I want to obfuscate a war file using proguard,how can i do so ?
Please explain me the steps
I'm puzzled by this question.
As other Java obfuscators, Proguard obfuscates the compiled bytecode (.class files) by renaming every variable, method etc. it considers safe to rename. I suppose you know this and know how to use Proguard for class files since you specifically asked about it. If not, read the proguard manual.
As for war files, you can extract the class files from war (or jar) by unzipping it. (yes, a war is a normal zip file). Then you can run them through Proguard and zip it up again. You can use Winzip, unzip or whatever zip program you prefer. You can even zip and unzip the war with JDK (jar -xvf tobe_extracted.war).
This obfuscation does not affect the other files inside the war, like properties files, xml files and such. The war is not encrypted. Your software may not work after this because reflection based stuff may be break. Proguard can't know whether your frameworks are going to access something with their mighty reflection magic and if it's actually safe to rename it.
Related
I was curious about the differences between .jar with .class files and .jar with .java files. I partially got the answer here, But then what is the usefulness of .java files in the jar?
My guess is that the java files in the jar are like an interface that prevents compilation error, because I solved the IllegalAccessError thrown on runtime by replacing jar files with .class with jar files with .java specifically when using Xposed Framework. (Got the hint from this thread.)
Also
Thank you for your explanations and they were helpful. But I want to learn more about the differences in compiler's view, because I am wondering why my app works fine even if I only included the jar with java files, not class files (zxing). Also there are some cases that throws IllegalAccessException when I include the jar with class files, but not thrown when I include the jar with java files(xposed), even though I have to include at least one of them to make the compiler(AIDE) not complain about references, like unknown package. Why does the compiler not complain when I include only jar with java files though the compiler would not be able to resolve the actual implementation of the referred classes?
A .jar file is basically just a .zip file with another extension.
A .jar file with .class files have a special purpose and may have special meta-data (e.g. in META-INF folder).
A .jar file .java files is just a .zip file.
It is however common for open-source libraries to provide 3 .jar files:
One with .class files, to be used by your code, both to compile and to run your code.
One with .java files, to be used by your IDE, so you can drill into the library code and see it. Especially useful when stepping through the code with a debugger.
One with javadoc files (.html files), to be used by your IDE, so you can read the documentation about the classes and methods in the library. You do read the documentation, right?
None of those 3 files have to be named .jar. They could be renamed .zip so you could easily open them in your favorite Zip utility, or they could be renamed .foo just because...
They should be named .jar, to clarify that they are Java ARchives.
Its simple - *.java files are sources, *.class files are compiled classes.
What is used on runtime by JVM?? *.class files. Why would you put source files inside library? IDK, usally sources are distributed as separate jar, but all in all it is done to allow you to check library code without decompilation.
A lot of times in Java we want to use some functionality that is given to us in the form of JARs(ex. some external library). Most often than not I've noticed that JARs contain .class files.
Since .class files represent compiled bytecode ready for use by the JVM, my question is the following:
How is it that .class files are all that's needed for us to make use of an external library? Maybe a certain JAR contains the class file called: Person.class. How am I able to reference this class in my code when all that the JAR file exposes is a .class file. Isn't the source code(.java file) what's important and what's needed? In the same way that I can have two classes in the same package, I'm able to reference one from the other, because the two .java files(not .class files) are in the same scope(just to give an example).
Excuse me if it's a dumb question, but I really want to understand this.
Even if you write your source code in .java files, they are eventually compiled to form .class files which store bytecode that can be interpreted easily. When you use the jar files in your project, all the class files inside those jar files are included in your classpath, hence enabling you to use them.
So in a JAR package, .class files are sufficient to be used as a dependency.
The Java compiler takes your Java code, which is something that humans can understand, into .class files, which is something that the Java Virtual Machine (JVM) can understand. The JVM then takes the .class files and runs them on your machine.
A .jar file is effectively a collection of .class files packaged up (under the hood, it's really little more than a .zip in disguise). When you add a .jar onto your classpath, you are telling the JVM that it is one more place it should look when it needs a particular class.
I am not sure if I totally got your question, but the JARs are simply compiled javacode, which means, that the semantic/logic etc of the code has not been changed. You need to be able to access the functions/classes etc of the java code you want to use, because otherwise you would not gain any advantage of using a JAR.
One advantage of the JARs is, that the source code of these libraries is already compiled. Since these .class files are compiled .java files, they are all you need to access the functions that were written in the .java file.
