android混淆

 

 

一、理论知识 ProGuard是一款免费的Java类文件压缩器、优化器和混淆器。它能发现并删除无用类、字段（field）、方法和属性值（attribute）。它也能优化字节码并删除无用的指令。最后，它使用简单无意义的名字来重命名你的类名、字段名和方法名。经过以上操作的jar文件会变得更小，并很难进行逆向工程。二、基本使用 在Android应用程序也可以使用ProGuard来进行混洗打包，大大的优化Apk包的大小。但是注意ProGuard对文件路径的名名很有讲究，不支持括号，也不支持空格。在混淆过后，可以在工程目录的proguard中的mapping.txt看到混淆后的类名，方法名，变量名和混淆前的类名，方法名，变量名。 在使用Eclipse或Ant打包应用程序时，都是使用Android工程目录的project.properties文件来指定配置。关于Android中如何使用ant打包请参考《Android中使用Ant编译打包》在使用Eclipse新建一个工程，都会在工程目录下生产配置project.properties和proguard-project.tx。文件如下所示：例1# To enable ProGuard to shrink and obfuscate your code, uncomment this (available properties: sdk.dir, user.home):#proguard.config=${sdk.dir}/tools/proguard/proguard-android.txt:proguard-project.txt# Project target.target=android-10project.properties用于配置Android工程的一些属性，#号的话表示当前行是注释，这里的proguard.config就用于指定ProGuard的混淆配置文件，并对使用release方式打包应用程序时开启代码混淆功能。对于是否是使用release方式打包，和AndroidManifest.xml中application的android:debuggable属性有很多关系。如果该值为android:debuggable="true"，那么最终就是debug方式打包。最明智的方式就是在AndroidManifest.xml并不显示的指定它，而是是打包工具在打包时来决定它最终的值。对于ant就是ant release或ant debug。而对于直接在Eclipse中使用run 或debgu来打包的话就是debug,使用export的话就是release.proguard.config=${sdk.dir}/tools/proguard/proguard-android.txt:proguard-project.txt这里的话指定了混淆的基本配置文件proguard-android.txt，和混淆的个性化配置文件proguard-project.txt。这里proguard-project.txt文件用于对前面的基本的混淆配置文件proguard-android.txt的配置进行override和添加。混淆的基本配置文件proguard-android.txt如下：文件1# This is a configuration file for ProGuard.# http://proguard.sourceforge.net/index.html#manual/usage.html-dontusemixedcaseclassnames-dontskipnonpubliclibraryclasses-verbose# Optimization is turned off by default. Dex does not like code run# through the ProGuard optimize and preverify steps (and performs some# of these optimizations on its own).-dontoptimize-dontpreverify# Note that if you want to enable optimization, you cannot just# include optimization flags in your own project configuration file;# instead you will need to point to the# "proguard-android-optimize.txt" file instead of this one from your# project.properties file.-keepattributes *Annotation*-keep public class com.google.vending.licensing.ILicensingService-keep public class com.android.vending.licensing.ILicensingService# For native methods, see http://proguard.sourceforge.net/manual/examples.html#native-keepclasseswithmembernames class * { native ;}# keep setters in Views so that animations can still work.# see http://proguard.sourceforge.net/manual/examples.html#beans-keepclassmembers public class * extends android.view.View { void set*(***); *** get*();}# We want to keep methods in Activity that could be used in the XML attribute onClick-keepclassmembers class * extends android.app.Activity { public void *(android.view.View);}# For enumeration classes, see http://proguard.sourceforge.net/manual/examples.html#enumerations-keepclassmembers enum * { public static **[] values(); public static ** valueOf(java.lang.String);}-keep class * implements android.os.Parcelable { public static final android.os.Parcelable$Creator *;}-keepclassmembers class **.R$* { public static ;}# The support library contains references to newer platform versions.# Don't warn about those in case this app is linking against an older# platform version. We know about them, and they are safe.-dontwarn android.support.**以下则个是我们项目混淆的个性化配置文件proguard-project.txt# To enable ProGuard in your project, edit project.properties# to define the proguard.config property as described in that file.## Add project specific ProGuard rules here.# By default, the flags in this file are appended to flags specified# in ${sdk.dir}/tools/proguard/proguard-android.txt# You can edit the include path and order by changing the ProGuard# include property in project.properties.## For more details, see# http://developer.android.com/guide/developing/tools/proguard.html# Add any project specific keep options here:# If your project uses WebView with JS, uncomment the following# and specify the fully qualified class name to the JavaScript interface# class:#-keepclassmembers class fqcn.of.javascript.interface.for.webview {# public *;#}-dontwarn android.**-dontwarn edu.edut.lsf.payment.link.**-libraryjars ..