Convert Figma logo to code with AI

Guardsquare logoproguard

ProGuard, Java optimizer and obfuscator

2,786
401
2,786
157
View on GitHub

Top Related Projects

facebook's avatar

redex

6,019

A bytecode optimizer for Android apps

Konloch's avatar

bytecode-viewer

14,649

A Java 8+ Jar & Android APK Reverse Engineering Suite (Decompiler, Editor, Debugger & More)

pxb1988's avatar

dex2jar

12,282

Tools to work with android .dex and java .class files

JesusFreke's avatar

smali

6,309

smali/baksmali

java-decompiler's avatar

jd-gui

14,011

A standalone Java Decompiler GUI

Quick Overview

ProGuard is an open-source Java bytecode optimizer and obfuscator. It shrinks, optimizes, and obfuscates Java code, making it more efficient and harder to reverse-engineer. ProGuard is widely used in Android app development to reduce APK size and protect intellectual property.

Pros

  • Significantly reduces code size, improving app performance and reducing download times
  • Provides strong obfuscation, making it difficult for attackers to reverse-engineer the code
  • Integrates well with popular build tools like Gradle and Maven
  • Offers extensive configuration options for fine-tuning optimization and obfuscation

Cons

  • Can introduce bugs if not configured properly, especially with reflection-heavy code
  • Debugging obfuscated code can be challenging without proper mapping files
  • Learning curve for advanced configuration and troubleshooting
  • May conflict with some third-party libraries or dynamic code loading techniques

Code Examples

  1. Basic ProGuard configuration in proguard-rules.pro:
-keepclassmembers class * implements java.io.Serializable {
    private static final java.io.ObjectStreamField[] serialPersistentFields;
    private void writeObject(java.io.ObjectOutputStream);
    private void readObject(java.io.ObjectInputStream);
    java.lang.Object writeReplace();
    java.lang.Object readResolve();
}

This configuration preserves serializable classes and their methods.

  1. Keeping specific classes and methods:
-keep public class com.example.MyClass {
    public void myMethod();
}

This rule keeps the MyClass class and its myMethod method from being obfuscated.

  1. Removing logging statements:
-assumenosideeffects class android.util.Log {
    public static *** d(...);
    public static *** v(...);
}

This configuration removes debug and verbose log statements from the final build.

Getting Started

To use ProGuard in an Android project:

  1. Enable minification in your build.gradle file:
android {
    buildTypes {
        release {
            minifyEnabled true
            proguardFiles getDefaultProguardFile('proguard-android-optimize.txt'), 'proguard-rules.pro'
        }
    }
}

  1. Create a proguard-rules.pro file in your project's root directory and add your ProGuard rules.

  2. Run a release build of your app to apply ProGuard optimizations and obfuscation.

Competitor Comparisons

facebook logo

redex

6,019

A bytecode optimizer for Android apps

Pros of Redex

  • Specifically designed for Android optimization, with features tailored for dex files
  • Supports more advanced optimizations like method inlining and class merging
  • Integrates well with Facebook's build systems and tools

Cons of Redex

  • Less mature and widely adopted compared to ProGuard
  • May have a steeper learning curve for developers not familiar with Facebook's ecosystem
  • Limited documentation and community support outside of Facebook

Code Comparison

ProGuard configuration:

-keep class com.example.MyClass {
    public void myMethod();
}

Redex configuration:

{
  "redex": {
    "passes": ["ReBindRefsPass", "MethodInlinePass"],
    "keep_rules": ["com.example.MyClass"]
  }
}

Both tools aim to optimize and obfuscate Android applications, but they differ in their approach and feature set. ProGuard is a more general-purpose Java bytecode optimizer and obfuscator, while Redex focuses specifically on Android dex file optimization. ProGuard has been around longer and has wider adoption, making it more battle-tested and supported by the community. Redex, on the other hand, offers more advanced optimizations tailored for Android apps but may require more expertise to use effectively.

