How to apply a mapping when files are referenced but not included in the jar?

Hey, hope you are well! I have a rather complex project I’m trying to obfuscate, I have it working fine but there’s a few more things I’d like to get obfuscated that I’m having issues with.

The main application jar contains an encrypted jar that gets loaded, the internal jar uses a library that is only included with the main application, these are the classes I’m having issues with.

My first thought to solve this is to obfuscate the shared library first, and then apply that mapping to the internal jar, pack it into the main jar and then apply the mapping and final obfuscation to the final jar, so that the library included in the main application and the references to it in the internal jar are all obfuscated and match, however when I try to do this I can’t apply the mapping to the internal jar, I’m guessing because the classes aren’t included?

I also just tried to test filtering out a library from the outjar so I could include it, get things renamed and filter it at the end but for some reason it seemed to prevent the outjar from getting built at all.

1 Like

Hi there,

The internal jar (which you load) should not be encrypted, otherwise it cannot be properly obfuscated by ProGuard, as you have noticed. As opposed to tackling this challenge in different parts, you may consider including the library and unencrypted jar in the main app. Then obfuscating the entire thing. In this case, it would share a single mapping file.

If encryption is priority, you might consider DexGuard, which can also apply layered encryption. Using DexGuard, you could include the unencrypted internal jar (which gets loaded) and the shared library, into the main application jar. Then, from one single configuration file, you could obfuscate the library, internal jar and apply layered encryption. In this case, the entire application would share one unified mapping file, as you desire. We have seen many ProGuard users make the switch to DexGuard for added encryption.

Hey Jack, thanks for the reply but I think you may have misunderstood my question… The issue is not that I’m trying to obfuscate the internal jar after encrypting it, clearly that wouldn’t work. I already have my own encryption implementation which I would prefer to use as the entire internal jar isn’t even included with the application and I already have a multi phase build process that takes care of the whole thing for me. I’m just looking to get multiple configs for ProGuard put together so I can include them throughout my build phases.

The issue I’m having is getting ProGuard to obfuscate the parts of the internal jar that use the library included with the main application. In my mind I should just be able to obfuscate the library and apply that mapping to the internal jar and the main application so there’s no clashing but this doesn’t appear to work, my assumption is that this is because the library is only referenced but not contained in the internal jar, but that doesn’t really make sense to me why that would be. If I end up needing to fork ProGuard to add the features I need myself I’ll probably end up doing that, I’ve always been interested in making my own obfuscator anyway.

Hi Laurence,

Thanks for the additional information!

If you obfuscate the library first, ProGuard may be discarding parts of it that the encrypted code needs. Your best bet is to obfuscate both all of the program at the same time:

-injars secret.jar
-injars main.jar
-injars library.jar
-outjars out

By specifying an output directory, you’ll get distinct output jars that ProGuard has shrunk, optimized and obfuscated consistently. You can then encrypt the processed secret.jar and add it to the processed application.

From the sounds of it, you are not developing an Android Application. Is our understanding correct?

Hi Jack, I’m sorry, I should have been more clear… this isn’t an Android app & I am not accidentally discarding parts that are required… I went through many ClassDefNotFound errors but eventually got it sorted. The ONLY issue is that when I obfuscate the library, take that mapping and then try to apply it to a jar that only contains references to the library and not the library itself it won’t rename any of the references, I’m also not trying to combine all 3 jars into 1 out jar, there is supposed to be 2 jars, the main application and the one that I encrypt after obfuscation.

Honestly at this point I’m probably just going to modify ProGuard so it works as I need and hopefully I can get some extra obfuscation features added. Half my project already uses ASM so I should just be writing my own anyway.

Thanks for your time!