Android Project Practice (25): Android studio obfuscation + packaging + verification, androidstudio

Android Project Practice (25): Android studio obfuscation + packaging + verification, androidstudio

Preface:

For Android projects, huanxin is used in instant messaging recently.

Add the following keep to the ProGuard file.

-Keep class com. hyphenate. ** {*;}-dontwarn com. hyphenate .**

 

That is, obfuscation rules. I have not written any articles about obfuscation and packaging.

The following describes how to package projects in the Android studio environment.

 

Bytes ----------------------------------------------------------------------------------------

I. Packaging:

That is, the androidproject will generate the .apk file for the user to install.

1. tool bar Build-> Generate Signed APK ..

2. When this interface appears, the edit box is blank for the first time, and then click "Crete new ...".

3. Here, fill in some relevant information. The specific content will not be detailed.

 

4. Go Back To Step 1. Click Next, select release Finish for Build Type, and generate the APK package of the project under the apk Destination Folder directory.

 

The packaging process is as follows: over.

Bytes ----------------------------------------------------------------------------------------

2. Obfuscation

All developers know that we can use some tools to decompile an Apk and get the resources. The good intention may be to refer to the excellent code in your project. Poor intentions may decompile the Apk to find vulnerabilities in your project and threaten project security.

So now, before packaging a project, we need to confuse the project, so that the Apk cannot be decompiled easily, improving the product security.

Obfuscation operations require some configuration.

Modify the code in the android {} area in the build. gradle file under the app directory

1,

// Execute the lint check. If any error or warning prompt is displayed, the building of lintOptions {abortOnError false} will be terminated}

2,

BuildTypes {debug {// display Log buildConfigField "boolean", "LOG_DEBUG", "true" versionNameSuffix "-debug" minifyEnabled false zipAlignEnabled false shrinkResources false signingConfig signingConfigs. debug} release {// Log buildConfigField "boolean", "LOG_DEBUG ", "false" // obfuscation minifyEnabled true // Zipalign optimized zipAlignEnabled true // removed useless resource file shrinkResources true // The first part represents the default android program obfuscation file, this file already contains the basic obfuscation statement. The next file is your own definition obfuscation file proguardFiles getDefaultProguardFile('proguard-android.txt '), 'proguard-rules. pro '}}

 

3. Modify proguard

First, some fixed

-Keepclassmembers class fqcn. of. javascript. interface. for. webview {public *;} # specify the compression level of the code-optimizationpasses 5 # package case insensitive-dontusemixedcaseclassnames # Do not ignore non-public library classes-dontskipnonpubliclibraryclasses # optimize input class files-dontoptimize # pre-check-Check- dontpreverify # Whether to record logs during obfuscation-verbose # The algorithm used for obfuscation-optimizations! Code/simplification/arithmetic ,! Field /*,! Class/merging/* # protection Annotation-keepattributes * Annotation * # keep classes not Obfuscated-keep public class * extends android. app. fragment-keep public class * extends android. app. activity-keep public class * extends android. app. application-keep public class * extends android. app. service-keep public class * extends android. content. broadcastReceiver-keep public class * extends android. content. contentProvider-keep public class * e Xtends android. app. backup. backupAgentHelper-keep public class * extends android. preference. preference-keep public class com. android. vending. licensing. ILicensingService # if there is a reference v4 package, you can add the following line-keep public class * extends android. support. v4.app. fragment # ignore warning-ignorewarning # record generated log data, when gradle is built, the project's root directory outputs ### internal structure of all classes in the apk package-dump proguard/class_files.txt # unobfuscated classes and members-printseeds proguard/seeds.txt # list delete in apk Code excluded-printusage proguard/unused.txt # ing before and after obfuscation-printmapping proguard/mapping.txt ####### record generated log data, during gradle build,-end ####### if v4 or v7 package-dontwarn android is referenced. support. ** #### obfuscation protects part of the code of your project and the referenced third-party jar package library-end ##### keep THE native METHOD unobfuscated-keepclasseswithmembernames class * {native <methods> ;} # Keep custom control classes unchanged-keepclasseswithmembers class * {public <init> (android. content. context, android. util. attributeSet );} # Keep custom control classes unchanged-keepclassmembers class * extends android. app. activity {public void * (android. view. view);}-keep public class * extends android. view. view {public <init> (android. content. context); public <init> (android. content. context, android. util. attributeSet); public <init> (android. content. context, android. util. attributeSet, int); public void set *(...);} # keep Parcelable unchanged-keep class * implements Ndroid. OS. parcelable {public static final android. OS. parcelable $ Creator *;} # Keep Serializable unchanged-keepnames class * implements java. io. serializable # Keep Serializable from confusion and the enum class from confusion-keepclassmembers class * implements java. io. serializable {static final long serialVersionUID; private static final java. io. objectStreamField [] serialPersistentFields ;! Static! Transient <fields> ;! Private <fields> ;! Private <methods>; private void writeObject (java. io. objectOutputStream); private void readObject (java. io. objectInputStream); java. lang. object writeReplace (); java. lang. object readResolve () ;}# keep enumeration enum classes unobfuscated-keepclassmembers enum * {public static ** [] values (); public static ** valueOf (java. lang. string);}-keepclassmembers class * {public void * ButtonClicked (android. view. view) ;}# do not confuse the resource class-keepclassmembers class **. r$ * {public static <fields >;}# avoid confusion and generics. If confusion is reported, we recommend that you disable it #-keepattributes Signature

