Settings

tip The Ant/Gradle/Eclipse/Maven build processes of DexGuard automatically invoke DexGuard for you, with settings that provide a good basis for most projects. You only need to consider this section if you create your own build process, or if your code requires custom settings.

DexGuard is compatible with ProGuard configuration. You typically add custom configuration to proguard-project.txt or dexguard-project.txt. The sections below provide more details, with the extensions highlighted:

Input/Output Options

@filename
Short for '-include filename'.
-include filename
Recursively reads configuration options from the given file filename.
-basedirectory directoryname
Specifies the base directory for all subsequent relative file names in these configuration arguments or this configuration file.
-injars class_path
Specifies the input jars (or aars, wars, ears, zips, apks, or directories) of the application to be processed. The class files in these jars will be processed and written to the output jars. By default, any non-class files will be copied without changes. Please be aware of any temporary files (e.g. created by IDEs), especially if you are reading your input files straight from directories. The entries in the class path can be filtered, as explained in the filters section. For better readability, class path entries can be specified using multiple -injars options.
-outjars class_path
Specifies the names of the output jars (or aars, wars, ears, zips, apks, or directories). The processed input of the preceding -injars options will be written to the named jars. This allows you to collect the contents of groups of input jars into corresponding groups of output jars. In addition, the output entries can be filtered, as explained in the filters section. Each processed class file or resource file is then written to the first output entry with a matching filter, within the group of output jars.

You must avoid letting the output files overwrite any input files. For better readability, class path entries can be specified using multiple -outjars options. Without any -outjars options, no jars will be written.

-libraryjars class_path
Specifies the library jars (or aars, wars, ears, zips, apks, or directories) of the application to be processed. The files in these jars will not be included in the output jars. The specified library jars should at least contain the class files that are extended by application class files. Library class files that are only called needn't be present, although their presence can improve the results of the optimization step. The entries in the class path can be filtered, as explained in the filters section. For better readability, class path entries can be specified using multiple -libraryjars options.

Please note that the boot path and the class path set for running DexGuard are not considered when looking for library classes. This means that you explicitly have to specify the run-time jar that your code will use.

-skipnonpubliclibraryclasses
Specifies to skip non-public classes while reading library jars, to speed up processing and reduce memory usage of DexGuard. By default, DexGuard reads non-public and public library classes alike. However, non-public classes are often not relevant, if they don't affect the actual program code in the input jars. Ignoring them then speeds up DexGuard, without affecting the output. Unfortunately, some libraries, including recent JSE run-time libraries, contain non-public library classes that are extended by public library classes. You then can't use this option. DexGuard will print out warnings if it can't find classes due to this option being set.
-dontskipnonpubliclibraryclasses
Specifies not to ignore non-public library classes. As of version 4.5, this is the default setting.
-dontskipnonpubliclibraryclassmembers
Specifies not to ignore package visible library class members (fields and methods). By default, DexGuard skips these class members while parsing library classes, as program classes will generally not refer to them. Sometimes however, program classes reside in the same packages as library classes, and they do refer to their package visible class members. In those cases, it can be useful to actually read the class members, in order to make sure the processed code remains consistent.
-keepdirectories [directory_filter]
Specifies the directories to be kept in the output jars (or aars, wars, ears, zips, or directories). By default, directory entries are removed. This reduces the jar size, but it may break your program if the code tries to find them with constructs like "mypackage.MyClass.class.getResource("")". You'll then want to keep the directory corresponding to the package, "-keepdirectories mypackage". If the option is specified without a filter, all directories are kept. With a filter, only matching directories are kept. For instance, "-keepdirectories mydirectory" matches the specified directory, "-keepdirectories mydirectory/*" matches its immediate subdirectories, and "-keepdirectories mydirectory/**" matches all of its subdirectories.
-splitdexfile class_filter
Specifies classes that should be put in a separate dex file. This can be useful if your main classes.dex file has grown beyond the constraints of the dex format, for instance with more than 64K method references. The corresponding warning sign from the dx compiler is "Unable to execute dex: method ID not in [0, 0xffff]: 65536"). Each instance of this option results in a separate dex file. DexGuard automatically inserts the necessary code to tie the dex files together. Only applicable when targeting Android with the -dalvik option.

Performance tip: Every reference from the main dex file to a separate dex file carries some overhead, due to reflection. If performance is important for these references, you can reduce the overhead by accessing classes through interfaces that are not in separate dex files.

Counter-indication: it is currently not possible to encrypt classes that have direct references to classes in separate dex files. You may need to consider this when deciding which classes to split.

