Retrologic Systems Retrologic Systems Retrologic Systems
RetroGuard for Java Obfuscation
  RetroGuard  |  CAPTCHA  |  Contracting  |  Resellers  |  Contact

Serializable Classes - RetroGuard Documentation


Prev   Contents   Next

Serialization has some subtleties, unrelated to obfuscation, that you should be familiar with before using it. See the java.io.Serializable Java API documentation to get started, and the article Advanced Serializable for more details. In particular, it is always a good idea to specify a method of the following form in all serializable classes:

private static final long serialVersionUID = 42L; // replace '42' with class-specific id

This explicitly specifies a version identifier for each serializable class instead of computing it using the default 'classfile hash' method. The 'classfile hash' method can cause InvalidClassException's during de-serialization, in particular when transferring a serialized object between unobfuscated and obfuscated software.

To preserve serializable classes from obfuscation, add a script line:

.option Serializable

This is exactly equivalent to the script lines:

.method;private **/writeObject (Ljava/io/ObjectOutputStream;)V extends java/io/Serializable
.method;private **/readObject (Ljava/io/ObjectInputStream;)V extends java/io/Serializable
.method **/writeReplace ()Ljava/lang/Object; extends java/io/Serializable
.method **/readResolve ()Ljava/lang/Object; extends java/io/Serializable
.field;static;final **/serialVersionUID J extends java/io/Serializable
.field;static;final **/serialPersistentFields [Ljava/io/ObjectStreamField; extends java/io/Serializable
.class ** extends java/io/Serializable
.field;!transient;!static ** * extends java/io/Serializable

Several of these lines show how 'access modifiers' can be used to limit the scope of the wildcards '**' and '*'. For example, consider the '.method' script line:

.method;private **/writeObject (Ljava/io/ObjectOutputStream;)V extends java/io/Serializable

This means, preserve only the 'private' methods that have the specified signature and that are in serializable classes.

Also, consider the '.field' script line:

.field;!transient;!static ** * extends java/io/Serializable

This means, preserve only the non-'transient', non-'static' fields in all serializable classes.

Prev   Contents   Next
RetroGuard Newsletter
Your email address will be kept strictly confidential and never provided to third parties. Unsubscribe using the email address beneath each mailing.
Copyright © 1998-2007 Retrologic Systems. retroguard | captcha | contracting | resellers | site map | contact
All rights reserved. site terms | privacy policy