and we will discuss how we conducted a large scale analysis on popular websites, resulting in the identification of numerous Alexa Top 50 sites vulnerable to this bug. Finally, we will also release a custom tool and a Burp plugin capable of detecting vulnerable SWF applications. If you’re a breaker, you will learn a new technique and enjoy our exploits. If you’re a builder, you will learn how to mitigate this attack. In both cases, you can help us to eradicate CVE20112461. After all, Troopers is about making the world a safer place.
Mauro Gentile, Luca Carettoni
The document discusses several common mobile application security risks including lack of binary protection, weak server-side controls, insecure data storage, insufficient transport layer protection, unintended data leakage, poor authorization and authentication, broken cryptography, client-side injection, and improper session handling. It provides recommendations to address each of these risks such as using obfuscation, secure data storage techniques, TLS, strong authentication, secure cryptography, input validation, and secure session management.
I Want More Ninja – iOS Security TestingJason Haddix
The document provides instructions for setting up an iOS application testing lab, including recommended hardware, software, and tools for both MacBooks and PCs. It discusses jailbreaking iOS devices to gain root access, installing useful packages and utilities, and exploring application directories and data stores to find vulnerabilities like insecure data storage or client-side injection issues.
The curious case of mobile app security.pptxAnkit Giri
A talk on the essence of Mobile app and mobile security. The agenda was as follows:
Why we need to secure the mobile apps!
What do you check when installing an app ?
Mobile app security assessment
Some interesting cases of vulnerabilities
Let’s takeover your account
My Research and reported vulnerabilities
AppSec EU 2016: Automated Mobile Application Security Assessment with MobSFAjin Abraham
Mobile Application market is growing like anything and so is the Mobile Security industry. With lots of frequent application releases and updates happening, conducting the complete security analysis of mobile applications becomes time consuming and cumbersome. In this talk I will introduce an extendable, and scalable web framework called Mobile Security Framework (https://github.com/ajinabraham/YSO-Mobile-Security-Framework) for Security analysis of Mobile Applications. Mobile Security Framework is an intelligent and automated open source mobile application (Android/iOS) pentesting and binary/code analysis framework capable of performing static and dynamic analysis. It supports Android and iOS binaries as well as zipped source code. During the presentation, I will demonstrates some of the issues identified by the tool in real world android applications. The latest Dynamic Analyzer module will be released at OWASP AppSec. Attendees Benefits * An Open Source framework for Automated Mobile Security Assessment. * One Click Report Generation and Security Assessment. * Framework can be deployed at your own environment so that you have complete control of the data. The data/report stays within the organisation and nothing is stored in the cloud. * Supports both Android and iOS Applications. * Semi Automatic Dynamic Analyzer for intelligent application logic based (whitebox) security assessment.
Mobile Application Security Testing, Testing for Mobility App | www.idexcel.comIdexcel Technologies
Application development has come a long way in last two decades, but it is puzzling to see that despite major security breaches, security testing takes a back seat as compared to other forms of quality testing measures such as usability or functional testing.
The document discusses penetration testing of iOS applications. It provides an overview of the key aspects of testing including:
- Setting up the testing environment with tools like Xcode, Instruments, Burp Suite, and SQLite Manager.
- Performing whitebox testing through source code analysis, identifying HTTP/WS calls, file system interactions, and manual code review.
- Proxying the iOS simulator to intercept and analyze network traffic.
- Exploring various data storage mechanisms like plists, SQLite databases, and the keychain for sensitive data.
Automated Security Analysis of Android & iOS Applications with Mobile Securit...Ajin Abraham
Ajin Abraham presents the Mobile Security Framework, an open source tool for automating security analysis of Android and iOS mobile applications. It performs static analysis on application binaries and source code to detect vulnerabilities. It also includes dynamic analysis capabilities like monitoring network traffic, system calls and application data during runtime. The tool is hosted locally and does not send any data to the cloud. The talk demonstrates the tool's static and dynamic analysis features and provides examples of vulnerabilities it has discovered in real world applications. Future plans are discussed to add additional testing capabilities and improve the tool. Users are encouraged to download, test and contribute to the open source project.
Eric Lafortune - ProGuard: Optimizer and obfuscator in the Android SDKGuardSquare
ProGuard is an open source tool that optimizes and obfuscates Android bytecode. It shrinks code size by removing unused code and resources, optimizes code performance through techniques like constant propagation and method inlining, and obfuscates code to make it harder to reverse engineer by renaming classes and fields. Using ProGuard can reduce APK size by 5-70% and improve performance by up to 20%. It is enabled in Android builds by adding configuration files that specify how to process the code.
Droidcon2013 pro guard, optimizer and obfuscator in the android sdk_eric lafo...Droidcon Berlin
ProGuard is an open source tool that optimizes and obfuscates Java bytecode. It can shrink code size by removing unused classes, fields, and methods. It optimizes code through optimizations like constant propagation and method inlining. It obfuscates code by renaming classes, fields, and methods to obscure their purpose. ProGuard is included in the Android SDK and can help protect Android apps from reverse engineering.
Just Click on Below Link to Download This Course:
https://www.devrycoursehelp.com/product/devry-gsp-115-all-assignments-latest/
DeVry GSP 115 All Assignments latest
DeVry GSP 115 Week 1 Assignment latest
Week 1: Simple Data Types
Instructions
Complete the following assignments. Cut and paste your finished code into a Word document, clearly identifying which assignment it is. Also, capture the output of the program and paste that into the Word document. If there are questions to be answered, put the answers after the output. When you complete all three of this week’s assignments, save the document as yourLastName_GSP115_W1_Assignments.docx. Submit it to the Week 1 assignment Dropbox.
FrontDays #3. Иван Федяев, Эволюция JavaScript. Обзор нововведений ECMAScript 6FrontDays
Общий обзор новых возможностей ES6, сравнение с более ранними стандартами. Почему стоит использовать ES6 уже сейчас? Поговорим о таких нововведениях как: поддержка классов, шаблоны строк, модули, стрелочные функции, генераторы и о многом другом.
The following is the (incomplete) header file for the class Fracti.pdf4babies2010
The following comparative income statement (in thousands of dollars) for the two recent fiscal
years was adapted from the annual report of Speedway Motorsports, Inc., owner and operator of
several major motor speedways, such as the Atlanta, Texas, and Las Vegas Motor Speedways.