-dontcompress [file_filter]
Specifies files that should not be compressed in output archives (jars, aars, wars, ears, zips, or apks). Some environments or applications may then be able to map the files into memory. For example, the Android run-time can access uncompressed images or raw files efficiently, reducing the amount of RAM that is required. This option is generally combined with the -zipalign option below, to specify the optimal alignment of the data.
-zipalign n
Specifies the number of bytes to which uncompressed data in output archives should be aligned. For example, the Android run-time can access uncompressed images or raw files efficiently if they are aligned to 4 bytes. This option should be combined with the -dontcompress option above, to specify which files should not be compressed.
-target version
Specifies the version number to be set in the processed class files. The version number can be one of 1.0, 1.1, 1.2, 1.3, 1.4, 1.5 (or just 5), 1.6 (or just 6), 1.7 (or just 7), or 1.8 (or just 8). By default, the version numbers of the class files are left unchanged. For example, you may want to upgrade class files to Java 6, by changing their version numbers and having them preverified. This option is not relevant for Android applications.
-forceprocessing
Specifies to process the input, even if the output seems up to date. The up-to-dateness test is based on a comparison of the date stamps of the specified input, output, and configuration files or directories.

Keep Options

-keep [,modifier,...] class_specification
Specifies classes and class members (fields and methods) to be preserved as entry points to your code. For example, in order to keep an application, you can specify the main class along with its main method. In order to process a library, you should specify all publicly accessible elements.
-keepclassmembers [,modifier,...] class_specification
Specifies class members to be preserved, if their classes are preserved as well. For example, you may want to keep all serialization fields and methods of classes that implement the Serializable interface.
-keepclasseswithmembers [,modifier,...] class_specification
Specifies classes and class members to be preserved, on the condition that all of the specified class members are present. For example, you may want to keep all applications that have a main method, without having to list them explicitly.
-keepnames class_specification
Short for -keep,allowshrinking class_specification

Specifies classes and class members whose names are to be preserved, if they aren't removed in the shrinking phase. For example, you may want to keep all class names of classes that implement the Serializable interface, so that the processed code remains compatible with any originally serialized classes. Classes that aren't used at all can still be removed. Only applicable when obfuscating.

-keepclassmembernames class_specification
Short for -keepclassmembers,allowshrinking class_specification

Specifies class members whose names are to be preserved, if they aren't removed in the shrinking phase. For example, you may want to preserve the name of the synthetic class$ methods when processing a library compiled by JDK 1.2 or older, so obfuscators can detect it again when processing an application that uses the processed library (although DexGuard itself doesn't need this). Only applicable when obfuscating.

-keepclasseswithmembernames class_specification
Short for -keepclasseswithmembers,allowshrinking class_specification

Specifies classes and class members whose names are to be preserved, on the condition that all of the specified class members are present after the shrinking phase. For example, you may want to keep all native method names and the names of their classes, so that the processed code can still link with the native library code. Native methods that aren't used at all can still be removed. If a class file is used, but none of its native methods are, its name will still be obfuscated. Only applicable when obfuscating.

-printseeds [filename]
Specifies to exhaustively list classes and class members matched by the various -keep options. The list is printed to the standard output or to the given file. The list can be useful to verify if the intended class members are really found, especially if you're using wildcards. For example, you may want to list all the applications or all the applets that you are keeping.

Shrinking Options

-dontshrink
Specifies not to shrink the input class files. By default, shrinking is applied; all classes and class members are removed, except for the ones listed by the various -keep options, and the ones on which they depend, directly or indirectly. A shrinking step is also applied after each optimization step, since some optimizations may open the possibility to remove more classes and class members.
-printusage [filename]
Specifies to list dead code of the input class files. The list is printed to the standard output or to the given file. For example, you can list the unused code of an application. Only applicable when shrinking.
-whyareyoukeeping class_specification
Specifies to print details on why the given classes and class members are being kept in the shrinking step. This can be useful if you are wondering why some given element is present in the output. In general, there can be many different reasons. This option prints the shortest chain of methods to a specified seed or entry point, for each specified class and class member. In the current implementation, the shortest chain that is printed out may sometimes contain circular deductions -- these do not reflect the actual shrinking process. If the -verbose option if specified, the traces include full field and method signatures. Only applicable when shrinking.