Konloch logo

bytecode-viewer

14,649

A Java 8+ Jar & Android APK Reverse Engineering Suite (Decompiler, Editor, Debugger & More)

Pros of bytecode-viewer

  • Provides a comprehensive GUI for analyzing Java bytecode, making it more user-friendly for visual inspection
  • Offers multiple decompiler options, allowing users to compare different decompilation results
  • Includes additional features like searching, editing, and exporting bytecode

Cons of bytecode-viewer

  • Primarily focused on bytecode analysis and reverse engineering, lacking ProGuard's code optimization capabilities
  • May have a steeper learning curve for users unfamiliar with bytecode analysis tools
  • Less suitable for large-scale projects or automated build processes compared to ProGuard

Code comparison

ProGuard configuration example:

-keep public class MyMainClass
-obfuscate
-optimize

bytecode-viewer usage (command-line):

java -jar bytecode-viewer.jar MyCompiledClass.class

While ProGuard is primarily used for code optimization and obfuscation through configuration files, bytecode-viewer is typically used interactively or via command-line for bytecode analysis and reverse engineering. The code examples demonstrate the different approaches: ProGuard uses a configuration file to specify optimization rules, while bytecode-viewer is launched to analyze a specific class file.

pxb1988 logo

dex2jar

12,282

Tools to work with android .dex and java .class files

Pros of dex2jar

  • Specialized tool for converting Android DEX files to Java JAR files
  • Lightweight and focused on a specific task
  • Useful for reverse engineering Android applications

Cons of dex2jar

  • Limited functionality compared to ProGuard's comprehensive obfuscation and optimization features
  • Less actively maintained, with fewer recent updates
  • Lacks advanced code shrinking and optimization capabilities

Code comparison

dex2jar:

d2j-dex2jar.sh classes.dex

ProGuard:

-keep public class MyMainClass
-optimizationpasses 5
-dontusemixedcaseclassnames
-dontskipnonpubliclibraryclasses
-dontpreverify

dex2jar is primarily used for converting DEX to JAR files, while ProGuard offers a wide range of code obfuscation, optimization, and shrinking options. ProGuard is more versatile and actively maintained, making it suitable for various Android and Java projects. dex2jar, on the other hand, is a specialized tool for reverse engineering Android applications, but lacks the comprehensive features of ProGuard.

JesusFreke logo

smali

6,309

smali/baksmali

Pros of smali

  • Specialized for Android bytecode disassembly and assembly
  • Provides a human-readable representation of Dalvik bytecode
  • Useful for reverse engineering and modifying Android apps

Cons of smali

  • Limited to Android/Dalvik bytecode, not applicable to general Java applications
  • Requires more manual effort for code analysis and modification
  • Less comprehensive in terms of overall app protection and optimization

Code Comparison

smali:

.method public onCreate(Landroid/os/Bundle;)V
    .locals 1
    invoke-super {p0, p1}, Landroid/app/Activity;->onCreate(Landroid/os/Bundle;)V
    const v0, 0x7f030001
    invoke-virtual {p0, v0}, Lcom/example/MyActivity;->setContentView(I)V
    return-void
.end method

ProGuard:

-keep public class com.example.MyActivity {
    public void onCreate(android.os.Bundle);
}
-optimizationpasses 5
-dontusemixedcaseclassnames
-dontskipnonpubliclibraryclasses
-dontpreverify

Note: The code snippets demonstrate different aspects of each tool. smali shows disassembled Android bytecode, while ProGuard shows configuration rules for code obfuscation and optimization.

java-decompiler logo

jd-gui

14,011

A standalone Java Decompiler GUI

Pros of jd-gui

  • User-friendly graphical interface for decompiling Java bytecode
  • Supports drag-and-drop functionality for easy file loading
  • Allows for quick navigation and searching within decompiled code

Cons of jd-gui

  • Limited to decompilation only, lacks code obfuscation features
  • May struggle with heavily obfuscated or complex bytecode
  • Less frequent updates compared to ProGuard

Code Comparison

ProGuard (obfuscation):

-keep class com.example.MyClass {
    public void myMethod();
}
-obfuscate
-optimizationpasses 5

jd-gui (decompilation result):

public class MyClass {
    public void myMethod() {
        System.out.println("Hello, World!");
    }
}

ProGuard focuses on code obfuscation and optimization, while jd-gui is designed for decompiling and viewing Java bytecode. ProGuard's configuration allows for fine-tuning of obfuscation rules, whereas jd-gui presents decompiled code in a readable format. While both tools work with Java bytecode, they serve different purposes in the development and reverse engineering processes.