Current Year Previous Year 2 Revenues: 3 Admissions 4Event-related revenue $104,312.00
$116,644.00 131,164.00 170,368.00 65,824.00 $472,000.00 $484,000.00 42,544.00 180,304.00
44,840.00 NASCAR broadcasting revenue Other operating revenue 7 Total revenue 8 Expenses
and other: 9 Direct expense of events 10 NASCAR purse and sanction fees 91,568.00
$101,640.00 117,612.00 20,328.00 220,220.00 424800.00 $459,800.00 $24,200.00 118,000.00
19,352.00 195,880.00 11 Other direct expenses 2 General and administrative 13 Total expenses
and other Income from continuing operations $47,200.00 14 Required A. Prepare a comparative
income statement for these two years in vertical form, stating each item as a percent of revenues.
Enter all amounts as positive numbers. Rounding instructions
Solution
VERTICAL ANALYSIS OF INCOME STATEMENT Particulars Current Year
Amount Current Year Percentage Previous Year Amount Previous Year Percentage
Admissions $ 1,04,312.00 22.10% $ 1,16,644.00 24.10% Event Related revenue $ 1,42,544.00
30.20% $ 1,31,164.00 27.10% NASCAR Broadcasting Revenue $ 1,80,304.00 38.20% $
1,70,368.00 35.20% Other Operating Income $ 44,840.00 9.50% $ 65,824.00 13.60%
Total Revenue $ 4,72,000.00 100.00% $ 4,84,000.00 100.00% Expenses and others
Direct expenses of events $ 91,568.00 19.40% $ 1,01,640.00 21.00% NASCAR purse and
sanction fees $ 1,18,000.00 25.00% $ 1,17,612.00 24.30% Other direct expenses $ 19,352.00
4.10% $ 20,328.00 4.20% General and adminstrative $ 1,95,880.00 41.50% $ 2,20,220.00
45.50% Total Expenses and others $ 4,24,800.00 90.00% $ 4,59,800.00 95.00% Income
from continuing operation $ 47,200.00 10.00% $ 24,200.00 5.00%.
The document discusses pruning code by removing unnecessary branching and conditional statements. It provides examples of how to "prune" code by refactoring conditional logic using polymorphism instead of if/else statements or switch cases. This avoids deep nesting and duplication of conditions. It also moves the condition check to a single location rather than having it scattered throughout the code. The benefits mentioned are that pruned code is easier to read, understand, test, maintain and extend, and can provide performance gains by reducing branches.
Tsukasa Sugiura presented an introduction to Kinect v2. Key points included:
- Kinect v2 features improved color camera, depth sensor, infrared camera, and body tracking capabilities compared to v1.
- It supports tracking of 6 people with 25 joints per person and new hand gestures like lasso.
- The SDK provides access to color, depth, infrared, body index, and body frames from the sensor.
- Demonstrated the basic workflow of initializing the sensor, getting frame sources and readers, and processing frame data for different streams.
Compiler optimization transforms programs to equivalent programs that use fewer resources by applying techniques like:
1) Combining multiple simple operations like increments into a single optimized operation
2) Evaluating constant expressions at compile-time rather than run-time
3) Eliminating redundant computations and storing values in registers rather than memory when possible
4) Optimizing loops, conditionals, and expressions to minimize computations
Compiler optimization aims to minimize program execution time, memory usage, and power consumption by transforming programs in various ways before producing executable code. Some key techniques include instruction combining, constant folding, common subexpression elimination, strength reduction, dead code elimination, and loop optimizations. This improves program efficiency and performance.
DevConf 2016
"Развитие ветки PHP-7", Дмитрий Стогов (Zend Technologies)
Я расскажу о внутреннем устройстве PHP-7.0, изменениях готовящихся в PHP-7.1 и планах на PHP-7.2.
How to practice functional programming in reactNetta Bondy
1. The document discusses principles of functional programming like pure functions, function composition, and currying that can be applied in React using hooks.
2. It explains how hooks allow separating side effects from pure functions, and how to manage state functionally using useReducer.
3. Custom hooks can be composed to build reusable logic, like a useLog hook that logs the return value of another custom hook useCountTimeout that increments a counter over time.
Facts about multithreading that'll keep you up at night - Guy Bar on, VonageCodemotion Tel Aviv
Multithreading allows a CPU to execute multiple processes concurrently. It improves CPU utilization and prevents idle resources. However, it can also cause issues like race conditions when threads access shared data without synchronization, deadlocks when threads wait for each other indefinitely, and priority inversions when a high priority thread waits for a lower priority thread. Other challenges include too many threads causing excessive context switching, non-atomic operations on 64-bit values, and unpredictable order of evaluation for expressions with side effects. Caches on modern CPUs can also cause inconsistent reads if threads access different versions of the same data in different caches.
Nagios Conference 2012 - Dave Josephsen - Stop Being LazyNagios
Dave Josephsen's presentation on using writing event brokers for Nagios.
The presentation was given during the Nagios World Conference North America held Sept 25-28th, 2012 in Saint Paul, MN. For more information on the conference (including photos and videos), visit: http://go.nagios.com/nwcna
This document discusses refactoring code. It begins with a definition of refactoring as restructuring existing code without changing external behavior. It then provides reasons for refactoring such as removing duplication, improving design and readability. The document outlines different types of tests that can be used for refactoring like unit tests and integration tests. It provides examples of refactoring techniques for different programming languages like removing nested conditionals in C#. It emphasizes principles for refactoring like keeping the code clear and telling a story. It also discusses functional programming inspirations and the importance of the right tools.
Just Click on Below Link to Download This Course:
https://www.devrycoursehelp.com/product/devry-gsp-115-week-3-assignment-latest/
DeVry GSP 115 Week 3 Assignment latest
Week 3: Loops and Branching
Instructions
Complete the following assignments. Copy and paste your finished code into a Word document, clearly identifying which assignment it is. Also, capture the output of the program and paste that into the Word document. If there are questions to be answered, put the answers after the output. When you complete all three of this week’s assignments, save the document as yourLastName_GSP115_W3_Assignments.docx.Submit it to the Week 3 assignment Dropbox.
