Android Code Obfuscation

One, code obfuscation definition

Java is a cross-platform, interpreted language. Java source code is compiled into the intermediate "bytecode" stored in the class file. Because of the need for cross-platform, Java bytecode contains very much source code information. such as variable name, method name. And through these names to access variables and methods, these symbols with a lot of semantic information, very easy to be anti-compiled into Java source code.

To prevent this, we can use the Java obfuscation to confuse Java bytecode.

Confusion is the release of the program to organize and process again, so that the code after processing and processing before the completion of the same function of the code. And the confusing code is very difficult to decompile, even if the anti-compilation success is very hard to get out of the real semantics of the program.

The obfuscated program code is still in accordance with the original file format and instruction set, and the result is the same as before the confusion, only the obfuscation will be all the variables in the code, functions, class name into a short English letter code. In the absence of a corresponding function name and program gaze, even if it is deserialized, it will be difficult to read.

Confusion is irreversible at the same time, and in the process of confusion some information that does not affect the normal execution is permanently lost. The loss of this information makes the program more difficult to understand.

The function of the obfuscation is not only to protect the code, it also has the function of simplifying the post-compilation program size. Because of the shortened variables and function names described above and the reasons for missing some of the information. The size of the jar file can be reduced by approximately 25% after compilation, which makes sense for the more expensive wireless network transmission at the current cost.

Second, the confusion of the document PROGUARD.CFG specific explanation

<span style= "FONT-SIZE:14PX;"                                                      >-optimizationpasses 5 # Specifies the compression level of the Code-dontusemixedcaseclassnames                                                # whether to use uppercase and lowercase mixed-dontskipnonpubliclibraryclasses # whether to confuse third party jar-dontpreverify # confusion when it is No pre-calibration-verbose # If the log-optimizations is logged when confused!code/simpl                               ification/arithmetic,!field/*,!class/merging/* # Obfuscation algorithm-keep public class * extends Android.app.Activity # Keep What classes are not confused-keep public class * extends Android.app.Application # Keep what classes do not  Be confused-keep public class * extends Android.app.Service # Keep What classes are not confused-keep public class * extends Android.content.BroadcastReceiver # Keep What classes are not confused-keep public class * extends Android.content.ContenTprovider # Keep What classes are not confused-keep public class * extends Android.app.backup.BackupAgentHelper # Keep What classes are not confused-keep public class * extends Android.preference.Preference # Keep What classes are not confused-keep public class com                                           . Android.vending.licensing.ILicensingService # Keep What classes are not confused-keepclasseswithmembernames class * { # Keep native method not to be confused native <methods>;} -keepclasseswithmembers class * {# keeps its own defined control classes are not confused with the public <init> (and Roid.content.Context, Android.util.AttributeSet);}     -keepclasseswithmembers class * {public <init> (Android.content.Context, android.util.AttributeSet, int); # keep your own defined control class not to be confused}-keepclassmembers class * extends android.app.Activity {# Keep yourself defined control class not to be confused public V OID * (Android.view.View);} -keepclassmembers enum * {# keep Enum enum class not confused public static **[] VALues (); public static * * VALUEOF (java.lang.String);} -keep class * Implements android.os.Parcelable {# Keep Parcelable not confused public static final Android.os.parcelable$creator *;}                                                            -keep class MyClass; # Keep your defined classes from being confused </span>

Third, the method of code confusion

There are 2 different code obfuscation methods depending on the version number of the SDK. The information involved in the specific explanation of the above proguard.cfg parameters is a confusing script under the lower version number SDK , in fact the SDK in the high version number The principle of confusion and the number of references are similar to the lower version number, only in the context of the different SDK version number of the introduction of confusing scripts in the same way.

Specific methods such as the following:

• Low version number SDK , the same time in the project includes proguard.cfg  And project.properties File. It is only necessary to project.properties file Join at the end proguard. config= proguard.cfg will be able to export the project again.
• High version number SDK , the same time in the project includes Proguard-project.txt And  project.properties file, you need to proguard-project.txt File For example, configure the following information, and thenthen export the project to。

  The following is a demonstration of a real file.

<span style= "FONT-SIZE:14PX;" ># This file was automatically generated by Android tools.# does not modify this file--YOUR changes would be erased!## Th Is file must are checked in Version Control systems.## to customize properties used by the Ant build system edit# "Ant.prop Erties ", and override values to adapt the script to your# project structure.## to enable Proguard to shrink and obfuscate Your code, uncomment this (available Properties:sdk.dir, user.home): #proguard. config=${sdk.dir}/tools/proguard/ Proguard-android.txt:proguard-project.txtproguard.config=${sdk.dir}/tools/proguard/proguard-android.txt: proguard-project.txt# Project Target.target=android-16</span>

Iv. Retention of certain packages is not confusing

The above configuration information is In the project.properties file, the blue text is the configuration information we need to include in the code obfuscation process. Middle:sdk.dir is the installation path for your SDK on the current machine .

Suppose you want to keep a file under a package that is not confused, you can add a statement that preserves the corresponding package name in the proguard-project.txt file.

<span style= "FONT-SIZE:14PX;" ># to enable Proguard in your project, edit project.properties# to define the Proguard.config property as described in That file.## ADD project specific Proguard rules here.# by default, the "The flags in" This file is appended to the flags specified # in ${sdk.dir}/tools/proguard/proguard-android.txt# You can edit the include path and order by changing the Proguard# Inc Lude project.properties.## For more details, see#   http://developer.android.com/guide/developing/tools /proguard.html# ADD any project specific keep options Here:-dontwarn com.cnki.android.cnkireader.**-keep class Com.cnki. android.cnkireader.** {*;} # If your project uses WebView with JS, uncomment the following# and specify the fully qualified class name to the JAVASCR IPT interface# Class:#-keepclassmembers class Fqcn.of.javascript.interface.for.webview {# public   *;#}</span >

Android Code Obfuscation