How to Obfuscate Java Applications with ProGuard: Step‑by‑Step Guide
Learn how to protect your Java code from reverse engineering by compiling, decompiling, and applying ProGuard obfuscation, including creating a proguard.cfg file and configuring the Maven ProGuard plugin, with detailed examples and screenshots illustrating each step of the process.
Compilation
Compilation simply runs the code, turning .java files into .class files.
Decompilation
Decompilation reverses compiled .class files in a jar/war package back to readable source code, e.g., using JD‑GUI.
Obfuscation
Obfuscation hides the real source code after decompilation; the article demonstrates using ProGuard.
Procedure
The obfuscation process consists of two steps.
Step 1: Add proguard.cfg
Create a file named proguard.cfg in the project root with the following configuration:
# Specify Java version
-target 1.8
# Disable shrinking
-dontshrink
# Disable optimization
-dontoptimize
# Do not use mixed case class names
-dontusemixedcaseclassnames
# Use unique class member names
-useuniqueclassmembernames
# Adapt class strings
-adaptclassstrings
# Keep attributes for exceptions, annotations, etc.
-keepattributes Exceptions,InnerClasses,Signature,Deprecated,SourceFile,LineNumberTable,*Annotation*,EnclosingMethod
-keepnames interface ** { *; }
-keepparameternames
-keepclassmembers enum * { *; }
-keepclassmembers class * {
@org.springframework.context.annotation.Bean *;
@org.springframework.beans.factory.annotation.Autowired *;
@org.springframework.beans.factory.annotation.Value *;
@org.springframework.stereotype.Service *;
@org.springframework.stereotype.Component *;
}
-ignorewarnings
-dontnote
-printconfiguration
-keep public class com.example.myproguarddemo.MyproguarddemoApplication {
public static void main(java.lang.String[]);
}Step 2: Configure Maven ProGuard plugin
Add the ProGuard plugin to the build section of pom.xml:
<build>
<plugins>
<plugin>
<groupId>com.github.wvengen</groupId>
<artifactId>proguard-maven-plugin</artifactId>
<version>2.6.0</version>
<executions>
<execution>
<phase>package</phase>
<goals>
<goal>proguard</goal>
</goals>
</execution>
</executions>
<configuration>
<injar>${project.build.finalName}.jar</injar>
<outjar>${project.build.finalName}.jar</outjar>
<obfuscate>true</obfuscate>
<proguardInclude>${project.basedir}/proguard.cfg</proguardInclude>
<libs>
<lib>${java.home}/lib/rt.jar</lib>
<lib>${java.home}/lib/jce.jar</lib>
<lib>${java.home}/lib/jsse.jar</lib>
</libs>
<inLibsFilter>!META-INF/**,!META-INF/versions/9/**.class</inLibsFilter>
<outputDirectory>${project.basedir}/target</outputDirectory>
<options>
<!-- additional options can be placed here -->
</options>
</configuration>
</plugin>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
<executions>
<execution>
<goals>
<goal>repackage</goal>
</goals>
<configuration>
<mainClass>com.example.myproguarddemo.MyproguarddemoApplication</mainClass>
</configuration>
</execution>
</executions>
</plugin>
</plugins>
</build>After adding these configurations, run mvn package. The build will compile, obfuscate, and package the jar. The resulting jar contains obfuscated bytecode, making reverse engineering difficult.
Signed-in readers can open the original source through BestHub's protected redirect.
This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactand we will review it promptly.
Java High-Performance Architecture
Sharing Java development articles and resources, including SSM architecture and the Spring ecosystem (Spring Boot, Spring Cloud, MyBatis, Dubbo, Docker), Zookeeper, Redis, architecture design, microservices, message queues, Git, etc.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.