The document provides information about C++ aptitude and object-oriented programming (OOP) concepts. It contains sample C++ code snippets and questions with explanations to test understanding of topics like classes, inheritance, polymorphism, operator overloading, templates, and more.
Beyond unit tests: Testing for Spark/Hadoop Workflows with Shankar Manian Ana...Spark Summit
As a Spark developer, do you want to quickly develop your Spark workflows? Do you want to test your workflows in a sandboxed environment similar to production? Do you want to write end-to-end tests for your workflows and add assertions on top of it? In just a few years, the number of users writing Spark jobs at LinkedIn have grown from tens to hundreds, and the number of jobs running every day has grown from hundreds to thousands. With the ever increasing number of users and jobs, it becomes crucial to reduce the development time for these jobs. It is also important to test these jobs thoroughly before they go to production. Currently, there is no way users can test their spark jobs end-to-end. The only way is to divide the spark jobs into functions and unit test the functions. We’ve tried to address these issues by creating a testing framework for Spark workflows. The testing framework enables the users to run their jobs in an environment similar to the production environment and on the data which is sampled from the original data. The testing framework consists of a test deployment system, a data generation pipeline to generate the sampled data, a data management system to help users manage and search the sampled data and an assertion engine to validate the test output. In this talk, we will discuss the motivation behind the testing framework before deep diving into its design. We will further discuss how the testing framework is helping the Spark users at LinkedIn to be more productive.
Similar to Eric Lafortune - ProGuard: Optimizer and obfuscator in the Android SDK (20)
Transform Your Communication with Cloud-Based IVR SolutionsTheSMSPoint
Discover the power of Cloud-Based IVR Solutions to streamline communication processes. Embrace scalability and cost-efficiency while enhancing customer experiences with features like automated call routing and voice recognition. Accessible from anywhere, these solutions integrate seamlessly with existing systems, providing real-time analytics for continuous improvement. Revolutionize your communication strategy today with Cloud-Based IVR Solutions. Learn more at: https://thesmspoint.com/channel/cloud-telephony
When it is all about ERP solutions, companies typically meet their needs with common ERP solutions like SAP, Oracle, and Microsoft Dynamics. These big players have demonstrated that ERP systems can be either simple or highly comprehensive. This remains true today, but there are new factors to consider, including a promising new contender in the market that’s Odoo. This blog compares Odoo ERP with traditional ERP systems and explains why many companies now see Odoo ERP as the best choice.
What are ERP Systems?
An ERP, or Enterprise Resource Planning, system provides your company with valuable information to help you make better decisions and boost your ROI. You should choose an ERP system based on your company’s specific needs. For instance, if you run a manufacturing or retail business, you will need an ERP system that efficiently manages inventory. A consulting firm, on the other hand, would benefit from an ERP system that enhances daily operations. Similarly, eCommerce stores would select an ERP system tailored to their needs.
Because different businesses have different requirements, ERP system functionalities can vary. Among the various ERP systems available, Odoo ERP is considered one of the best in the ERp market with more than 12 million global users today.
Odoo is an open-source ERP system initially designed for small to medium-sized businesses but now suitable for a wide range of companies. Odoo offers a scalable and configurable point-of-sale management solution and allows you to create customised modules for specific industries. Odoo is gaining more popularity because it is built in a way that allows easy customisation, has a user-friendly interface, and is affordable. Here, you will cover the main differences and get to know why Odoo is gaining attention despite the many other ERP systems available in the market.
Neo4j - Product Vision and Knowledge Graphs - GraphSummit ParisNeo4j
Dr. Jesús Barrasa, Head of Solutions Architecture for EMEA, Neo4j
Découvrez les dernières innovations de Neo4j, et notamment les dernières intégrations cloud et les améliorations produits qui font de Neo4j un choix essentiel pour les développeurs qui créent des applications avec des données interconnectées et de l’IA générative.
Need for Speed: Removing speed bumps from your Symfony projects ⚡️Łukasz Chruściel
No one wants their application to drag like a car stuck in the slow lane! Yet it’s all too common to encounter bumpy, pothole-filled solutions that slow the speed of any application. Symfony apps are not an exception.
In this talk, I will take you for a spin around the performance racetrack. We’ll explore common pitfalls - those hidden potholes on your application that can cause unexpected slowdowns. Learn how to spot these performance bumps early, and more importantly, how to navigate around them to keep your application running at top speed.
We will focus in particular on tuning your engine at the application level, making the right adjustments to ensure that your system responds like a well-oiled, high-performance race car.
Top Benefits of Using Salesforce Healthcare CRM for Patient Management.pdfVALiNTRY360
Salesforce Healthcare CRM, implemented by VALiNTRY360, revolutionizes patient management by enhancing patient engagement, streamlining administrative processes, and improving care coordination. Its advanced analytics, robust security, and seamless integration with telehealth services ensure that healthcare providers can deliver personalized, efficient, and secure patient care. By automating routine tasks and providing actionable insights, Salesforce Healthcare CRM enables healthcare providers to focus on delivering high-quality care, leading to better patient outcomes and higher satisfaction. VALiNTRY360's expertise ensures a tailored solution that meets the unique needs of any healthcare practice, from small clinics to large hospital systems.
For more info visit us https://valintry360.com/solutions/health-life-sciences
Introducing Crescat - Event Management Software for Venues, Festivals and Eve...Crescat
Crescat is industry-trusted event management software, built by event professionals for event professionals. Founded in 2017, we have three key products tailored for the live event industry.
Crescat Event for concert promoters and event agencies. Crescat Venue for music venues, conference centers, wedding venues, concert halls and more. And Crescat Festival for festivals, conferences and complex events.
With a wide range of popular features such as event scheduling, shift management, volunteer and crew coordination, artist booking and much more, Crescat is designed for customisation and ease-of-use.
Over 125,000 events have been planned in Crescat and with hundreds of customers of all shapes and sizes, from boutique event agencies through to international concert promoters, Crescat is rigged for success. What's more, we highly value feedback from our users and we are constantly improving our software with updates, new features and improvements.