 

Then it is added based on the third-party added in the project. Generally, it is included in the third-party documents.

For example:

# Gson # If the Gson parsing package is used, you can directly Add the following lines to successfully confuse them. Otherwise, an error will be reported. -Keepattributes Signature # Gson specific classes-keep class sun. misc. unsafe {*;} # Application classes that will be serialized/deserialized over Gson-keep class com. google. gson. ** {*;}-keep class com. google. gson. stream. ** {*;} # mob-keep class android.net. http. sslError-keep class android. webkit. ** {*;}-keep class cn. sharesdk. ** {*;}-keep class com. sina. ** {*;}-keep class m. framework. ** {*;}-keep CIA Ss **. r$ * {*;}-keep class **. R {*;}-dontwarn cn. sharesdk. **-dontwarn **. r$ * # butterknife-keep class butterknife. ** {*;}-dontwarn butterknife. internal. **-keep class ** $ ViewBinder {*;}-keepclasseswithmembernames class * {@ butterknife. * <fields >;}-keepclasseswithmembernames class * {@ butterknife. * <methods> ;} ###### other referenced modules can be directly configured in this obfuscation file of the app # If a tool such as Gson is used, the an class to be parsed by it is the entity class obfuscated. -Keep class com. matrix. app. entity. json. ** {*;}-keep class com. matrix. javasdk. network. model. **{*;} ##### obfuscation and Protection of part of the code of your project and the referenced third-party jar package library ####### if you use it in the current application module or dependent library module third-party libraries, you do not need to explicitly add rules #-libraryjars xxx # You may encounter multiple specified errors in the same jar package, generally, you only need to add a declaration that ignores the warning and keeps some classes from being confused. # Open-source projects are referenced in the form of libaray. If you do not want to confuse the keep, build the introduced module. set minifyEnabled = false-keep class com in gradle. nineoldandroids. ** {*;}-keep interface com. nineoldandroids. ** {*;}-dontwarn com. nineoldandroids. ** # pull-down refresh-keep class in. srain. cube. ** {*;}-keep interface in. srain. cube. ** {*;}-dontwarn in. srain. cube. ** # observablescrollview: tab fragment-keep class com. github. ksoichiro. ** {*;}-keep interface com. github. ksoichiro. ** {*;}-dontwarn com. github. ksoichiro. **

 

So far, the first step of packaging is to generate the mixed Apk.

 

 

Bytes ----------------------------------------------------------------------------------------

3. decompile the Apk to verify if the Apk has been confused

Here we use a tool

Dex2jar (source code file retrieval) download

These two files are downloaded.

1. Manually change the downloaded apk file to. Zip. decompress the package to obtain a series of files.

Find the classes. dex file (which is compiled by the java file and packaged by the dx tool) and copy it to the dex2jar-2.0 file we downloaded.

2. Locate the directory of dex2jar. bat in the command line, and enter

d2j-dex2jar.bat   classes.dex

Note that the First Command needs to correspond to the d2j-dex2jar.bat file in your folder

 

 AClasses_dex2jar.jar, then open jd-gui.exe in the jd-guifile,

Then use the tool to open the previously generated classes_dex2jar.jar file, and you can see the source code. The effect is as follows: the name is changed to a, B, c, d, and so on.