android混淆

 

 

一、理論知識 ProGuard是一款免費的Java類文件壓縮器、優化器和混淆器。它能發現並刪除無用類、字段（field）、方法和屬性值（attribute）。它也能優化字節碼並刪除無用的指令。最後，它使用簡單無意義的名字來重命名你的類名、字段名和方法名。經過以上操作的jar文件會變得更小，並很難進行逆向工程。二、基本使用 在Android應用程序也可以使用ProGuard來進行混洗打包，大大的優化Apk包的大小。但是注意ProGuard對文件路徑的名名很有講究，不支持括號，也不支持空格。在混淆過後，可以在工程目錄的proguard中的mapping.txt看到混淆後的類名，方法名，變量名和混淆前的類名，方法名，變量名。 在使用Eclipse或Ant打包應用程序時，都是使用Android工程目錄的project.properties文件來指定配置。關於Android中如何使用ant打包請參考《Android中使用Ant編譯打包》在使用Eclipse新建一個工程，都會在工程目錄下生產配置project.properties和proguard-project.tx。文件如下所示：例1# To enable ProGuard to shrink and obfuscate your code, uncomment this (available properties: sdk.dir, user.home):#proguard.config=${sdk.dir}/tools/proguard/proguard-android.txt:proguard-project.txt# Project target.target=android-10project.properties用於配置Android工程的一些屬性，#號的話表示當前行是註釋，這裏的proguard.config就用於指定ProGuard的混淆配置文件，並對使用release方式打包應用程序時開啓代碼混淆功能。對於是否是使用release方式打包，和AndroidManifest.xml中application的android:debuggable屬性有很多關係。如果該值爲android:debuggable="true"，那麼最終就是debug方式打包。最明智的方式就是在AndroidManifest.xml並不顯示的指定它，而是是打包工具在打包時來決定它最終的值。對於ant就是ant release或ant debug。而對於直接在Eclipse中使用run 或debgu來打包的話就是debug,使用export的話就是release.proguard.config=${sdk.dir}/tools/proguard/proguard-android.txt:proguard-project.txt這裏的話指定了混淆的基本配置文件proguard-android.txt，和混淆的個性化配置文件proguard-project.txt。這裏proguard-project.txt文件用於對前面的基本的混淆配置文件proguard-android.txt的配置進行override和添加。混淆的基本配置文件proguard-android.txt如下：文件1# This is a configuration file for ProGuard.# http://proguard.sourceforge.net/index.html#manual/usage.html-dontusemixedcaseclassnames-dontskipnonpubliclibraryclasses-verbose# Optimization is turned off by default. Dex does not like code run# through the ProGuard optimize and preverify steps (and performs some# of these optimizations on its own).-dontoptimize-dontpreverify# Note that if you want to enable optimization, you cannot just# include optimization flags in your own project configuration file;# instead you will need to point to the# "proguard-android-optimize.txt" file instead of this one from your# project.properties file.-keepattributes *Annotation*-keep public class com.google.vending.licensing.ILicensingService-keep public class com.android.vending.licensing.ILicensingService# For native methods, see http://proguard.sourceforge.net/manual/examples.html#native-keepclasseswithmembernames class * { native ;}# keep setters in Views so that animations can still work.# see http://proguard.sourceforge.net/manual/examples.html#beans-keepclassmembers public class * extends android.view.View { void set*(***); *** get*();}# We want to keep methods in Activity that could be used in the XML attribute onClick-keepclassmembers class * extends android.app.Activity { public void *(android.view.View);}# For enumeration classes, see http://proguard.sourceforge.net/manual/examples.html#enumerations-keepclassmembers enum * { public static **[] values(); public static ** valueOf(java.lang.String);}-keep class * implements android.os.Parcelable { public static final android.os.Parcelable$Creator *;}-keepclassmembers class **.R$* { public static ;}# The support library contains references to newer platform versions.# Don't warn about those in case this app is linking against an older# platform version. We know about them, and they are safe.-dontwarn android.support.**以下則個是我們項目混淆的個性化配置文件proguard-project.txt# To enable ProGuard in your project, edit project.properties# to define the proguard.config property as described in that file.## Add project specific ProGuard rules here.# By default, the flags in this file are appended to flags specified# in ${sdk.dir}/tools/proguard/proguard-android.txt# You can edit the include path and order by changing the ProGuard# include property in project.properties.## For more details, see# http://developer.android.com/guide/developing/tools/proguard.html# Add any project specific keep options here:# If your project uses WebView with JS, uncomment the following# and specify the fully qualified class name to the JavaScript interface# class:#-keepclassmembers class fqcn.of.javascript.interface.for.webview {# public *;#}-dontwarn android.**-dontwarn edu.edut.lsf.payment.link.**-libraryjars ..