Android code obfuscation-it turns out to be so simple

A xxx.apk is submitted to the test,

OK. Pour a cup of water and check out the webpage ~~~~~

Er, I suddenly felt that I should improve the security of my code,

Remember to read the APK and decompress it directly, and then it is easy to decompile. Java

Looking for it, it's just a minute,

1. Get the classes. Dex file. Open the. APK file directly with the decompression software on your machine.

Decompress the classes. Dex file (this is the prefix of. jar-it should be said later)

　　

2. Restore the. jar file; this step requires a tool dex2jar (Google's code library contains a http://code.google.com/p/dex2jar)

It's not hard to see what he did, right? (That's right, it's about restoring Dex to a jar package)

After the download is complete, decompress the package and put the first step (that is, the classes. Dex file) into the dex2jar decompress directory.

(Unzip the dex2jar. BAT file in the directory. Check whether the directory is correct or not)

　　

CMD command line, switch the directory to the dex2jar directory (The. Sh file is executed in Linux)

"Dex2jar. Bat classes. Dex"

After you see "done" in the command line, the "classes. Dex. dex2jar. Jar" file will appear in the dex2jar folder,

This is the legendary jar package.

　　

3, view the. jar file; this step is the traditional decompilation, need tool assistance, the tool I use here is JD-Gui (http://java.decompiler.free.fr /? Q = jdgui)

Download the corresponding version of your system, decompress it, (My XP system), you will see a. EXE file, that is, a single file green version.

Double-click and select the. jar file generated in step 2. OK, is your project completely restored? (If the internal class is used, the restored structure seems a little dislike)

That's right. It's easy to expose your code?

[I will not post a picture here, the company's project]

Okay, let's talk about how to confuse it. Many articles on the Internet that introduce proguard to confuse Android projects are copied and pasted,

I have been talking about it for a long time, but I have never understood it ,......

Is proguard displayed in the android SDK \ tools directory?

Create a 2.3.3 project. Do you see a proguard. cfg file in the project file?

Well, the great Google has already helped us with so many things. Unfortunately, it started from 2.3,

What should I do for a miserable Project (based on SDK 2.2? (Do I Have To cruelly set the project attribute to 2.3?

In fact, even if you do, Google will not add the proguard. cfg file for you)

You just need to copy the proguard. cfg file to your old project,

Of course, this is not enough, because Google does not confuse projects by default.

To enable proguard so that it runs as part of an ant or eclipse build,

Set the proguard. config property in the <project_root>/Default. properties file.

The path can be an absolute path or a path relative to the project's root.

Google tells us to configure Default. Properties

Well,

Add proguard. Config = proguard. cfg

Okay. generate a new. APK file again,

Then decompile your project using the above method. You will see the aa bb cc package, the aa bb cc class, and the variable name and method name of aa bb cc.

I believe that you are also confused, right?

Let's look at the proguard. cfg file.

-optimizationpasses 5-dontusemixedcaseclassnames-dontskipnonpubliclibraryclasses-dontpreverify-verbose-optimizations !code/simplification/arithmetic,!field/*,!class/merging/*-keep public class * extends android.app.Activity-keep public class * extends android.app.Application-keep public class * extends android.app.Service-keep public class * extends android.content.BroadcastReceiver-keep public class * extends android.content.ContentProvider-keep public class com.android.vending.licensing.ILicensingService-keepclasseswithmembernames class * {    native <methods>;}-keepclasseswithmembernames class * {    public <init>(android.content.Context, android.util.AttributeSet);}-keepclasseswithmembernames class * {    public <init>(android.content.Context, android.util.AttributeSet, int);}-keepclassmembers enum * {    public static **[] values();    public static ** valueOf(java.lang.String);}-keep class * implements android.os.Parcelable {  public static final android.os.Parcelable$Creator *;}

If this file is not available, create one by yourself.

Here, Google does not confuse the subclass of activity, service... class by default, as shown in the above section, the subclass names of all activities are reserved.

If you want to customize obfuscation details, consider this configuration file.