Convert Figma logo designs to code with AI

Visual Copilot

Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.

Try Visual Copilot

README



ProGuard


Quick Start • Features • Contributing • License


ProGuard is a free shrinker, optimizer, obfuscator, and preverifier for Java bytecode:

  • It detects and removes unused classes, fields, methods, and attributes.

  • It optimizes bytecode and removes unused instructions.

  • It renames the remaining classes, fields, and methods using short meaningless names.

The resulting applications and libraries are smaller and faster.

❓ Getting Help

If you have usage or general questions please ask them in the Guardsquare Community.
Please use the issue tracker to report actual bugs 🐛, crashes, etc.

🚀 Quick Start

Command line

First, download the latest release from GitHub releases.

To run ProGuard, on Linux/MacOS, just type:

bin/proguard.sh <options...>

or on Windows:

bin\proguard.bat <options...>

Typically, you'll put most options in a configuration file (say, myconfig.pro), and just call

bin/proguard.sh @myconfig.pro

or on Windows:

bin\proguard.bat @myconfig.pro

All available options are described in the configuration section of the manual.

Gradle Task

ProGuard can be run as a task in Gradle. Before you can use the proguard task, you have to make sure Gradle can find it in its class path at build time. One way is to add the following line to your build.gradle file which will download ProGuard from Maven Central:

buildscript {
    repositories {
        mavenCentral()
    }
    dependencies {
        classpath 'com.guardsquare:proguard-gradle:7.5.0'
    }
}

You can then define a task with configuration:

tasks.register('proguard', ProGuardTask) {
    configuration file('proguard.pro')

    injars(tasks.named('jar', Jar).flatMap { it.archiveFile })

    // Automatically handle the Java version of this build.
    if (System.getProperty('java.version').startsWith('1.')) {
        // Before Java 9, the runtime classes were packaged in a single jar file.
        libraryjars "${System.getProperty('java.home')}/lib/rt.jar"
    } else {
        // As of Java 9, the runtime classes are packaged in modular jmod files.
        libraryjars "${System.getProperty('java.home')}/jmods/java.base.jmod", jarfilter: '!**.jar', filter: '!module-info.class'
        //libraryjars "${System.getProperty('java.home')}/jmods/....."
    }

    verbose

    outjars(layout.buildDirectory.file("libs/${baseCoordinates}-minified.jar"))
}

The embedded configuration is much like a standard ProGuard configuration. You can find more details on the Gradle setup page.

✨ Features

ProGuard works like an advanced optimizing compiler, removing unused classes, fields, methods, and attributes, shortening identifiers, merging classes, inlining methods, propagating constants, removing unused parameters, etc.

  • The optimizations typically reduce the size of an application by anything between 20% and 90%. The reduction mostly depends on the size of external libraries that ProGuard can remove in whole or in part.

  • The optimizations may also improve the performance of the application, by up to 20%. For Java virtual machines on servers and desktops, the difference generally isn't noticeable.

  • ProGuard can also remove logging code, from applications and their libraries, without needing to change the source code — in fact, without needing the source code at all!

The manual pages (markdown, html) cover the features and usage of ProGuard in detail.

💻 Building ProGuard

Building ProGuard is easy - you'll just need a Java 8 JDK installed. To build from source, clone a copy of the ProGuard repository and run the following command:

./gradlew assemble

The artifacts will be generated in the lib directory. You can then execute ProGuard using the scripts in bin, for example:

bin/proguard.sh

You can publish the artifacts to your local Maven repository using:

./gradlew publishToMavenLocal

🤝 Contributing

Contributions, issues and feature requests are welcome in both projects. Feel free to check the issues page and the contributing guide if you would like to contribute.

📝 License

Copyright (c) 2002-2023 Guardsquare NV. ProGuard is released under the GNU General Public License, version 2, with exceptions granted to a number of projects.