I am trying to obfuscate a jar build through maven, through proguard maven plugin. Build is also successful but when I decompile the same through JAD (Java decompiler), I am able to see all the java code. Thus it seems there is no obfuscation of the java source file. Please find below the pom.xml for the same :
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>com.ks</groupId>
<artifactId>executable-jar-sample</artifactId>
<version>0.0.1-SNAPSHOT</version>
<properties>
<maven.compiler.source>1.8</maven.compiler.source>
<maven.compiler.target>1.8</maven.compiler.target>
<maven.compiler.testSource>1.8</maven.compiler.testSource>
<maven.compiler.testTarget>1.8</maven.compiler.testTarget>
<version.maven-javadoc-plugin>3.1.1</version.maven-javadoc-plugin>
<version.proguard-base>6.1.1</version.proguard-base>
</properties>
<dependencies>
<dependency>
<groupId>joda-time</groupId>
<artifactId>joda-time</artifactId>
<version>2.10.3</version>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<artifactId>maven-assembly-plugin</artifactId>
<configuration>
<archive>
<manifest>
<mainClass>com.ks.App</mainClass>
</manifest>
</archive>
<descriptorRefs>
<descriptorRef>jar-with-dependencies</descriptorRef>
</descriptorRefs>
</configuration>
<executions>
<execution>
<id>make-assembly</id>
<!-- this is used for inheritance merges -->
<phase>package</phase>
<goals>
<goal>single</goal>
</goals>
</execution>
</executions>
</plugin>
<plugin>
<groupId>com.github.wvengen</groupId>
<artifactId>proguard-maven-plugin</artifactId>
<version>2.0.14</version>
<executions>
<execution>
<id>obfuscation-packaging</id>
<phase>package</phase>
<goals>
<goal>proguard</goal>
</goals>
<configuration>
<obfuscate>true</obfuscate>
<attach>true</attach>
<maxMemory>1024m</maxMemory>
<injar>${project.build.finalName}-jar-with-dependencies.jar</injar> <!-- make sure to obfuscate the jar with dependencies -->
<proguardVersion>6.1.1</proguardVersion>
<appendClassifier>false</appendClassifier>
<addMavenDescriptor>true</addMavenDescriptor>
<injarNotExistsSkip>true</injarNotExistsSkip>
<options>
<option>-target 1.8</option>
<option>-printmapping proguard.map</option>
<option>-verbose</option>
<option>-dontwarn</option> <!-- added option to ignore com.sun missing classes -->
<option>-overloadaggressively</option>
<option>-repackageclasses ''</option>
<option>-allowaccessmodification</option>
<option>-keepparameternames</option>
<option>-renamesourcefileattribute SourceFile</option>
<option>-dontoptimize</option>
<option>-dontshrink</option>
<option>-dontnote</option>
<option>-keepdirectories</option>
<option>-keeppackagenames org.apache.maven.plugin.my.MyMojo</option>
<option>-keepnames class * implements
org.apache.maven.plugin.AbstractMojo</option>
<option>-keepclassmembers
class * implements org.apache.maven.plugin.AbstractMojo
{
private <![CDATA[<fields>]]>;
private <![CDATA[<methods>]]>;
}
</option>
<option>-keepattributes
Exceptions,InnerClasses,Signature,Deprecated,SourceFile,LineNumberTable,*Annotation*,EnclosingMethod</option>
<!-- <option>-keep class com.ks.MyPlugin { *; }</option> -->
<option>-keep public class * {
public protected *;
}
</option>
<option>-keep abstract class * {
public protected *;
}
</option>
<option>-keepclassmembernames class * {
java.lang.Class
class$(java.lang.String);
java.lang.Class
class$(java.lang.String, boolean);
}
</option>
<option>-keepclasseswithmembernames,includedescriptorclasses
class * {
native <![CDATA[<methods>]]>;
}
</option>
<option>-keepclassmembers,allowoptimization enum * {
public
static **[] values();
public static **
valueOf(java.lang.String);
}
</option>
<option>-keepclassmembers class * implements
java.io.Serializable {
static final long serialVersionUID;
private static final java.io.ObjectStreamField[]
serialPersistentFields;
private void
writeObject(java.io.ObjectOutputStream);
private void
readObject(java.io.ObjectInputStream);
java.lang.Object
writeReplace();
java.lang.Object readResolve();
}
</option>
</options>
<libs>
<lib>${java.home}/lib/rt.jar</lib>
<!-- <lib>${java.home}/lib/jce.jar</lib> <lib>${java.home}/lib/ext/sunjce_provider.jar</lib> -->
</libs>
<dependencies>
<dependency>
<groupId>net.sf.proguard</groupId>
<artifactId>proguard-base</artifactId>
<version>6.1.1</version>
</dependency>
</dependencies>
</configuration>
</execution>
</executions>
</plugin>
</plugins>
</build>
</project>
I am able to figure out what other options need to be there in so that it should obfuscate the java code.
Thanks Kumar Shorav