\Download_Install\lib\classes.jar-keep class org.jboss.netty.util.internal.AtomicFieldUpdaterUtil-keep class org.jboss.netty.util.internal.AtomicFieldUpdaterUtil$Node-keep class org.jboss.netty.util.internal.LinkedTransferQueue$Node-keep class edu.edut.robin.activities.LeWebJsActivity$AppStoreInterface-keepclasseswithmembers class * { public static void main(java.lang.String[]);}-keepclasseswithmembers class org.jboss.netty.util.internal.AtomicFieldUpdaterUtil$Node { *;}-keepclasseswithmembers class edu.edut.robin.activities.LeWebActionActivity$AppstoreWebInterface { *;}-keepclasseswithmembers class edu.edut.robin.utils.SilentInstallAssistant$* { *;}-keepclasseswithmembers class edu.edut.robin.silentinstaller.utils.SilentInstallAssistant$* { *;}-keepclasseswithmembers class edu.edut.robin.utils.Pm$* { *;}-keepclasseswithmembers class org.jboss.netty.util.internal.LinkedTransferQueue { volatile transient org.jboss.netty.util.internal.LinkedTransferQueue$Node head; volatile transient org.jboss.netty.util.internal.LinkedTransferQueue$Node tail; volatile transient int sweepVotes;}-keepclasseswithmembers class org.jboss.netty.util.internal.LinkedTransferQueue$Node { *;}-keepclasseswithmembers class edu.edut.robin.activities.LeWebJsActivity$AppStoreInterface { *;}-keepclasseswithmembers class * extends edu.edut.lsf.payment.WebSubmitInterface { *;}-keepclasseswithmembers class edu.edut.lsf.payment.WebSubmitInterface { *;}-keep public class com.unionpay.** {*; }-keep public class edu.edut.lsf.** {*; }注：由於牽扯到保密的問題，一些關於項目的東西換成了edu.edut或edu.edut.robin三、混淆配置詳解另外以下是關於混淆配置文件的一些說明：-injars androidtest.jar【jar包所在地址】 -outjars out【輸出地址】-libraryjars 'D:\android-sdk-windows\platforms\android-9\android.jar' 【引用的庫的jar，用於解析injars所指定的jar類】 -optimizationpasses 5-dontusemixedcaseclassnames 【混淆時不會產生形形色色的類名 】puzzle-dontskipnonpubliclibraryclasses 【指定不去忽略非公共的庫類。 】 puzzle-dontpreverify 【不預校驗】-verbose-optimizations !code/simplification/arithmetic,!field/*,!class/merging/* 【優化】puzzle-keep public class * extends android.app.Activity　　【不進行混淆類名的類，保持其原類名和包名】-keep public abstract interface com.asqw.android.Listener{public protected ; 【所有public protected的方法名不進行混淆】}-keep public class com.asqw.android{public void Start(java.lang.String); 【對該方法不進行混淆】}-keepclasseswithmembernames class * { 【對所有類的native方法名不進行混淆】native ;}-keepclasseswithmembers class * { 【對所有類的指定方法的方法名不進行混淆】public (android.content.Context, android.util.AttributeSet);}-keepclassmembers class * extends android.app.Activity {【對所有類的指定方法的方法名不進行混淆】public void *(android.view.View);}-keepclassmembers enum * {【對枚舉類型enum的所有類的以下指定方法的方法名不進行混淆】public static **[] values();public static ** valueOf(java.lang.String);}-keep class * implements android.os.Parcelable {【對實現了Parcelable接口的所有類的類名不進行混淆，對其成員變量爲Parcelable$Creator類型的成員變量的變量名不進行混淆】public static final android.os.Parcelable$Creator *;}-keepclasseswithmembers class org.jboss.netty.util.internal.LinkedTransferQueue {【對指定類的指定變量的變量名不進行混淆】 volatile transient org.jboss.netty.util.internal.LinkedTransferQueue$Node head; volatile transient org.jboss.netty.util.internal.LinkedTransferQueue$Node tail; volatile transient int sweepVotes;}-keep public class com.unionpay.** {*; }【對com.unionpay包下所有的類都不進行混淆，即不混淆類名，也不混淆方法名和變量名】結束！以上內容是轉載，因爲項目需要混淆，所以查詢網上各種資料，恩，心情比較着急也沒有靜下心來仔細看文檔，不過風風火火的找了各種資料後發現，網上版本基本相同的。大概上面這個最合適了。仔細研究了下，基本混淆成功。耗時3天。因爲感覺比較詳細了，所以直接寫出自己子啊項目中用到的jar包和對應的混淆腳本。說明兩點，第一點，自己定義的bean是不能混淆的暫時主要說四個常用的：-libraryjars libs/android-support-v4.jar-dontwarn android.support.v4.** -keep class android.support.v4.** { *; } -keep interface android.support.v4.app.** { *; } -keep public class * extends android.support.v4.** -keep public class * extends android.app.Fragment-libraryjars libs/gson-2.2.4.jar-dontwarn com.google.gson.** ##---------------Begin: proguard configuration for Gson ----------# Gson uses generic type information stored in a class file when working with fields. Proguard# removes such information by default, so configure it to keep all of it.-keepattributes Signature# Gson specific classes-keep class sun.misc.Unsafe { *; }#-keep class com.google.gson.stream.** { *; }# Application classes that will be serialized/deserialized over Gson-keep class com.google.gson.examples.android.model.** { *; }##---------------End: proguard configuration for Gson -----------libraryjars libs/baidumapapi.jar-dontwarn com.baidu.mapapi.** -keep class com.baidu.mapapi.** {*;}-libraryjars libs/zbar.jar-dontwarn net.sourceforge.zbar.** -keep class net.sourceforge.zbar.** { *; }