If you plan events, run a venue or produce festivals and you're looking for ways to make your life easier, then we have a solution for you. Try our software for free or schedule a no-obligation demo with one of our product specialists today at crescat.io
How Can Hiring A Mobile App Development Company Help Your Business Grow?ToXSL Technologies
ToXSL Technologies is an award-winning Mobile App Development Company in Dubai that helps businesses reshape their digital possibilities with custom app services. As a top app development company in Dubai, we offer highly engaging iOS & Android app solutions. https://rb.gy/necdnt
UI5con 2024 - Keynote: Latest News about UI5 and it’s EcosystemPeter Muessig
Learn about the latest innovations in and around OpenUI5/SAPUI5: UI5 Tooling, UI5 linter, UI5 Web Components, Web Components Integration, UI5 2.x, UI5 GenAI.
Recording:
https://www.youtube.com/live/MSdGLG2zLy8?si=INxBHTqkwHhxV5Ta&t=0
SOCRadar's Aviation Industry Q1 Incident Report is out now!
The aviation industry has always been a prime target for cybercriminals due to its critical infrastructure and high stakes. In the first quarter of 2024, the sector faced an alarming surge in cybersecurity threats, revealing its vulnerabilities and the relentless sophistication of cyber attackers.
SOCRadar’s Aviation Industry, Quarterly Incident Report, provides an in-depth analysis of these threats, detected and examined through our extensive monitoring of hacker forums, Telegram channels, and dark web platforms.
Everything You Need to Know About X-Sign: The eSign Functionality of XfilesPr...XfilesPro
Wondering how X-Sign gained popularity in a quick time span? This eSign functionality of XfilesPro DocuPrime has many advancements to offer for Salesforce users. Explore them now!
Measures in SQL (SIGMOD 2024, Santiago, Chile)Julian Hyde
SQL has attained widespread adoption, but Business Intelligence tools still use their own higher level languages based upon a multidimensional paradigm. Composable calculations are what is missing from SQL, and we propose a new kind of column, called a measure, that attaches a calculation to a table. Like regular tables, tables with measures are composable and closed when used in queries.
SQL-with-measures has the power, conciseness and reusability of multidimensional languages but retains SQL semantics. Measure invocations can be expanded in place to simple, clear SQL.
To define the evaluation semantics for measures, we introduce context-sensitive expressions (a way to evaluate multidimensional expressions that is consistent with existing SQL semantics), a concept called evaluation context, and several operations for setting and modifying the evaluation context.
A talk at SIGMOD, June 9–15, 2024, Santiago, Chile
Authors: Julian Hyde (Google) and John Fremlin (Google)
https://doi.org/10.1145/3626246.3653374
E-Invoicing Implementation: A Step-by-Step Guide for Saudi Arabian CompaniesQuickdice ERP
Explore the seamless transition to e-invoicing with this comprehensive guide tailored for Saudi Arabian businesses. Navigate the process effortlessly with step-by-step instructions designed to streamline implementation and enhance efficiency.
Do you want Software for your Business? Visit Deuglo
Deuglo has top Software Developers in India. They are experts in software development and help design and create custom Software solutions.
Deuglo follows seven steps methods for delivering their services to their customers. They called it the Software development life cycle process (SDLC).
Requirement — Collecting the Requirements is the first Phase in the SSLC process.
Feasibility Study — after completing the requirement process they move to the design phase.
Design — in this phase, they start designing the software.
Coding — when designing is completed, the developers start coding for the software.
Testing — in this phase when the coding of the software is done the testing team will start testing.
Installation — after completion of testing, the application opens to the live server and launches!
Maintenance — after completing the software development, customers start using the software.
Using Query Store in Azure PostgreSQL to Understand Query PerformanceGrant Fritchey
Microsoft has added an excellent new extension in PostgreSQL on their Azure Platform. This session, presented at Posette 2024, covers what Query Store is and the types of information you can get out of it.
Using Query Store in Azure PostgreSQL to Understand Query Performance
Eric Lafortune - ProGuard: Optimizer and obfuscator in the Android SDK
1. #mceconf #mce-proguard 11 Jan 2014
ProGuard
Optimizer and Obfuscator
in the Android SDK
Eric Lafortune
Developer of ProGuard
Technical director at Saikoa
2. #mceconf #mce-proguard 11 Jan 2014
ProGuard
Generic
Shrinker
Optimizer
Obfuscator
For Java bytecode
Open source
3. #mceconf #mce-proguard 11 Jan 2014
ProGuard history
Java applications
Applets
2002
Midlets
2010 2012
Android apps
●
May 2002 First release
●
Sep 2010 Recommended for protecting LVL
●
Dec 2010 Part of Android SDK
●
Jan 2012 Startup Saikoa
7. #mceconf #mce-proguard 11 Jan 2014
Application size
classes.dex size .apk size
Without
ProGuard
With
ProGuard
Reduction
ApiDemos 716 K 482 K 33 % 2.6 M 2.5 M 4 %
GoogleIO
App
3.4 M 905 K 75 % 1.9 M 906 K 53 %
ApiDemos
in Scala*
~6 M 542 K ~90 % ~8 M 2.5 M ~70 %
* [Stéphane Micheloud, http://lampwww.epfl.ch/~michelou/android/library-code-shrinking.html]
10. #mceconf #mce-proguard 11 Jan 2014
How to enable ProGuard?
Ant and Eclipse: project.properties
→ only applied when building release versions
# To enable ProGuard to shrink and obfuscate your code, uncomment this
#proguard.config=
${sdk.dir}/tools/proguard/proguard-android.txt:
proguard-project.txt
# To enable ProGuard to shrink and obfuscate your code, uncomment this
#proguard.config=
${sdk.dir}/tools/proguard/proguard-android.txt:
proguard-project.txt
Tip
12. #mceconf #mce-proguard 11 Jan 2014
Notes and warnings
“Closed-world assumption”
→ if debug build works fine,
then ok to ignore in proguard-project.txt:
Warning: com.dropbox.client2.DropboxAPI:
can't find referenced class org.json.simple.JSONArray
Warning: com.dropbox.client2.DropboxAPI:
can't find referenced class org.json.simple.JSONArray
-dontwarn twitter4j.internal.logging.**
-dontwarn com.dropbox.client2.**
-dontwarn twitter4j.internal.logging.**
-dontwarn com.dropbox.client2.**
Warning: twitter4j.internal.logging.Log4JLoggerFactory:
can't find referenced class org.apache.log4j.Logger
Warning: twitter4j.internal.logging.SLF4JLoggerFactory:
can't find referenced class org.slf4j.LoggerFactory
...