Optimization Options

-dontoptimize
Specifies not to optimize the input class files. By default, optimization is enabled; all methods are optimized at a bytecode level.
-optimizations optimization_filter
Specifies the optimizations to be enabled and disabled, at a more fine-grained level. Only applicable when optimizing. This is an expert option.
-optimizationpasses n
Specifies the number of optimization passes to be performed. By default, a single pass is performed. Multiple passes may result in further improvements. If no improvements are found after an optimization pass, the optimization is ended. Only applicable when optimizing.
-assumenosideeffects class_specification
Specifies methods that don't have any side effects, other than possibly returning a value. For example, the method System.currentTimeMillis() returns a value, but it doesn't have any side effects. In the optimization step, DexGuard can then remove calls to such methods, if it can determine that the return values aren't used. DexGuard will analyze your program code to find such methods automatically. It will not analyze library code, for which this option can therefore be useful. For example, you could specify the method System.currentTimeMillis(), so that any idle calls to it will be removed. With some care, you can also use the option to remove logging code. Note that DexGuard applies the option to the entire hierarchy of the specified methods. Only applicable when optimizing. In general, making assumptions can be dangerous; you can easily break the processed code. Only use this option if you know what you're doing!
-assumenoexternalsideeffects class_specification
Specifies methods that don't have any side effects, except possibly on the instances on which they are called. This statement is weaker than -assumenosideeffects, because it allows side effects on the parameters or the heap. For example, the StringBuffer#append methods have side effects, but no external side effects. Only applicable when optimizing. Making assumptions can be dangerous; you can easily break the processed code. Only use this option if you know what you're doing!
-assumenoescapingparameters class_specification
Specifies methods that don't let their reference parameters escape to the heap. Such methods can use, modify, or return the parameters, but not store them in any fields, either directly or indirectly. For example, the method System.arrayCopy does not let its reference parameters escape, but method System.setSecurityManager does. Only applicable when optimizing. Making assumptions can be dangerous; you can easily break the processed code. Only use this option if you know what you're doing!
-assumenoexternalreturnvalues class_specification
Specifies methods that don't return reference values that were already on the heap when they are called. For example, the ProcessBuilder#start returns a Process reference value, but it is a new instance that wasn't on the heap yet. Only applicable when optimizing. Making assumptions can be dangerous; you can easily break the processed code. Only use this option if you know what you're doing!
-allowaccessmodification
Specifies that the access modifiers of classes and class members may be broadened during processing. This can improve the results of the optimization step. For instance, when inlining a public getter, it may be necessary to make the accessed field public too. Although Java's binary compatibility specifications formally do not require this (cfr. The Java Language Specification, Third Edition, Section 13.4.6), some virtual machines would have problems with the processed code otherwise. Only applicable when optimizing (and when obfuscating with the -repackageclasses option).

Counter-indication: you probably shouldn't use this option when processing code that is to be used as a library, since classes and class members that weren't designed to be public in the API may become public.

-mergeinterfacesaggressively
Specifies that interfaces may be merged, even if their implementing classes don't implement all interface methods. This can reduce the size of the output by reducing the total number of classes. Note that Java's binary compatibility specifications allow such constructs (cfr. The Java Language Specification, Third Edition, Section 13.5.3), even if they are not allowed in the Java language (cfr. The Java Language Specification, Third Edition, Section 8.1.4). Only applicable when optimizing.

Counter-indication: setting this option can reduce the performance of the processed code on some VMs, since advanced just-in-time compilation tends to favor more interfaces with fewer implementing classes. Worse, some VMs may not be able to handle the resulting code.

