Hi guys, I’m using ProGuard to obfuscate the classes of a project I developed with Spring Boot. I created the following configuration, but I can’t understand why the obfuscated bytecode is still readable. I would like to make the body of the methods of the classes I implemented unreadable. To avoid issues, I tried to keep the project structure unchanged, such as method signatures and package names.
(Note: the obfuscated application works fine, but the code is not obfuscated as I would like). Thanks to anyone who can help me.
This is my configuration:
-injars BOOT-INF\classes
-outjars temp.jar
-libraryjars 'C:\Program Files\Java\jdk-21\jmods\java.base.jmod'
-dontshrink
-dontoptimize
-printmapping 'C:\Users\orazio.cesarano\Desktop\Senza titolo.txt'
-obfuscationdictionary dictionary.txt
-classobfuscationdictionary dictionary.txt
-packageobfuscationdictionary dictionary.txt
-keepattributes RuntimeVisibleAnnotations,RuntimeInvisibleAnnotations,RuntimeVisibleParameterAnnotations,RuntimeInvisibleParameterAnnotations,Signature
-verbose
-ignorewarnings
-keep class it.tt.talete.security.filter.** {
<fields>;
<methods>;
}
-keepclassmembers class * {
public <fields>;
public <init>(...);
public <methods>;
}
# Mantieni tutte le classi annotate con @Entity
-keep @jakarta.persistence.Entity class * {
<fields>;
<methods>;
}
# Mantieni i membri di classi pubbliche annotati con @Bean
-keepclassmembers public class * {
@org.springframework.context.annotation.Bean
<fields>;
@org.springframework.context.annotation.Bean
<methods>;
}
# Also keep - Bean classes. Keep all specified classes, along with their getters
# and setters.
-keep class * {
void set*(***);
void set*(int,***);
boolean is*();
boolean is*(int);
*** get*();
*** get*(int);
}