Warning: twitter4j.internal.logging.Log4JLoggerFactory:
can't find referenced class org.apache.log4j.Logger
Warning: twitter4j.internal.logging.SLF4JLoggerFactory:
can't find referenced class org.slf4j.LoggerFactory
...
Tip
13. #mceconf #mce-proguard 11 Jan 2014
Notes and warnings
Straight to the Troubleshooting page:
Warning: there were 12 unresolved references to classes or interfaces.
You may need to add missing library jars or update their versions.
If your code works fine without the missing classes, you can suppress
the warnings with '-dontwarn' options.
(http://proguard.sourceforge.net/manual/troubleshooting.html#unresolvedclass)
Warning: there were 12 unresolved references to classes or interfaces.
You may need to add missing library jars or update their versions.
If your code works fine without the missing classes, you can suppress
the warnings with '-dontwarn' options.
(http://proguard.sourceforge.net/manual/troubleshooting.html#unresolvedclass)
New
16. #mceconf #mce-proguard 11 Jan 2014
Entry points
1) Activities, applications, services, fragments,...
→ provided automatically by Android build process
-keep public class * extends android.app.Activity
-keep public class * extends android.app.Application
-keep public class * extends android.app.Service
…
-keep public class * extends android.app.Activity
-keep public class * extends android.app.Application
-keep public class * extends android.app.Service
…
17. #mceconf #mce-proguard 11 Jan 2014
Entry points
2) Introspection, e.g. Guice, RoboGuice
→ must be specified in proguard-project.txt:
-keepclassmembers class * {
@javax.inject.** <fields>;
@com.google.inject.** <fields>;
@roboguice.** <fields>;
@roboguice.event.Observes <methods>;
}
-keepclassmembers class * {
@javax.inject.** <fields>;
@com.google.inject.** <fields>;
@roboguice.** <fields>;
@roboguice.event.Observes <methods>;
}
Tip
18. #mceconf #mce-proguard 11 Jan 2014
Optimization
At the bytecode instruction level:
●
Dead code elimination
●
Constant propagation
●
Method inlining
●
Class merging
●
Remove logging code
●
Peephole optimizations
●
Devirtualization
●
...
19. #mceconf #mce-proguard 11 Jan 2014
Optimization example
int answer = computeAnswer(1, 2, 3, 7);int answer = computeAnswer(1, 2, 3, 7);
int computeAnswer(int f1, int f2, int f3, int f4) {
if (f2 == 1 && f3 == 1 && f4 == 1) {
return f1;
} else {
return computeAnswer(f1 * f2, f3, f4, 1);
}
}
int computeAnswer(int f1, int f2, int f3, int f4) {
if (f2 == 1 && f3 == 1 && f4 == 1) {
return f1;
} else {
return computeAnswer(f1 * f2, f3, f4, 1);
}
}
20. #mceconf #mce-proguard 11 Jan 2014
Optimization example
int answer = computeAnswer(1, 2, 3, 7);int answer = computeAnswer(1, 2, 3, 7);
int computeAnswer(int f1, int f2, int f3, int f4) {
if (f2 == 1 && f3 == 1 && f4 == 1) {
return f1;
} else {
return computeAnswer(f1 * f2, f3, f4, 1);
}
}
int computeAnswer(int f1, int f2, int f3, int f4) {
if (f2 == 1 && f3 == 1 && f4 == 1) {
return f1;
} else {
return computeAnswer(f1 * f2, f3, f4, 1);
}
}
int computeAnswer(int f1, int f2, int f3, int f4) {
do {
if (f2 == 1 && f3 == 1 && f4 == 1) {
return f1;
} else {
f1 = f1 * f2; f2 = f3, f3 = f4, f4 = 1;
}
} while (true);
}
int computeAnswer(int f1, int f2, int f3, int f4) {
do {
if (f2 == 1 && f3 == 1 && f4 == 1) {
return f1;
} else {
f1 = f1 * f2; f2 = f3, f3 = f4, f4 = 1;
}
} while (true);
}
21. #mceconf #mce-proguard 11 Jan 2014
Optimization example
int answer = computeAnswer(1, 2, 3, 7);int answer = computeAnswer(1, 2, 3, 7);
int computeAnswer(int f1, int f2, int f3, int f4) {
if (f2 == 1 && f3 == 1 && f4 == 1) {
return f1;
} else {
return computeAnswer(f1 * f2, f3, f4, 1);
}
}
int computeAnswer(int f1, int f2, int f3, int f4) {
if (f2 == 1 && f3 == 1 && f4 == 1) {
return f1;
} else {
return computeAnswer(f1 * f2, f3, f4, 1);
}
}
int computeAnswer(int f1, int f2, int f3, int f4) {
do {
if (f2 == 1 && f3 == 1 && f4 == 1) {
return f1;
} else {
f1 = f1 * f2; f2 = f3, f3 = f4, f4 = 1;
}
} while (true);
}
int computeAnswer(int f1, int f2, int f3, int f4) {
do {
if (f2 == 1 && f3 == 1 && f4 == 1) {
return f1;
} else {
f1 = f1 * f2; f2 = f3, f3 = f4, f4 = 1;
}
} while (true);
}
22. #mceconf #mce-proguard 11 Jan 2014
Optimization example
int answer = computeAnswer(1, 2, 3, 7);int answer = computeAnswer(1, 2, 3, 7);
int computeAnswer(int f1, int f2, int f3, int f4) {
if (f2 == 1 && f3 == 1 && f4 == 1) {
return f1;
} else {
return computeAnswer(f1 * f2, f3, f4, 1);
}
}
int computeAnswer(int f1, int f2, int f3, int f4) {
if (f2 == 1 && f3 == 1 && f4 == 1) {
return f1;
} else {
return computeAnswer(f1 * f2, f3, f4, 1);
}
}
int computeAnswer(int f1, int f2, int f3, int f4) {
do {
if (f2 == 1 && f3 == 1 && f4 == 1) {
return f1;
} else {
f1 = f1 * f2; f2 = f3, f3 = f4, f4 = 1;
}
} while (true);
}
int computeAnswer(int f1, int f2, int f3, int f4) {