Obfuscation Options

-dontobfuscate
Specifies not to obfuscate the input class files. By default, obfuscation is applied; classes and class members receive new short random names, except for the ones listed by the various -keep options. Internal attributes that are useful for debugging, such as source files names, variable names, and line numbers are removed.
-printmapping [filename]
Specifies to print the mapping from old names to new names for classes and class members that have been renamed. The mapping is printed to the standard output or to the given file. For example, it is required for subsequent incremental obfuscation, or if you ever want to make sense again of obfuscated stack traces. Only applicable when obfuscating.
-applymapping filename
Specifies to reuse the given name mapping that was printed out in a previous obfuscation run of DexGuard. Classes and class members that are listed in the mapping file receive the names specified along with them. Classes and class members that are not mentioned receive new names. The mapping may refer to input classes as well as library classes. This option can be useful for incremental obfuscation, i.e. processing add-ons or small patches to an existing piece of code. If the structure of the code changes fundamentally, DexGuard may print out warnings that applying a mapping is causing conflicts. You may be able to reduce this risk by specifying the option -useuniqueclassmembernames in both obfuscation runs. Only a single mapping file is allowed. Only applicable when obfuscating.
-obfuscationdictionary filename
Specifies a text file from which all valid words are used as obfuscated field and method names. By default, short names like 'a', 'b', etc. are used as obfuscated names. With an obfuscation dictionary, you can specify a list of reserved key words, or identifiers with foreign characters, for instance. White space, punctuation characters, duplicate words, and comments after a # sign are ignored. Note that an obfuscation dictionary hardly improves the obfuscation. Decent compilers can automatically replace them, and the effect can fairly simply be undone by obfuscating again with simpler names. The most useful application is specifying strings that are typically already present in class files (such as 'Code'), thus reducing the class file sizes just a little bit more. Only applicable when obfuscating.
-classobfuscationdictionary filename
Specifies a text file from which all valid words are used as obfuscated class names. The obfuscation dictionary is similar to the one of the option -obfuscationdictionary. Only applicable when obfuscating.
-packageobfuscationdictionary filename
Specifies a text file from which all valid words are used as obfuscated package names. The obfuscation dictionary is similar to the one of the option -obfuscationdictionary. Only applicable when obfuscating.
-overloadaggressively
Specifies to apply aggressive overloading while obfuscating. Multiple fields and methods can then get the same names, as long as their arguments and return types are different, as required by Java bytecode (not just their arguments, as required by the Java language). This option can make the processed code even smaller (and less comprehensible). Only applicable when obfuscating.

Counter-indication: the resulting class files fall within the Java bytecode specification (cfr. The Java Virtual Machine Specification, Second Edition, first paragraphs of Section 4.5 and Section 4.6), even though this kind of overloading is not allowed in the Java language (cfr. The Java Language Specification, Third Edition, Section 8.3 and Section 8.4.5). Still, some tools have problems with it. Notably, the Dalvik VM can't handle overloaded static fields.

-useuniqueclassmembernames
Specifies to assign the same obfuscated names to class members that have the same names, and different obfuscated names to class members that have different names (for each given class member signature). Without the option, more class members can be mapped to the same short names like 'a', 'b', etc. The option therefore increases the size of the resulting code slightly, but it ensures that the saved obfuscation name mapping can always be respected in subsequent incremental obfuscation steps.

For instance, consider two distinct interfaces containing methods with the same name and signature. Without this option, these methods may get different obfuscated names in a first obfuscation step. If a patch is then added containing a class that implements both interfaces, DexGuard will have to enforce the same method name for both methods in an incremental obfuscation step. The original obfuscated code is changed, in order to keep the resulting code consistent. With this option in the initial obfuscation step, such renaming will never be necessary.

This option is only applicable when obfuscating. In fact, if you are planning on performing incremental obfuscation, you probably want to avoid shrinking and optimization altogether, since these steps could remove or modify parts of your code that are essential for later additions.

-dontusemixedcaseclassnames
Specifies not to generate mixed-case class names while obfuscating. By default, obfuscated class names can contain a mix of upper-case characters and lower-case characters. This creates perfectly acceptable and usable jars. Only if a jar is unpacked on a platform with a case-insensitive filing system (say, Windows), the unpacking tool may let similarly named class files overwrite each other. Code that self-destructs when it's unpacked! Developers who really want to unpack their jars on Windows can use this option to switch off this behavior. Obfuscated jars will become slightly larger as a result. Only applicable when obfuscating.
-keeppackagenames [package_filter]
Specifies not to obfuscate the given package names. The optional filter is a comma-separated list of package names. Package names can contain ?, *, and ** wildcards, and they can be preceded by the ! negator. Only applicable when obfuscating.
-flattenpackagehierarchy [package_name]
Specifies to repackage all packages that are renamed, by moving them into the single given parent package. Without argument or with an empty string (''), the packages are moved into the root package. This option is one example of further obfuscating package names. It can make the processed code smaller and less comprehensible. Only applicable when obfuscating.
-repackageclasses [package_name]
Specifies to repackage all class files that are renamed, by moving them into the single given package. Without argument or with an empty string (''), the package is removed completely. This option overrides the -flattenpackagehierarchy option. It is another example of further obfuscating package names. It can make the processed code even smaller and less comprehensible. Its deprecated name is -defaultpackage. Only applicable when obfuscating.

Counter-indication: classes that look for resource files in their package directories will no longer work properly if they are moved elsewhere. When in doubt, just leave the packaging untouched by not using this option.

Note: On Android, you should not use the empty string when classes like activities, views, etc. may be renamed. The Android run-time automatically prefixes package-less names in XML files with the application package name or with android.view. This is unavoidable but it breaks the application in this case.

