5

We are going to obfuscate our project but don't want to lose the ability of remote debugging and hotswapping.

Is it possible? Which tools can handle this? I'd be happy with simple obfuscation - just renaming classes/methods/variables.

[Edited] We're using Intellij IDEA but wasn't able to find any plugin for this task.

Vitaly
  • 1,081
  • 2
  • 9
  • 14

2 Answers2

5

We have the same kind of needs (simple obfuscation, need to debug later) and we use ProGuard. It's a Java app, which can be integrated in an Ant task.

It can do a lot of things, but it's also fully tuneable. So you can keep your obfuscation simple. One of the options is to generate a "Symbol Correspondance Table", which allows you to retrive the non-obfucated code from the obfuscated one. (it keeps track that the variable xyz in the class qksdnqd is in fact myCuteVarName in the class MeaningfulClassName)

Edit: Obfuscation can be tricky. Some examples:

  • You can't change the name of your main method.
  • Do you use a classloader? Can it still retrieve the class after the obfuscation?
  • What about your ORM Mapping? Your Spring Context? (if any)

Edit2: You can also see:

Community
  • 1
  • 1
Antoine Claval
  • 4,923
  • 7
  • 40
  • 68
  • Yes, I know about SC table. But me and my team aren't that gurus who can easily debug and change obfuscated code even using the table :) So I'm just looking for a tool which will allow me to transparently debug code. – Vitaly Sep 03 '09 at 15:31
  • You dont have to be guru, you provide the table and the obfuscated jar to the app, and they become readable again ( minus the comment ). Ah... but i dont think you can "hotswaping" with this process ( it's as removing and replace all the jar ) – Antoine Claval Sep 04 '09 at 09:01
  • May be I don't understand something. Will I be able to "step by step" remotely debug the obfuscated code and see the "normal" code in the same time in some sort of debugger (without any additional actions like looking at the table, launching other apps and etc)? – Vitaly Sep 06 '09 at 07:11
  • After some serious work of configuration, you will have two ant task. One who make your compiled code unreable, and create a file as output. And a second ant task who take the file and your unreadable compiled code as input, and output readable compiled code. – Antoine Claval Sep 07 '09 at 07:45
  • Addition to the previous comment : the file is the symbol table. And your app is runing on a server, you will have to stop it. – Antoine Claval Sep 07 '09 at 07:48
  • you did not answer the question: How to step-by-step debug code on a remote machine which is obfuscated (with ProGuard for instance). I am facing the same problem. Translating stacktraces is easy, but no word about debugging anywhere... – Daniel Oct 10 '12 at 18:43
0

See SD Java Obfuscator. It strips comments and whitespace, and renames all members/methods/class names that aren't public.

It also providew you with a map of how the code was obfuscated, e.g., for each symbol FOO obfuscated as XYZ, a map FOO->XYZ. This means if you get a backtrace mentioning XYZ, you can easily determine the original symbol FOO. Of course, since only you (the person doing the obfuscation) has this map, only you can do this.

Ira Baxter
  • 93,541
  • 22
  • 172
  • 341