do {
if (f2 == 1 && f3 == 1 && f4 == 1) {
return f1;
} else {
f1 = f1 * f2; f2 = f3, f3 = f4, f4 = 1;
}
} while (true);
}
int computeAnswer() {
return 42;
}
int computeAnswer() {
return 42;
}
23. #mceconf #mce-proguard 11 Jan 2014
Optimization example
int answer = computeAnswer(1, 2, 3, 7);int answer = computeAnswer(1, 2, 3, 7);
int computeAnswer(int f1, int f2, int f3, int f4) {
if (f2 == 1 && f3 == 1 && f4 == 1) {
return f1;
} else {
return computeAnswer(f1 * f2, f3, f4, 1);
}
}
int computeAnswer(int f1, int f2, int f3, int f4) {
if (f2 == 1 && f3 == 1 && f4 == 1) {
return f1;
} else {
return computeAnswer(f1 * f2, f3, f4, 1);
}
}
int computeAnswer(int f1, int f2, int f3, int f4) {
do {
if (f2 == 1 && f3 == 1 && f4 == 1) {
return f1;
} else {
f1 = f1 * f2; f2 = f3, f3 = f4, f4 = 1;
}
} while (true);
}
int computeAnswer(int f1, int f2, int f3, int f4) {
do {
if (f2 == 1 && f3 == 1 && f4 == 1) {
return f1;
} else {
f1 = f1 * f2; f2 = f3, f3 = f4, f4 = 1;
}
} while (true);
}
int computeAnswer() {
return 42;
}
int computeAnswer() {
return 42;
}
int answer = 42;int answer = 42;
24. #mceconf #mce-proguard 11 Jan 2014
Optimization: enum
int answer = getAnswer(MyEnum.GREEN);int answer = getAnswer(MyEnum.GREEN);
int getAnswer(MyEnum e) {
switch (e) {
case RED: return 1;
case GREEN: return 42;
default: return 0;
}
}
int getAnswer(MyEnum e) {
switch (e) {
case RED: return 1;
case GREEN: return 42;
default: return 0;
}
}
enum MyEnum {
RED, GREEN, BLUE
}
enum MyEnum {
RED, GREEN, BLUE
}
New
25. #mceconf #mce-proguard 11 Jan 2014
Optimization: enum
int answer = getAnswer(MyEnum.GREEN);int answer = getAnswer(MyEnum.GREEN);
int getAnswer(MyEnum e) {
switch (e) {
case RED: return 1;
case GREEN: return 42;
default: return 0;
}
}
int getAnswer(MyEnum e) {
switch (e) {
case RED: return 1;
case GREEN: return 42;
default: return 0;
}
}
enum MyEnum {
RED, GREEN, BLUE
}
enum MyEnum {
RED, GREEN, BLUE
}
class MyEnum {
static final MyEnum RED = new MyEnum(“RED”, 0);
static final MyEnum GREEN = new MyEnum(“GREEN”, 0);
static final MyEnum BLUE = new MyEnum(“BLUE”, 0);
static final MyEnum[] $VALUES =
new MyEnum[] { RED, GREEN, BLUE };
...
}
class MyEnum {
static final MyEnum RED = new MyEnum(“RED”, 0);
static final MyEnum GREEN = new MyEnum(“GREEN”, 0);
static final MyEnum BLUE = new MyEnum(“BLUE”, 0);
static final MyEnum[] $VALUES =
new MyEnum[] { RED, GREEN, BLUE };
...
}
New
26. #mceconf #mce-proguard 11 Jan 2014
Optimization: enum
int answer = getAnswer(MyEnum.GREEN);int answer = getAnswer(MyEnum.GREEN);
int getAnswer(MyEnum e) {
switch (e) {
case RED: return 1;
case GREEN: return 42;
default: return 0;
}
}
int getAnswer(MyEnum e) {
switch (e) {
case RED: return 1;
case GREEN: return 42;
default: return 0;
}
}
enum MyEnum {
RED, GREEN, BLUE
}
enum MyEnum {
RED, GREEN, BLUE
}
int getAnswer(MyEnum e) {
switch (Internal.$SwitchMap[e.ordinal()]) {
case 1: return 1;
case 2: return 42;
default: return 0;
}
}
int getAnswer(MyEnum e) {
switch (Internal.$SwitchMap[e.ordinal()]) {
case 1: return 1;
case 2: return 42;
default: return 0;
}
}
class MyEnum {
static final MyEnum RED = new MyEnum(“RED”, 0);
static final MyEnum GREEN = new MyEnum(“GREEN”, 0);
static final MyEnum BLUE = new MyEnum(“BLUE”, 0);
static final MyEnum[] $VALUES =
new MyEnum[] { RED, GREEN, BLUE };
...
}
class MyEnum {
static final MyEnum RED = new MyEnum(“RED”, 0);
static final MyEnum GREEN = new MyEnum(“GREEN”, 0);
static final MyEnum BLUE = new MyEnum(“BLUE”, 0);
static final MyEnum[] $VALUES =
new MyEnum[] { RED, GREEN, BLUE };
...
}
class Internal {
static final int[] $SwitchMap
new int[MyEnum.values().length];
static {
$SwitchMap[MyEnum.GREEN.ordinal()] = 1;
$SwitchMap[MyEnum.RED.ordinal()] = 2;
}
}
class Internal {
static final int[] $SwitchMap
new int[MyEnum.values().length];
static {
$SwitchMap[MyEnum.GREEN.ordinal()] = 1;
$SwitchMap[MyEnum.RED.ordinal()] = 2;
}
}
New
27. #mceconf #mce-proguard 11 Jan 2014
Optimization: enum
int answer = getAnswer(MyEnum.GREEN);int answer = getAnswer(MyEnum.GREEN);
int getAnswer(MyEnum e) {
switch (e) {
case RED: return 1;
case GREEN: return 42;
default: return 0;
}
}
int getAnswer(MyEnum e) {
switch (e) {
case RED: return 1;
case GREEN: return 42;
default: return 0;
}
}
enum MyEnum {
RED, GREEN, BLUE
}
enum MyEnum {
RED, GREEN, BLUE
}
int getAnswer(MyEnum e) {
switch (Internal.$SwitchMap[e.ordinal()]) {
case 1: return 1;
case 2: return 42;
default: return 0;
}
}
int getAnswer(MyEnum e) {
switch (Internal.$SwitchMap[e.ordinal()]) {
case 1: return 1;
case 2: return 42;
default: return 0;
}
}
class MyEnum {
static final MyEnum RED = new MyEnum(“RED”, 0);
static final MyEnum GREEN = new MyEnum(“GREEN”, 0);
static final MyEnum BLUE = new MyEnum(“BLUE”, 0);
static final MyEnum[] $VALUES =
new MyEnum[] { RED, GREEN, BLUE };
...