-keepattributes [attribute_filter]
Specifies any optional attributes to be preserved. The attributes can be specified with one or more -keepattributes directives. The optional filter is a comma-separated list of attribute names that Java virtual machines and DexGuard support. Attribute names can contain ?, *, and ** wildcards, and they can be preceded by the ! negator. For example, you should at least keep the Exceptions, InnerClasses, and Signature attributes when processing a library. You should also keep the SourceFile and LineNumberTable attributes for producing useful obfuscated stack traces. Finally, you may want to keep annotations if your code depends on them. Only applicable when obfuscating.
-keepparameternames
Specifies to keep the parameter names and types of methods that are kept. This option actually keeps trimmed versions of the debugging attributes LocalVariableTable and LocalVariableTypeTable. It can be useful when processing a library. Some IDEs can use the information to assist developers who use the library, for example with tool tips or autocompletion. Only applicable when obfuscating. This option is not relevant for Android applications.
-renamesourcefileattribute [string]
Specifies a constant string to be put in the SourceFile attributes (and SourceDir attributes) of the class files. Note that the attribute has to be present to start with, so it also has to be preserved explicitly using the -keepattributes directive. For example, you may want to have your processed libraries and applications produce useful obfuscated stack traces. Only applicable when obfuscating.
-accessthroughreflection class_specification
Specifies to replace direct access to the specified classes and class members by reflection. Matching class references are then replaced by Class.forName constructs. Reads and writes of matching fields are replaced by Class.getField and Field.get/set constructs. Method invocation are replaced by Class.getMethod and Method.invoke constructs. For example, when processing the Android License Verification Library, you may want to add reflection for sensitive APIs in the Android run-time. Only applicable when obfuscating.
-encryptclasses [class_filter]
Specifies that classes whose names match the given filter should be encrypted. This makes it more difficult to disassemble or decompile them. "Obfuscated" would be a better word, since the processed code necessarily has to be able to reverse the encryption. It therefore increases the code size and introduces processing overhead at runtime, whenever the class is loaded or accessed. However, it raises the bar for any reverse engineering attempts. For example, if you have some sensitive license checking class, may want to protect it by encrypting it. Only applicable when obfuscating.

Counter-indications: It is not possible to encrypt classes that are explicitly preserved from obfuscation (in your configuration), extended by non-encrypted classes, or created by reflection (for instance because they are referenced from XML files).

Note: When encrypting classes in library projects, the code must set a temporary directory: 

System.setProperty("java.io.tmpdir", getDir("files", Context.MODE_PRIVATE).getPath());

Caveat: When encrypting classes in library projects, the encrypted classes must not contain references to classes or class members that are later on obfuscated in the final application projects. Once encrypted, classes can no longer be changed, so their references would become invalid. If encrypted classes do contain references to other non-encrypted classes in their library projects, these referenced classes and class members must be preserved from obfuscation in the application projects. If your requirements allow it, it is easier to encrypt classes when processing the final application.

Performance tip: Every access from an external class to an encrypted class carries some overhead, due to reflection. If performance is important in this part of your code, you can reduce the overhead by accessing the class through an interface that is not encrypted.

-encryptstrings [string_filter]
-encryptstrings class_specification
Specifies to encrypt string constants that either match the given filter or that are defined in matching classes. With a class specification without fields or methods, all strings in the matching class or classes are encrypted. With specified fields, the matching final String constants are encrypted. With specified methods, all strings in the matching methods are encrypted.

String encryption makes it more difficult to find them in disassembled or decompiled code. Again, "obfuscated" would be a better word, since the processed code necessarily has to be able to reverse the encryption. It therefore increases the code size and introduces processing overhead whenever the string is accessed. But again, it raises the bar for any reverse engineering attempts. For example, if you have hard-coded some key string, you may want to encrypt it to hide it a bit better. Also, if you are already accessing a class or a class member through introspection, you may want to obfuscate the resulting strings containing their names in the code. Only applicable when obfuscating.

Caveat: The current implementation does not support encrypting strings in static initializers in interfaces. Final string constants in interfaces are not a problem.

Performance tip: Every encrypted string is decrypted on the fly at run-time, without implicit caching. If performance of encrypted strings is important in some parts of your code, you can define them as private static String fields, so they are only decrypted once, when the class is initialized. Don't declare them as final though, because the compiler will then inline them again.

