Android proguard: androidproguard

Android proguard: androidproguard
Introduction

Java code is very easy to decompile. To protect the Java source code, we often confuse compiled class files.

ProGuard is an open-source project for obfuscation of code. Its main function is obfuscation. Of course, it can also reduce the size and optimize the bytecode, but it is a secondary feature for us. Official Website:

Http://proguard.sourceforge.net /.

Details 1. Principles
Java is a cross-platform and interpreted language. Java source code is compiled into an intermediate "bytecode" and stored in class files. Because of cross-platform requirements, Java bytecode contains a lot of source code information, such as variable names and method names, and these names are used to access variables and methods. These symbols contain a lot of semantic information, it is easy to decompile into Java source code. To prevent this problem, we can use the Java obfuscator to confuse Java bytecode.

Obfuscation means re-organizing and processing the released programs, so that the processed code and the pre-processing code have the same functions, and the obfuscated code is difficult to be decompiled, even if the decompilation succeeds, it is difficult to obtain the true semantics of the program. The program code that has been obfuscated still follows the original file format and instruction set, and the execution result is the same as before, the obfuscator only changes the names of all variables, functions, and classes in the Code into short letters and codes. In the absence of corresponding function names and program comments, even if they are decompiled, it will be hard to read. At the same time, obfuscation is irreversible. During the obfuscation process, information that does not affect normal operation will be lost permanently. The loss of such information makes the program more difficult to understand.

Obfuscators not only protect code, but also reduce the size of compiled programs. Due to the reduction of variable and function names and the loss of some information described above, the size of the compiled jar file can be reduced by approximately 25%, this makes some sense for the currently expensive wireless network transmission. 2. Syntax

-Include {filename}: Read the Configuration Parameter-basedirectory {directoryname} from the specified file and specify the base directory as the file name-injars {class_path, war, ear, and directory-outjars {class_path} specify the jar, war, ear, and directory name to be output after processing-libraryjars {classpath} specify the application jar to be processed, the library file-dontskipnonpubliclibraryclasses required by war, ear, and directory specifies that non-public library classes are not ignored. -Dontskipnonpubliclibraryclassmembers specifies that the visible Library Class Members of the package are not ignored. Keep option-keep {Modifier} {class_specification} to protect the members of the specified class files and class-keepclassmembers {modifier} {class_specification, if these classes are protected, they will be better protected-keepclasseswithmembers {class_specification} protects the members of the specified classes and classes, but the condition is that all specified classes and Class Members must exist. -Keepnames {class_specification} protects the names of members of the specified class and class (if they are not compressed and deleted in the step) -keepclassmembernames {class_specification} protects the names of members of the specified class (if they are not removed in the compression step)-keepclasseswithmembernames {class_specification} protects the names of members of the specified class and class, if all specified class members are present (after the compression step)-printseeds {filename} lists the Member-keep options of the Class and Class, standard output to a given File compression-dontshrink does not compress the input class file-printusage {filename}-whyareyoukeeping {class_specification} Optimization assume that the specified method, no side effects-classes and class members with modifiers can be accessed and modified during allowaccessmodification Optimization-dontobfuscate class files without obfuscation-printmapping {filename}-applymapping {filename} Reuse confusion added by ing-obfuscationdictionary {filename} use the keyword in the given file as the name of the method to be obfuscated-during overloadaggressively obfuscation, the application intrusive overload-useuniqueclassmembernames determines the name of the same Obfuscation -flattenpackagehierarchy {package_name} repacks all renamed packages and places them in a given single package-repackageclass {package_name} repacks all renamed class files and places them in a given package-dontusemixedcaseclassnames obfuscated -keepattributes {attribute_name ,...} protects specified optional attributes, such as LineNumberTable, LocalVariableTable, SourceFile, Deprecated, Synthetic, Signature, and InnerClasses. -renamesourcefileattribute {string}: Set the given string constant in the source file.

Demo instance

-Ignorewarnings # ignore warnings, avoid certain warnings during packaging-optimizationpasses 5 # specify the compression level of the code-dontusemixedcaseclassnames # whether to use case-sensitive hybrid-dontskipnonpubliclibraryclasses # whether to use pre-check-verbose when obfuscation # # Check whether logs are recorded during obfuscation-optimizations! Code/simplification/arithmetic ,! Field /*,! Class/merging/* # algorithm used for obfuscation-libraryjars libs/treecore. jar-dontwarn android. support. v4. ** # by default, proguard checks whether each reference is correct. However, third-party libraries often have classes that are not used and are not correctly referenced. If not configured, the system reports an error. -Dontwarn android. OS. **-keep class android. support. v4. ** {*;} # keep classes that are not Obfuscated-keep class com. baidu. ** {*;}-keep class vi.com. gdi. bgl. android. ** {*;}-keep class android. OS. ** {*;}-keep interface android. support. v4.app. ** {*;}-keep public class * extends android. support. v4. **-keep public class * extends android. app. fragment-keep public class * extends android. app. activity-keep public class * extends android. app. application-keep public class * extends android. app. service-keep public class * extends android. content. broadcastReceiver-keep public class * extends android. content. contentProvider-keep public class * extends android. support. v4.widget-keep public class * extends com. sqlcrypt. database-keep public class * extends com. sqlcrypt. database. sqlite-keep public class * extends com. treecore. **-keep public class * extends de. greenrobot. dao. **-keepclasseswithmembernames class * {# Keep native methods not obfuscated native <methods> ;} -keepclasseswithmembers class * {# Keep the custom control class not obfuscated with public <init> (android. content. context, android. util. attributeSet);}-keepclasseswithmembers class * {# Keep the custom control class not obfuscated with public <init> (android. content. context, android. util. attributeSet, int);}-keepclassmembers class * extends android. app. activity {// keep the class member public void * (android. view. view);}-keepclassmembers enum * {# Keep The enum class from being confused public static ** [] values (); public static ** valueOf (java. lang. string);}-keep class * implements android. OS. parcelable {# Keep Parcelable not to be confused public static final android. OS. parcelable $ Creator *;}-keep class MyClass; # keep the class defined by yourself not confused