}
class MyEnum {
static final MyEnum RED = new MyEnum(“RED”, 0);
static final MyEnum GREEN = new MyEnum(“GREEN”, 0);
static final MyEnum BLUE = new MyEnum(“BLUE”, 0);
static final MyEnum[] $VALUES =
new MyEnum[] { RED, GREEN, BLUE };
...
}
class Internal {
static final int[] $SwitchMap
new int[MyEnum.values().length];
static {
$SwitchMap[MyEnum.GREEN.ordinal()] = 1;
$SwitchMap[MyEnum.RED.ordinal()] = 2;
}
}
class Internal {
static final int[] $SwitchMap
new int[MyEnum.values().length];
static {
$SwitchMap[MyEnum.GREEN.ordinal()] = 1;
$SwitchMap[MyEnum.RED.ordinal()] = 2;
}
}
int answer = getAnswer(2);int answer = getAnswer(2);
int getAnswer(int e) {
switch (Internal.$SwitchMap[e]) {
case 1: return 1;
case 2: return 42;
default: return 0;
}
}
int getAnswer(int e) {
switch (Internal.$SwitchMap[e]) {
case 1: return 1;
case 2: return 42;
default: return 0;
}
}
New
class Internal {
static final int[] $SwitchMap =
new int[3];
static {
$SwitchMap[1] = 1;
$SwitchMap[2] = 2;
}
}
class Internal {
static final int[] $SwitchMap =
new int[3];
static {
$SwitchMap[1] = 1;
$SwitchMap[2] = 2;
}
}
28. #mceconf #mce-proguard 11 Jan 2014
Optimization: enum
int answer = getAnswer(MyEnum.GREEN);int answer = getAnswer(MyEnum.GREEN);
int getAnswer(MyEnum e) {
switch (e) {
case RED: return 1;
case GREEN: return 42;
default: return 0;
}
}
int getAnswer(MyEnum e) {
switch (e) {
case RED: return 1;
case GREEN: return 42;
default: return 0;
}
}
enum MyEnum {
RED, GREEN, BLUE
}
enum MyEnum {
RED, GREEN, BLUE
}
int getAnswer(MyEnum e) {
switch (Internal.$SwitchMap[e.ordinal()]) {
case 1: return 1;
case 2: return 42;
default: return 0;
}
}
int getAnswer(MyEnum e) {
switch (Internal.$SwitchMap[e.ordinal()]) {
case 1: return 1;
case 2: return 42;
default: return 0;
}
}
class MyEnum {
static final MyEnum RED = new MyEnum(“RED”, 0);
static final MyEnum GREEN = new MyEnum(“GREEN”, 0);
static final MyEnum BLUE = new MyEnum(“BLUE”, 0);
static final MyEnum[] $VALUES =
new MyEnum[] { RED, GREEN, BLUE };
...
}
class MyEnum {
static final MyEnum RED = new MyEnum(“RED”, 0);
static final MyEnum GREEN = new MyEnum(“GREEN”, 0);
static final MyEnum BLUE = new MyEnum(“BLUE”, 0);
static final MyEnum[] $VALUES =
new MyEnum[] { RED, GREEN, BLUE };
...
}
class Internal {
static final int[] $SwitchMap
new int[MyEnum.values().length];
static {
$SwitchMap[MyEnum.GREEN.ordinal()] = 1;
$SwitchMap[MyEnum.RED.ordinal()] = 2;
}
}
class Internal {
static final int[] $SwitchMap
new int[MyEnum.values().length];
static {
$SwitchMap[MyEnum.GREEN.ordinal()] = 1;
$SwitchMap[MyEnum.RED.ordinal()] = 2;
}
}
int answer = getAnswer(2);int answer = getAnswer(2);
int getAnswer(int e) {
switch (Internal.$SwitchMap[e]) {
case 1: return 1;
case 2: return 42;
default: return 0;
}
}
int getAnswer(int e) {
switch (Internal.$SwitchMap[e]) {
case 1: return 1;
case 2: return 42;
default: return 0;
}
}
int getAnswer(int e) {
switch (e) {
case 1: return 1;
case 2: return 42;
default: return 0;
}
}
int getAnswer(int e) {
switch (e) {
case 1: return 1;
case 2: return 42;
default: return 0;
}
}
New
class Internal {
static final int[] $SwitchMap =
new int[3];
static {
$SwitchMap[1] = 1;
$SwitchMap[2] = 2;
}
}
class Internal {
static final int[] $SwitchMap =
new int[3];
static {
$SwitchMap[1] = 1;
$SwitchMap[2] = 2;
}
}
29. #mceconf #mce-proguard 11 Jan 2014
Optimization: enum
int answer = getAnswer(MyEnum.GREEN);int answer = getAnswer(MyEnum.GREEN);
int getAnswer(MyEnum e) {
switch (e) {
case RED: return 1;
case GREEN: return 42;
default: return 0;
}
}
int getAnswer(MyEnum e) {
switch (e) {
case RED: return 1;
case GREEN: return 42;
default: return 0;
}
}
enum MyEnum {
RED, GREEN, BLUE
}
enum MyEnum {
RED, GREEN, BLUE
}
int getAnswer(MyEnum e) {
switch (Internal.$SwitchMap[e.ordinal()]) {
case 1: return 1;
case 2: return 42;
default: return 0;
}
}
int getAnswer(MyEnum e) {
switch (Internal.$SwitchMap[e.ordinal()]) {
case 1: return 1;
case 2: return 42;
default: return 0;
}
}
class MyEnum {
static final MyEnum RED = new MyEnum(“RED”, 0);
static final MyEnum GREEN = new MyEnum(“GREEN”, 0);
static final MyEnum BLUE = new MyEnum(“BLUE”, 0);
static final MyEnum[] $VALUES =
new MyEnum[] { RED, GREEN, BLUE };
...