-adaptclassstrings [class_filter]
Specifies that string constants that correspond to class names should be obfuscated as well. Without a filter, all string constants that correspond to class names are adapted. With a filter, only string constants in classes that match the filter are adapted. For example, if your code contains a large number of hard-coded strings that refer to classes, and you prefer not to keep their names, you may want to use this option. Primarily applicable when obfuscating, although corresponding classes are automatically kept in the shrinking step too.
-adaptresourcefilenames [file_filter]
Specifies the resource files to be renamed, based on the obfuscated names of the corresponding class files (if any). Without a filter, all resource files that correspond to class files are renamed. With a filter, only matching files are renamed. For example, see processing resource files. Only applicable when obfuscating.
-adaptresourcefilecontents [file_filter]
Specifies the resource files whose contents are to be updated. Any class names mentioned in the resource files are renamed, based on the obfuscated names of the corresponding classes (if any). Without a filter, the contents of all resource files updated. With a filter, only matching files are updated. The resource files are parsed and written using UTF-8 encoding. For an example, see processing resource files. Only applicable when obfuscating.

Caveat: You probably only want to apply this option to text files, since parsing and adapting binary files as text files can cause unexpected problems. Therefore, make sure that you specify a sufficiently narrow filter.

-keepresourcexmlattributenames [name_filter]
Specifies the Android resource XML attribute names that should be preserved. Binary Android resource XML files are stored in the res directory and contain XML elements with attributes. Each attribute is identified by a name, but often also by a numeric identifier. The obfuscation step can then remove the name. you can preserve it with this option, if it is still required, for AttributeSet#getAttributeValue(namespace, name) or AttributeSet#getAttributeName(id). The filter is applied to strings of the form "element/element/.../element/attribute", based on the names of the nested elements and the attributes. For example, the Android runtime somewhat arbitrarily requires the names of the attributes "installLocation", "versionCode", and "name", in some elements in the Android manifest file. The examples for processing a complete Android application and for publishing on the Samsung app market show how they are preserved. Only applicable when obfuscating Android code.
-encryptassetfiles [file_filter]
Specifies the Android asset files that should be encrypted. Asset files are stored in the assets directory and can contain any data. The obfuscation step can automatically encrypt them and make sure they are decrypted on the fly at run-time. In order for this to work, the asset files must be streamed and their names must be specified as string constants. This means that your code must invoke the AsssetManager as follows: 
open("MyAssetFile")
Your configuration can then specify "-encryptassetfiles assets/MyAssetFile". Only applicable when obfuscating Android code.
-encryptnativelibraries [file_filter]
Specifies the Android native libraries that should be encrypted. Native libraries are packaged in subdirectories of the lib directory. The obfuscation step can automatically encrypt them and make sure they are decrypted on the fly at run-time. In order for this to work, your application must load the native library with a hard-coded library name: System.loadLibrary("mycode"). Your configuration can then specify "-encryptnativelibraries lib/**/libmycode.so", matching the complete path and name of the library. Note the wildcards: if a library is encrypted for one platform, it must be encrypted for all platforms. Only applicable when obfuscating Android code.

Note: When encrypting classes in library projects, the code should set a temporary directory, for maximum portability: 

System.setProperty("java.io.tmpdir", getDir("files", Context.MODE_PRIVATE).getPath());

Preverification Options

-dontpreverify
Specifies not to preverify the processed class files. By default, class files are preverified if they are targeted at Java Micro Edition or at Java 6 or higher. For Java Micro Edition, preverification is required, so you will need to run an external preverifier on the processed code if you specify this option. For Java 6, preverification is optional, but as of Java 7, it is required. Only when eventually targeting Android, it is not necessary, so you can then switch it off to reduce the processing time a bit. This option is not relevant for Android applications.
-microedition
Specifies that the processed class files are targeted at Java Micro Edition. The preverifier will then add the appropriate StackMap attributes, which are different from the default StackMapTable attributes for Java Standard Edition. For example, you will need this option if you are processing midlets. This option is not relevant for Android applications.
-android
Specifies that the processed class files are targeted at the Android platform. DexGuard will then make sure some features like string encryption and class encryption are compatible with Android. For example, you may need this option if you are processing libraries for Android. This option is always set in DexGuard.

Conversion Options

-dalvik
Specifies that the code is targeted at the Android platform and the Dalvik virtual machine. DexGuard will then convert the processed class files to the Dex format. The output will contain a single classes.dex file instead of many .class files. For example, you probably want to use this option if you are processing Android applications.

Jar Signing Options

-keystore filename
Specifies the key store file that contains your private signing key. Only required if you want DexGuard to sign the output jars.
-keystorepassword password
Specifies the password of the key store. Only required if you want DexGuard to sign the output jars.
-keyalias alias
Specifies the alias of the key that you want to select from the key store. Only required if you want DexGuard to sign the output jars.
-keypassword password
Specifies the password of the key. Only required if you want DexGuard to sign the output jars.