\Download_Install\lib\classes.jar-keep class org.jboss.netty.util.internal.AtomicFieldUpdaterUtil-keep class org.jboss.netty.util.internal.AtomicFieldUpdaterUtil$Node-keep class org.jboss.netty.util.internal.LinkedTransferQueue$Node-keep class edu.edut.robin.activities.LeWebJsActivity$AppStoreInterface-keepclasseswithmembers class * { public static void main(java.lang.String[]);}-keepclasseswithmembers class org.jboss.netty.util.internal.AtomicFieldUpdaterUtil$Node { *;}-keepclasseswithmembers class edu.edut.robin.activities.LeWebActionActivity$AppstoreWebInterface { *;}-keepclasseswithmembers class edu.edut.robin.utils.SilentInstallAssistant$* { *;}-keepclasseswithmembers class edu.edut.robin.silentinstaller.utils.SilentInstallAssistant$* { *;}-keepclasseswithmembers class edu.edut.robin.utils.Pm$* { *;}-keepclasseswithmembers class org.jboss.netty.util.internal.LinkedTransferQueue { volatile transient org.jboss.netty.util.internal.LinkedTransferQueue$Node head; volatile transient org.jboss.netty.util.internal.LinkedTransferQueue$Node tail; volatile transient int sweepVotes;}-keepclasseswithmembers class org.jboss.netty.util.internal.LinkedTransferQueue$Node { *;}-keepclasseswithmembers class edu.edut.robin.activities.LeWebJsActivity$AppStoreInterface { *;}-keepclasseswithmembers class * extends edu.edut.lsf.payment.WebSubmitInterface { *;}-keepclasseswithmembers class edu.edut.lsf.payment.WebSubmitInterface { *;}-keep public class com.unionpay.** {*; }-keep public class edu.edut.lsf.** {*; }注：由于牵扯到保密的问题，一些关于项目的东西换成了edu.edut或edu.edut.robin三、混淆配置详解另外以下是关于混淆配置文件的一些说明：-injars androidtest.jar【jar包所在地址】 -outjars out【输出地址】-libraryjars 'D:\android-sdk-windows\platforms\android-9\android.jar' 【引用的库的jar，用于解析injars所指定的jar类】 -optimizationpasses 5-dontusemixedcaseclassnames 【混淆时不会产生形形色色的类名 】puzzle-dontskipnonpubliclibraryclasses 【指定不去忽略非公共的库类。 】 puzzle-dontpreverify 【不预校验】-verbose-optimizations !code/simplification/arithmetic,!field/*,!class/merging/* 【优化】puzzle-keep public class * extends android.app.Activity　　【不进行混淆类名的类，保持其原类名和包名】-keep public abstract interface com.asqw.android.Listener{public protected ; 【所有public protected的方法名不进行混淆】}-keep public class com.asqw.android{public void Start(java.lang.String); 【对该方法不进行混淆】}-keepclasseswithmembernames class * { 【对所有类的native方法名不进行混淆】native ;}-keepclasseswithmembers class * { 【对所有类的指定方法的方法名不进行混淆】public (android.content.Context, android.util.AttributeSet);}-keepclassmembers class * extends android.app.Activity {【对所有类的指定方法的方法名不进行混淆】public void *(android.view.View);}-keepclassmembers enum * {【对枚举类型enum的所有类的以下指定方法的方法名不进行混淆】public static **[] values();public static ** valueOf(java.lang.String);}-keep class * implements android.os.Parcelable {【对实现了Parcelable接口的所有类的类名不进行混淆，对其成员变量为Parcelable$Creator类型的成员变量的变量名不进行混淆】public static final android.os.Parcelable$Creator *;}-keepclasseswithmembers class org.jboss.netty.util.internal.LinkedTransferQueue {【对指定类的指定变量的变量名不进行混淆】 volatile transient org.jboss.netty.util.internal.LinkedTransferQueue$Node head; volatile transient org.jboss.netty.util.internal.LinkedTransferQueue$Node tail; volatile transient int sweepVotes;}-keep public class com.unionpay.** {*; }【对com.unionpay包下所有的类都不进行混淆，即不混淆类名，也不混淆方法名和变量名】结束！以上内容是转载，因为项目需要混淆，所以查询网上各种资料，恩，心情比较着急也没有静下心来仔细看文档，不过风风火火的找了各种资料后发现，网上版本基本相同的。大概上面这个最合适了。仔细研究了下，基本混淆成功。耗时3天。因为感觉比较详细了，所以直接写出自己子啊项目中用到的jar包和对应的混淆脚本。说明两点，第一点，自己定义的bean是不能混淆的暂时主要说四个常用的：-libraryjars libs/android-support-v4.jar-dontwarn android.support.v4.** -keep class android.support.v4.** { *; } -keep interface android.support.v4.app.** { *; } -keep public class * extends android.support.v4.** -keep public class * extends android.app.Fragment-libraryjars libs/gson-2.2.4.jar-dontwarn com.google.gson.** ##---------------Begin: proguard configuration for Gson ----------# Gson uses generic type information stored in a class file when working with fields. Proguard# removes such information by default, so configure it to keep all of it.-keepattributes Signature# Gson specific classes-keep class sun.misc.Unsafe { *; }#-keep class com.google.gson.stream.** { *; }# Application classes that will be serialized/deserialized over Gson-keep class com.google.gson.examples.android.model.** { *; }##---------------End: proguard configuration for Gson -----------libraryjars libs/baidumapapi.jar-dontwarn com.baidu.mapapi.** -keep class com.baidu.mapapi.** {*;}-libraryjars libs/zbar.jar-dontwarn net.sourceforge.zbar.** -keep class net.sourceforge.zbar.** { *; }