Android notes: Anti-decompilation and code obfuscation. Some Ideas about solving third-party jar packages that are not obfuscated, and the anti-obfuscation method of gson

To prevent code decompilation, You need to confuse the code before exporting the signature. Recently, I found that a project of my own encountered an exception in code obfuscation. The following are some of my experiences in solving code obfuscation and introducing third-party jar packages that may cause obfuscation in the past few days:

1. obfuscation protection:

(1. Generally, four components are not confused by default.

(2. Set the class of the custom component to not be confused; otherwise, the control cannot be found, for example:

-keep public class rongqin.musicplayer.view.LrcView-keep public class com.viewpagerindicator.TitlePageIndicator-keep public class com.viewpagerindicator.LinePageIndicator

(3) classes of the called third-party jar package

2. Locate the class for the compilation exception after Obfuscation

650) this. width = 650; "src =" http://www.bkjia.com/uploads/allimg/131228/0633524037-0.png "title =" pro.png "/>

After code obfuscation, the class names are changed. The following is a stupid method to quickly identify exceptions.

1 first, according to the exception information, we can know that the exception occurs in the com. a. a. c. a folder.

These class files are all in the decompiled classes. dex. dex2jar. jar file.

650) this. width = 650; "src =" http://www.bkjia.com/uploads/allimg/131228/0633526305-1.png "title =" aaaaaaa.png "/>

(2) switch the eclipse project view to package presentation-> Hierarchical. After switching, you can see the directory structure of the project.

650) this. width = 650; "src =" http://www.bkjia.com/uploads/allimg/131228/0633524G3-2.png "title =" 22222222222222222222.png"/>

3. Then you can find the corresponding class according to the approximate directory structure.

For example, com. a. a. c. class a, your project package name is rongqin, com package is the package name of the imported third-party jar package, according to com. a. under directory a, there are four abcd folders and a bunch of classes. After comparison, we can find the problems caused by the jar package gson. The consumer implements code obfuscation protection for the gson class in proguard-project.txt.

650) this. width = 650; "src =" http://www.bkjia.com/uploads/allimg/131228/0633521Y7-3.png "title =" 3333333333.png"/>

After finding the folder, if the directory contains multiple class files, you also need to determine which class the obfuscated class corresponds. In this case, you can use the mapping file in the proguard directory of the project to find the confusion correspondence between each class, so as to identify the abnormal class.

3. Handling of gson anti-code obfuscation

To use the gson class, you must use proguard-project to protect the gson class from obfuscation. You can directly Add the following statements to the proguard-project:

##---------------Begin: proguard configuration for Gson ----------# Gson uses generic type information stored in a class file when working with fields. Proguard# removes such information by default, so configure it to keep all of it.-keepattributes Signature# Gson specific classes-keep class sun.misc.Unsafe { *; }#-keep class com.google.gson.stream.** { *; }# Application classes that will be serialized/deserialized over Gson-keep class com.google.gson.examples.android.model.** { *; }##---------------End: proguard configuration for Gson ----------

References: http://stackoverflow.com/questions/8129040/proguard-missing-type-parameter

In addition, because the key variable name of the corresponding type needs to be consistent with that in the json file when the gson class is used to parse json, all the classes in this part should also be protected against obfuscation. For example:

-keep public class rongqin.util.SongJson-keep public class rongqin.util.SongJson.** { *; }-keepclassmembers class rongqin.util.SongJson {   public *;}-keepclasseswithmembernames class rongqin.util.SongJson {public *;}

At this point, it is finally achieved, and no exception is displayed. There may be more effective methods, and I hope you will be enlightened and have more exchanges.

This article is from the "no trace in the sky but I fly over" blog. For more information, contact the author!