General Options

-verbose
Specifies to write out some more information during processing. If the program terminates with an exception, this option will print out the entire stack trace, instead of just the exception message.
-dontnote [class_filter]
Specifies not to print notes about potential mistakes or omissions in the configuration, such as typos in class names or missing options that might be useful. The optional filter is a regular expression; DexGuard doesn't print notes about classes with matching names.
-dontwarn [class_filter]
Specifies not to warn about unresolved references and other important problems at all. The optional filter is a regular expression; DexGuard doesn't print warnings about classes with matching names. Ignoring warnings can be dangerous. For instance, if the unresolved classes or class members are indeed required for processing, the processed code will not function properly. Only use this option if you know what you're doing!
-ignorewarnings
Specifies to print any warnings about unresolved references and other important problems, but to continue processing in any case. Ignoring warnings can be dangerous. For instance, if the unresolved classes or class members are indeed required for processing, the processed code will not function properly. Only use this option if you know what you're doing!
-printconfiguration [filename]
Specifies to write out the entire configuration that has been parsed, with included files and replaced variables. The structure is printed to the standard output or to the given file. This can sometimes be useful for debugging configurations, or for converting XML configurations into a more readable format.
-dump [filename]
Specifies to write out the internal structure of the class files, after any processing. The structure is printed to the standard output or to the given file. For example, you may want to write out the contents of a given jar file, without processing it at all. This option is not relevant for Android applications.

Class Paths

DexGuard accepts a generalization of class paths to specify input files and output files. A class path consists of entries, separated by the traditional path separator (e.g. ':' on Unix, or ';' on Windows platforms). The order of the entries determines their priorities, in case of duplicates.

Each input entry can be:

The paths of directly specified class files and resource files is ignored, so class files should generally be part of a jar file, an aar file, a war file, an ear file, a zip file, or a directory. In addition, the paths of class files should not have any additional directory prefixes inside the archives or directories.

Each output entry can be:

When writing output entries, DexGuard will generally package the results in a sensible way, reconstructing the input entries as much as required. Writing everything to an output directory is the most straightforward option: the output directory will contain a complete reconstruction of the input entries. The packaging can be almost arbitrarily complex though: you could process an entire application, packaged in a zip file along with its documentation, writing it out as a zip file again. The Examples section shows a few ways to restructure output archives.

Files and directories can be specified as discussed in the section on file names below.

In addition, DexGuard provides the possibility to filter the class path entries and their contents, based on their full relative file names. Each class path entry can be followed by up to 7 types of file filters between parentheses, separated by semi-colons:

If fewer than 7 filters are specified, they are assumed to be the latter filters. Any empty filters are ignored. More formally, a filtered class path entry looks like this: 

classpathentry([[[[[[aarfilter;]apkfilter;]zipfilter;]earfilter;]warfilter;]jarfilter;]filefilter)

Square brackets "[]" mean that their contents are optional.

For example, "android.jar(java/**.class,javax/**.class)" matches all class files in the java and javax directories inside the android jar.

For example, "input.jar(!**.gif,images/**)" matches all files in the images directory inside the input jar, except gif files.

The different filters are applied to all corresponding file types, irrespective of their nesting levels in the input; they are orthogonal.

For example, "input.war(lib/**.jar,support/**.jar;**.class,**.gif)" only considers jar files in the lib and support directories in the input war, not any other jar files. It then matches all class files and gif files that are encountered.

The filters allow for an almost infinite number of packaging and repackaging possibilities. The Examples section provides a few more examples for filtering input and output.

File Names

DexGuard accepts absolute paths and relative paths for the various file names and directory names. A relative path is interpreted as follows:

The names can contain Java system properties (or Ant properties, when using Ant), delimited by angular brackets, '<' and '>'. The properties are automatically replaced by their corresponding values.

For example, <java.home>/lib/rt.jar is automatically expanded to something like /usr/local/java/jdk/jre/lib/rt.jar. Similarly, <user.home> is expanded to the user's home directory, and <user.dir> is expanded to the current working directory.

Names with special characters like spaces and parentheses must be quoted with single or double quotes. Each file name in a list of names has to be quoted individually. Note that the quotes themselves may need to be escaped when used on the command line, to avoid them being gobbled by the shell.

For example, on the command line, you could use an option like '-injars "my program.jar":"/your directory/your program.jar"'.