}
class MyEnum {
static final MyEnum RED = new MyEnum(“RED”, 0);
static final MyEnum GREEN = new MyEnum(“GREEN”, 0);
static final MyEnum BLUE = new MyEnum(“BLUE”, 0);
static final MyEnum[] $VALUES =
new MyEnum[] { RED, GREEN, BLUE };
...
}
class Internal {
static final int[] $SwitchMap
new int[MyEnum.values().length];
static {
$SwitchMap[MyEnum.GREEN.ordinal()] = 1;
$SwitchMap[MyEnum.RED.ordinal()] = 2;
}
}
class Internal {
static final int[] $SwitchMap
new int[MyEnum.values().length];
static {
$SwitchMap[MyEnum.GREEN.ordinal()] = 1;
$SwitchMap[MyEnum.RED.ordinal()] = 2;
}
}
int answer = getAnswer(2);int answer = getAnswer(2);
int getAnswer(int e) {
switch (Internal.$SwitchMap[e]) {
case 1: return 1;
case 2: return 42;
default: return 0;
}
}
int getAnswer(int e) {
switch (Internal.$SwitchMap[e]) {
case 1: return 1;
case 2: return 42;
default: return 0;
}
}
int getAnswer(int e) {
switch (e) {
case 1: return 1;
case 2: return 42;
default: return 0;
}
}
int getAnswer(int e) {
switch (e) {
case 1: return 1;
case 2: return 42;
default: return 0;
}
}
int answer = 42;int answer = 42;
New
class Internal {
static final int[] $SwitchMap =
new int[3];
static {
$SwitchMap[1] = 1;
$SwitchMap[2] = 2;
}
}
class Internal {
static final int[] $SwitchMap =
new int[3];
static {
$SwitchMap[1] = 1;
$SwitchMap[2] = 2;
}
}
30. #mceconf #mce-proguard 11 Jan 2014
How to enable optimization?
Ant and Eclipse: project.properties
Tip
# To enable ProGuard to shrink and obfuscate your code, uncomment this
proguard.config=
${sdk.dir}/tools/proguard/proguard-android-optimize.txt:
proguard-project.txt
# To enable ProGuard to shrink and obfuscate your code, uncomment this
proguard.config=
${sdk.dir}/tools/proguard/proguard-android-optimize.txt:
proguard-project.txt
32. #mceconf #mce-proguard 11 Jan 2014
Remove logging code
Specify assumptions in proguard-project.txt:
-assumenosideeffects class android.util.Log {
public static boolean isLoggable(java.lang.String, int);
public static int v(...);
public static int i(...);
public static int w(...);
public static int d(...);
public static int e(...);
public static java.lang.String getStackTraceString
(java.lang.Throwable);
}
-assumenosideeffects class android.util.Log {
public static boolean isLoggable(java.lang.String, int);
public static int v(...);
public static int i(...);
public static int w(...);
public static int d(...);
public static int e(...);
public static java.lang.String getStackTraceString
(java.lang.Throwable);
}
Tip
33. #mceconf #mce-proguard 11 Jan 2014
Obfuscation
Traditional name obfuscation:
●
Rename identifiers:
class/field/method names
●
Remove debug information:
line numbers, local variable names,...
34. #mceconf #mce-proguard 11 Jan 2014
Obfuscation example
public class MyComputationClass {
private MySettings settings;
private MyAlgorithm algorithm;
private int answer;
public int computeAnswer(int input) {
…
return answer;
}
}
public class MyComputationClass {
private MySettings settings;
private MyAlgorithm algorithm;
private int answer;
public int computeAnswer(int input) {
…
return answer;
}
}
35. #mceconf #mce-proguard 11 Jan 2014
Obfuscation example
public class MyComputationClass {
private MySettings settings;
private MyAlgorithm algorithm;
private int answer;
public int computeAnswer(int input) {
…
return answer;
}
}
public class MyComputationClass {
private MySettings settings;
private MyAlgorithm algorithm;
private int answer;
public int computeAnswer(int input) {
…
return answer;
}
}
public class a {
private b a;
private c b;
private int c;
public int a(int a) {
…
return c;
}
}
public class a {
private b a;
private c b;
private int c;
public int a(int a) {
…
return c;
}
}
36. #mceconf #mce-proguard 11 Jan 2014
Complementary steps
Optimization Obfuscation
Irreversibly remove information
37. #mceconf #mce-proguard 11 Jan 2014
What about ART?
The new (experimental) Android RunTime
Application
Java bytecode
ProGuard
Libraries
Java bytecode
Processed
Java bytecode Dex
Dalvik bytecode
Dex2oat
Native code
Development
Device
38. #mceconf #mce-proguard 11 Jan 2014
More application protection?
public class MyVerificationClass {
public int checkSignatures() {
…
return activity
.getPackageManager()
.checkSignatures(“mypackage1”, “mypackage2”);
}
}
public class MyVerificationClass {
public int checkSignatures() {
…
return activity
.getPackageManager()
.checkSignatures(“mypackage1”, “mypackage2”);
}
}
39. #mceconf #mce-proguard 11 Jan 2014
More application protection?
public class MyVerificationClass {
public int checkSignatures() {
…
return activity
.getPackageManager()
.checkSignatures(“mypackage1”, “mypackage2”);
}
}
public class MyVerificationClass {
public int checkSignatures() {
…
return activity
.getPackageManager()
.checkSignatures(“mypackage1”, “mypackage2”);
}
}
public class a {
public int a() {
…
return a
.getPackageManager()
.checkSignatures(“mypackage1”, “mypackage2”);
}
}
public class a {
public int a() {
…
return a
.getPackageManager()
.checkSignatures(“mypackage1”, “mypackage2”);
}
}
40. #mceconf #mce-proguard 11 Jan 2014
More application protection
Nothing is unbreakable, but you can raise the bar:
●
ProGuard
●
String encryption
●
Reflection
●
Dynamic class loading
●
Native code
●
Data encryption
●
… DexGuard
41. #mceconf #mce-proguard 11 Jan 2014
ProGuard - DexGuard
Open source
Generic
Shrinker
Optimizer
Obfuscator
For Java bytecode
Closed source
Specialized
Shrinker
Optimizer
Obfuscator
Protector
For Android
Compatible