I am familiar with the jar structure and it will have a .class files in the classes directory as well as META-INF directory containing the information to main().
But where does the actual java code resides in a jar?
Does it resides a compiled byte code? But don't different machines have different compilers?
I know that I can extract the java code using a decompiler which might be illegal. But I am not interested in doing so. I am more interested in understanding how code is stored?
Is it encrypted? If so, what is the encryption algorithm? what is the location inside the jar ?
Unless you specify otherwise, the source code is not included in the JAR file. The JAR file normally only contain class files (compiled JVM instructions), not source code.
A JAR file is just a ZIP file, renamed to mean Java ARchive.
You can check what's inside, unzipping it. If you're on a OS that doesn't allow you to decompress that archive because doesn't appear to be a compressed file, just change the extension to ZIP.
JAR files are not encrypted.
Java Sources are compiled in a platform-neutral Java bytecode, that's a kind of intermediate binary.
Once JVM load the classes it either interprets the bytecode or just-in-time compiles it to the underlying machine. JARs usually only contain that bytecode
Usually sources are not included in the JARs, especially for distribution. Some projects deliver sources as well in a separate archive. You should check with the provider of the JAR you're dealing with to get sources.
If decompiling is illegal or not depends on the terms of the license applied to JAR. You should check those.
Decompiling a class object is not a very easy task, but a guy used to do a very good job with his JAD.
Unfortunately it's no more maintained, but there are some websites where you can still download it.
Decompiled classes will not look exactly as the real sources, and you could have to make some changes, but you'll definitely get an idea about the source.
I'm using maven and storing a properties file in src/main/resources which I can read fine like:
properties.loadFromXML(this.getClass().getClassLoader().
getResourceAsStream("META-INF/properties.xml");
Is it possible to then write to this file when it is packaged up as a jar? I've tried the following:
properties.storeToXML(new FileOutputStream(new File(this.getClass().getClassLoader().
getResource("META-INF/properties.xml").toURI())), "");
This works in Eclipse because it is saving the file to target/classes/META-INF, but not when packaged as a jar, so is it possible to achieve the same thing?
Is it possible to then write to this file when it is packaged up as a jar?
Short answer: no, it is not possible, a jar file is a file, not a directory. And actually, you generally don't write properties files back to a jar file.
You should put that properties file on the classpath on the local file system, outside a JAR.
It's always possible to modify a packaged file by unpacking, rewriting and re-packing. Sometimes this is the easiest approach.
A Jar file is essentially a renamed .ZIP file. Java has classes for accessing files within a .Zip file, and you could (if sufficiently motivated) write yourself a program to do this.
Alternatively, I'm pretty sure there are ant tasks that can do this too (think creative use of the jar task), and there are POM plugins available to run ant tasks from Maven.
I have a jar file which is used in html file as applet. I want to modify the content of the jar file and to rebuild the jar file so that the html will work fine with the new jar file. How can i do this??
I already tried unzipping using 7zip nad modified the source and created the new jar. But when i use it in html it shows some java.lang.Classnotfound error
You can unjar or rejar the classes and source files as you wish.
unjar
jar -xvf abc.jar
jar
jar cf abc.jar input-files
http://docs.oracle.com/javase/tutorial/deployment/jar/build.html
Make the changes in the code (.java files), recompile to get the .class files. Then simply replace the old .class files in the jar with the new ones. I usually use WinZip, but you can use whatever app that can handle .Zip files. It should just work.
I've faced cases where the launcher of the app uses some sort of verification and checks for this kind of changes. I had to use a new launch script. This doesn't seem to be your case though.
This is surely possible from the command line. Use the u option for jar
From the Java Tutorials:
jar uf jar-file input-file(s)
"Any files already in the archive having the same pathname as a file being added will be overwritten."
See Updating a JAR File
A brief test shows this quickly updates changes apart from trying to delete the file.
I haven't seen this answer on other threads about modifying jar files, and many, marked as duplicates, suggest there is no alternative but to remake the jar completely. Please correct if wrong.
JARs are just ZIP files, use whatever utility you like and edit away!
Disclaimer: When reverse engineering any code be sure that you are staying within the limits of the law and adhering to the license of that code.
Follow the instructions above to unpack the JAR.
Find the original source of the JAR (perhaps its on SourceForge) and download the source, modify the source, and rebuild your own JAR.
You can also decompile the class files in the JAR. This is a rather advanced process and has a lot of "gotchas".