File Filters

Like general filters, a file filter is a comma-separated list of file names that can contain wildcards. Only files with matching file names are read (in the case of input jars), or written (in the case of output jars). The following wildcards are supported:
? matches any single character in a file name.
* matches any part of a filename not containing the directory separator.
** matches any part of a filename, possibly containing any number of directory separators.
For example, "java/**.class,javax/**.class" matches all class files in the java and javax.

Furthermore, a file name can be preceded by an exclamation mark '!' to exclude the file name from further attempts to match with subsequent file names.

For example, "!**.gif,images/**" matches all files in the images directory, except gif files.

The Examples section provides a few more examples for filtering input and output.

Filters

DexGuard offers options with filters for many different aspects of the configuration: names of files, directories, classes, packages, attributes, optimizations, etc.

A filter is a list of comma-separated names that can contain wildcards. Only names that match an item on the list pass the filter. The supported wildcards depend on the type of names for which the filter is being used, but the following wildcards are typical:
? matches any single character in a name.
* matches any part of a name not containing the package separator or directory separator.
** matches any part of a name, possibly containing any number of package separators or directory separators.
For example, "foo,*bar" matches the name foo and all names ending with bar.

Furthermore, a name can be preceded by a negating exclamation mark '!' to exclude the name from further attempts to match with subsequent names. So, if a name matches an item in the filter, it is accepted or rejected right away, depending on whether the item has a negator. If the name doesn't match the item, it is tested against the next item, and so on. It if doesn't match any items, it is accepted or rejected, depending on the whether the last item has a negator or not.

For example, "!foobar,*bar" matches all names ending with bar, except foobar.

Overview of Keep Options

The various -keep options for shrinking and obfuscation may seem a bit confusing at first, but there's actually a pattern behind them. The following table summarizes how they are related:

Keep From being removed or renamed From being renamed
Classes and class members -keep -keepnames
Class members only -keepclassmembers -keepclassmembernames
Classes and class members, if class members present -keepclasseswithmembers -keepclasseswithmembernames

Each of these -keep options is of course followed by a specification of the classes and class members (fields and methods) to which it should be applied.

If you're not sure which option you need, you should probably simply use -keep. It will make sure the specified classes and class members are not removed in the shrinking step, and not renamed in the obfuscation step.

attention

Keep Option Modifiers

includedescriptorclasses
Specifies that any classes in the type descriptors of the methods and fields that the -keep option keeps should be kept as well. This is typically useful when keeping native method names, to make sure that the parameter types of native methods aren't renamed either. Their signatures then remain completely unchanged and compatible with the native libraries.
allowshrinking
Specifies that the entry points specified in the -keep option may be shrunk, even if they have to be preserved otherwise. That is, the entry points may be removed in the shrinking step, but if they are necessary after all, they may not be optimized or obfuscated.
allowoptimization
Specifies that the entry points specified in the -keep option may be optimized, even if they have to be preserved otherwise. That is, the entry points may be altered in the optimization step, but they may not be removed or obfuscated. This modifier is only useful for achieving unusual requirements.
allowobfuscation
Specifies that the entry points specified in the -keep option may be obfuscated, even if they have to be preserved otherwise. That is, the entry points may be renamed in the obfuscation step, but they may not be removed or optimized. This modifier is only useful for achieving unusual requirements.

Class Specifications

A class specification is a template of classes and class members (fields and methods). It is used in the various -keep options and in the -assumenosideeffects option. The corresponding option is only applied to classes and class members that match the template.

The template was designed to look very Java-like, with some extensions for wildcards. To get a feel for the syntax, you should probably look at the examples, but this is an attempt at a complete formal definition: 

[@annotationtype] [[!]public|final|abstract|@ ...] [!]interface|class|enum classname
    [extends|implements [@annotationtype] classname]
[{
    [@annotationtype] [[!]public|private|protected|static|volatile|transient ...] <fields> |
                                                                      (fieldtype fieldname);
    [@annotationtype] [[!]public|private|protected|static|synchronized|native|abstract|strictfp ...] <methods> |
                                                                                           <init>(argumenttype,...) |
                                                                                           classname(argumenttype,...) |
                                                                                           (returntype methodname(argumenttype,...));
    [@annotationtype] [[!]public|private|protected|static ... ] *;
    ...
}]

Square brackets "[]" mean that their contents are optional. Ellipsis dots "..." mean that any number of the preceding items may be specified. A vertical bar "|" delimits two alternatives. Non-bold parentheses "()" just group parts of the specification that belong together. The indentation tries to clarify the intended meaning, but white-space is irrelevant in actual configuration files.

Copyright © 2002-2014 Saikoa BVBA.