B4J Question Code Obfuscation with the External tool jShrink

[hatzisn]

Good morning everyone,

is there any chance to obfuscate a created .jar file with this tool externally and then add it to the Standalone using B4JPackager11 ?

Jshrink: Java Shrinker and Obfuscator

I tried to obfuscate the jar and it seems it does it successfully. Then I used the external tool of B4JPackager11 changing the jarfile in packager.json to the newly created and obfuscated. It shows an error. Can I change somethothing in B4JPackager11? I also tried to change the TargetModule in B4JPackager11 and I get the same problem.

Edit - I unchecked all fields in "Eliminate..." section in options

Spoiler: Here is the error

B4JPackager11 Version 1.21
Exe name: DHQI_Scanner.exe
InputJar: result2.jar
Running: C:\Del\obf\temp\FindDosPath.exe
Running: C:\B4X\Java\jdk-11.0.1\bin\jar
Package name: b4j.example
Running: C:\B4X\Java\jdk-11.0.1\bin\jdeps

Exception in thread "main" java.lang.Error: java.util.concurrent.ExecutionException: com.sun.tools.classfile.Dependencies$ClassFileError
at jdk.jdeps/com.sun.tools.jdeps.DependencyFinder.waitForTasksCompleted(DependencyFinder.java:272)
at jdk.jdeps/com.sun.tools.jdeps.DependencyFinder.parse(DependencyFinder.java:132)
at jdk.jdeps/com.sun.tools.jdeps.DepsAnalyzer.run(DepsAnalyzer.java:129)
at jdk.jdeps/com.sun.tools.jdeps.JdepsTask$AnalyzeDeps.run(JdepsTask.java:747)
at jdk.jdeps/com.sun.tools.jdeps.JdepsTask$AnalyzeDeps.run(JdepsTask.java:734)
at jdk.jdeps/com.sun.tools.jdeps.JdepsTask.run(JdepsTask.java:560)
at jdk.jdeps/com.sun.tools.jdeps.JdepsTask.run(JdepsTask.java:519)
at jdk.jdeps/com.sun.tools.jdeps.Main.main(Main.java:49)
Caused by: java.util.concurrent.ExecutionException: com.sun.tools.classfile.Dependencies$ClassFileError
at java.base/java.util.concurrent.FutureTask.report(FutureTask.java:122)
at java.base/java.util.concurrent.FutureTask.get(FutureTask.java:191)
at jdk.jdeps/com.sun.tools.jdeps.DependencyFinder.waitForTasksCompleted(DependencyFinder.java:268)
... 7 more
Caused by: com.sun.tools.classfile.Dependencies$ClassFileError
at jdk.jdeps/com.sun.tools.classfile.Dependencies$BasicDependencyFinder$Visitor.scan(Dependencies.java:610)
at jdk.jdeps/com.sun.tools.classfile.Dependencies$ClassDependencyFinder.findDependencies(Dependencies.java:475)
at jdk.jdeps/com.sun.tools.jdeps.DependencyFinder$Finder.findDependencies(DependencyFinder.java:312)
at jdk.jdeps/com.sun.tools.jdeps.DependencyFinder.lambda$parse$5(DependencyFinder.java:198)
at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515)
at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at java.base/java.lang.Thread.run(Thread.java:834)
Caused by: com.sun.tools.classfile.ConstantPool$InvalidIndex: invalid index #14
at jdk.jdeps/com.sun.tools.classfile.ConstantPool.get(ConstantPool.java:269)
at jdk.jdeps/com.sun.tools.classfile.ConstantPool.get(ConstantPool.java:280)
at jdk.jdeps/com.sun.tools.classfile.ConstantPool.getUTF8Info(ConstantPool.java:287)
at jdk.jdeps/com.sun.tools.classfile.ConstantPool.getUTF8Value(ConstantPool.java:307)
at jdk.jdeps/com.sun.tools.classfile.Descriptor.getValue(Descriptor.java:75)
at jdk.jdeps/com.sun.tools.classfile.Signature.getType(Signature.java:48)
at jdk.jdeps/com.sun.tools.classfile.Dependencies$BasicDependencyFinder$Visitor.scan(Dependencies.java:620)
at jdk.jdeps/com.sun.tools.classfile.Dependencies$BasicDependencyFinder$Visitor.scan(Dependencies.java:605)
... 9 more

 

[MegatenFreak]

Doesn't B4J's obfuscation already do the trick with all variable and function names (that don't contain underscores)?
Does Jshrink provide further security?

 

[agraham]

I don't think that you can independently obfuscate only a single jar. The compiled app as a whole needs to be obfuscated as the variable and symbol names need to be changed globally in the app.

 

[hatzisn]

Doesn't B4J's obfuscation already do the trick with all variable and function names (that don't contain underscores)?
Does Jshrink provide further security?

Hi @MegatenFreak , JShrink obfuscates also the code and not just variable and procedure names. A trial will let you see for your eyes.

 

[hatzisn]

I don't think that you can independently obfuscate only a single jar. The compiled app as a whole needs to be obfuscated as the variable and symbol names need to be changed globally in the app.

Hi @agraham, what I did was obfuscate normally through B4J and then obfuscate through jShrink. Since the variable and procedure names are already changed through B4J I cannot imagine why can't it work. The fact is that through external B4JPackager11 the B4J jar is obfuscated and after changing target module in it (B4JPackager) to the new name and try to package the jshrink obfuscated jar it produces this error.

 

[agraham]

is there any chance to obfuscate a created .jar file with this tool externally and then add it to the Standalone using B4JPackager11 ?

Sorry, I misunderstood what you meant. I thought you meant adding a separate jar somehow to a standalone package.

Have you tried jShrinking a a non-obfuscated app to see if that works?

 

[Erel]

Based on the error the obfuscator produces invalid bytecode. Make sure that this tool is compatible with Java 11 and specifically Java 9 modules system.
You will also need to avoid renaming method names as it will cause the events to fail.

It will not be simple to get it working.

 

[hatzisn]

Based on the error the obfuscator produces invalid bytecode. Make sure that this tool is compatible with Java 11 and specifically Java 9 modules system.
You will also need to avoid renaming method names as it will cause the events to fail.

It will not be simple to get it working.

Thanks for your reply. I already contacted the programmer yesterday and he tried to make sure that I use version 2.43. I answered positively and now I wait for him for his advice.