When obfuscating with ProGuard, does -keepattributes SourceFile,LineNumberTable make the resulting apk easier to reverse engineer?
I find myself needing more detail in my reported stack traces, but I'm concerned that by including the extra data (by using -keepattributes SourceFile,LineNumberTable) I'm making my app even easier to rev开发者_JAVA百科erse engineer. Is this the case, and if so, by how much?
ProGuard manual > Examples > Producing useful obfuscated stack traces
The SourceFile attribute is required, because Oracle/Sun's Java virtual machine otherwise does not include line numbers in stack traces, which is what you really want (and which is quite harmless on its own). I haven't checked if this is true for Android's Dalvik virtual machine.
As for a solution, ProGuard can keep the SourceFile attribute but replace its contents by a meaningless string of your choice, e.g.
-renamesourcefileattribute SourceFile
The value of the string is not important for interpreting the stack traces. Picking a string like "SourceFile" avoids increasing the class file sizes, because this string is already present by definition.
I am not exactly sure of what happens but given the source file name contains the actual name of the class, someone could use this to map obfuscated class names into real class names. Given obfsucation already jumbles everything up why keep the source file at all ? Everything should and will still run, the debug details are not required by the runtime so it makes no sense to keep them. The more you remove the better given your goals.
I think you can just use:
-keepattributes LineNumberTable
-renamesourcefileattribute
-keepattributes SourceFile, LineNumberTable,Signature,Exceptions,InnerClasses,EnclosingMethod
or
-renamesourcefileattribute ''
-keepattributes SourceFile, LineNumberTable,Signature,Exceptions,InnerClasses,EnclosingMethod
Just let filename empty is ok
精彩评论