3. File

The ProGuard is automatically run when the apk is packaged in release mode. The release mode here refers to the use of the ant release command or eclipse project-> android tools-> export signed (unsigned)
Application package to generate an apk.
In debug mode, proguard is not called for faster debugging.
 
If the ant command is used to package the apk, The proguard information file will be saved in the <project_root>/bin/proguard folder;
If you use the eclipse export command for packaging, it will be in the <project_root>/proguard folder. It contains the following files:

Mapping.txt
Indicates the code comparison table before and after obfuscation. This file is very important. If your code is uploaded to the bug, the logprompt indicates the code behind the Code. If you want to locate the code, you can use mapping.txt to push back the code.
Every release should keep it so that logs can be called up for troubleshooting when there is a problem with the version. It can be saved or put into the code version control based on the version number or release time name.

Dump.txt
Describes the internal structure of all class files in the apk.

Seeds.txt
Lists the classes and members that are not obfuscated.

Usage.txt
Lists the codes that are deleted from the source code and do not exist in the apk.

4. unobfuscated code

As the name suggests, codes cannot be obfuscated; otherwise, errors may occur.

1. Radiation location

2. System Interface

3. Jni Interface

4,

Android. app. backup. BackupAgentHelper
Android. preference. Preference

Com. android. vending. licensing. ILicensingService

......

5. bug (Common Errors) 1. Proguard returned with error code 1. See console

1. Update the proguard version.
2. android-support-v4 is not obfuscated

3. Add a missing Library

2. missing type parameter exception occurs when gson package is used to parse data

1. Add in proguard. cfg

-dontobfuscate-dontoptimize

2. Add in proguard. cfg

# removes such information by default, so configure it to keep all of it.-keepattributes Signature# Gson specific classes-keep class sun.misc.Unsafe { *; }#-keep class com.google.gson.stream.** { *; }# Application classes that will be serialized/deserialized over Gson-keep class com.google.gson.examples.android.model.** { *; }

3. type conversion error-keepattributes Signature

4. NULL pointer exception

Obfuscation filters out related classes and Methods

5. Android code obfuscation and reflection conflicts, maps cannot be displayed, and other problems and decompilation methods. Android Decompilation

Previous code obfuscation, because reflection is not used, the conventional code obfuscation method can be passed once, in this example, some classes use the reflection mechanism (my project has the instant messaging function, so there are emoticon resources, so we need to find the emoticon resource id through reflection ), when the file name is used to find the resource id, a null pointer exception is reported. At the beginning of this period, I did not know why. By decompiling the obfuscated apk, I found the error step by step, there is a problem with the reflection step: Field field = R. drawable. class. getDeclaredField (name); after this step, the program crashes.

Solution:
1. In the proguard. cfg file, do not confuse variables in the classes used for reflection:
For example,-keep public class com. byl. bean. Expressions {*;} indicates that the Expressions class and all variables and methods in the class are not obfuscated. Be sure to write the full path;
2. Filter generics:-keepattributes Signature
3. The most important thing is to keep the R file not obfuscated. Otherwise, your reflection will not get the resource id:-keep class **. R$ *{*;}


To add this question, after the previous problem is solved, another problem is that after obfuscation, the map cannot be used normally. The blogger uses Baidu map on proguard. cfg has also been written:
-Keep class com. baidu .**{*;}
-Keep class vi.com .**{*;}

6. android. provider. Settings $ Global

# Project target.
Target = android-19

7. java. lang. reflect. UndeclaredThrowableException

-Keep interface com. dev. impl .**

8. memory overflow and failure to write the stack javaOptions in proguard: = Seq (...)
Or
JavaOptions in (Proguard, proguard): = Seq (...)

9. Error: Unable to access jarfile .. \ lib \ proguard. jar

Path Problems

10. java. lang. NoSuchMethodError has no related methods, and the methods are obfuscated. You can filter out the related methods by obfuscation.

11. Professional website bug Solutions

Http://proguard.sourceforge.net/index.html#manual/troubleshooting.html

Summary

With obfuscation technology, you no longer have to worry about being stolen...