 | |||
| |||
|
Retrologic Systems | |
|
| |||
|
|
||
Serializable Classes - RetroGuard Documentation
Serialization has some subtleties, unrelated to obfuscation, that you should be familiar with before using it. See the java.io.Serializable Java API documentation to get started, and the article Advanced Serializable for more details. In particular, it is always a good idea to specify a method of the following form in all serializable classes:
private static final long serialVersionUID = 42L; // replace '42' with class-specific id
This explicitly specifies a version identifier for each serializable class instead of computing it using the default 'classfile hash' method. The 'classfile hash' method can cause InvalidClassException's during de-serialization, in particular when transferring a serialized object between unobfuscated and obfuscated software. To preserve serializable classes from obfuscation, add a script line:
.option Serializable
This is exactly equivalent to the script lines:
.method;private **/writeObject (Ljava/io/ObjectOutputStream;)V extends java/io/Serializable
Several of these lines show how 'access modifiers' can be used to limit the scope of the wildcards '**' and '*'. For example, consider the '.method' script line:
.method;private **/writeObject (Ljava/io/ObjectOutputStream;)V extends java/io/Serializable
This means, preserve only the 'private' methods that have the specified signature and that are in serializable classes. Also, consider the '.field' script line:
.field;!transient;!static ** * extends java/io/Serializable
This means, preserve only the non-'transient', non-'static' fields in all serializable classes.
| ||||||||||||
| ||||||||||||||||||||