Confuse Android code with Proguard

Currently some tools such as Apktool,dextojar are able to decompile our Android installation package to get the source code. In order to reduce by others to crack, resulting in source code leaks, programs are stolen in lieu of code, and so on. We need to confuse the code, the Android SDK provides us with the Progrard tool, the ability to confuse the code (usually renamed with a meaningless name), and to remove unused code, optimize and compress the program, so as to add the difficulty you want. Recently I did the project, is I go to configure the confusion configuration, so study a bit, here to share.

How to enable the Proguardant project and Eclipse Project Enablement methods

In the project's project.properties file, add the code.

Proguard.config=proguard.cfg//proguard.cfg configuration file for Proguard
PROGUARD.CONFIG=/PATH/TO/PROGUARD.CFG//path is not in the Project root folder, fill in the actual path

After filling out this configuration, the release will be packaged in accordance with our configuration to confuse, note that in our usual debug is not confused.

Gradle Project (and Android Studio)

Configuring in Build.gradle

android {buildtypes {release {Runproguard true Proguardfi   Les Getdefaultproguardfile (' proguard-android.txt '), ' some-other-rules.txt '//proguardfile ' some-other-rules.txt ' Configure a single file So}}}  

As seen in the code above, we are able to use runproguard true to turn on, and configure it with a confusing configuration to be able to configure multiple files or individual files.

The Android SDK has provided us with two default profiles, which we can use, Proguard-android.txt and Proguard-android-optimize.txt.

Proguard Configuration

It says Android gives us two default profiles, in which we can see some of his syntax. This section is a descriptive narrative.

Retention options (Configure what is not processed)

-keep {Modifier} {class_specification} protects the specified class file and members of the class
-keepclassmembers {Modifier} {Class_ Specification} protects the members of the specified class, assuming that this class is protected and that they will protect the members of the specified class and class for better
-keepclasseswithmembers {class_specification} protection. However, the condition is that all specified classes and class members are to be present.
-keepnames {class_specification} protects the names of the specified classes and members of the class (assuming they are not removed in the compression step)
-keepclassmembernames {class_specification} Protects the names of members of the specified class (assuming they are not removed in the compression step)
-keepclasseswithmembernames {class_specification} protects the names of the members of the specified class and class, Assuming that all the specified class members are present (after the compression step)
-printseeds {filename} lists the members of the class and class-keep the list of options, standard output to the given file

Compression

-dontshrink does not compress the input class file
-printusage {filename}
-whyareyoukeeping {class_specification}

Optimization

-dontoptimize does not optimize the input class file
-assumenosideeffects {class_specification} optimization if the specified method, no matter what side effects
-allowaccessmodification Consent to access and modify members of classes and classes with modifiers

Confuse

-dontobfuscate does not confuse the input class file
-obfuscationdictionary {filename} with the keyword in the given file as the name of the method to be confused
- Overloadaggressively obfuscation when applying intrusive overloads
-useuniqueclassmembernames to determine the member name of a uniform obfuscation class to add? obfuscation
-flattenpackagehierarchy { Package_name} wraps all the renamed packages again and puts them in a given single package
-repackageclass {package_name} again wraps all the renamed class files in a given single package
- Dontusemixedcaseclassnames confusion does not produce a variety of class names
-keepattributes {attribute_name,...} protects a given optional attribute, such as linenumbertable, Localvariabletable, SourceFile, Deprecated, synthetic, Signature, and innerclasses.
-renamesourcefileattribute {String} sets the string constant given in the source file

The following file names, class names, or package names can be replaced with placeholders
？ Represents a character
Ability to match multiple characters, but assumed to be a class that does not match the package name in front of it
* ability to match multiple characters, matching the previous package name.

In Android manifest file Activity,service,provider, Receviter, etc. can not be confused. Some of the view configurations in XML are not confusing, as is available in the default configuration provided by Android.

Proguard output files and their usefulness

After confusing, will give us output some files, in Gradle mode is under the <project_dir>/build/proguard/ folder, Ant is in < Project_dir>/bin/proguard folder, Eclipse builds in the <project_dir>/proguard folder image. The
has the following file:
+ dump.txt describes the internal structure of all the class files in the apk file.
+ mapping.txt Lists the original classes, methods, and mappings between the field names and the code after the confusion.
+ seeds.txt lists non-confusing classes and members
+ Usage.txt lists the code that was removed from the APK

When we release the release version number of the program bug, you can use the above file (special time Mapping.txt) file to find the wrong original location, make bug changes. At the same time, there may be errors in the Proguard configuration at the beginning, and through the error log, depending on the files, find which files should not be confused, thus altering the Proguard configuration.

Note: Once the release is compiled, these files will be overwritten, so you do not have to eat the advertised program, it is best to save a copy of the configuration file.

Debugging Proguard after confusing the program

Above said the output of several files, we can use when changing the bug, through the mapping.txt, through the mapping relationship to find the corresponding classes, methods, fields and so on.

In addition, the Proguard file includes the retrace script, capable of restoring a garbled stack trace to a readable message, window Retrace.bat,linux and Mac are retrace.sh, <sdk_root The >/tools/proguard/ directory. The syntax is:

retrace.bat|retrace.sh [-verbose] mapping.txt [<stacktrace_file>]

Like what:

retrace.bat -verbose mapping.txt obfuscated_trace.txt

Assuming you don't specify <stacktrace_file>, the retrace tool reads from the standard input.

Some proguard configurations that often use packages

The following is a list of some of the third-party packages that I used in my project need to be individually configured for confusing configuration

SHARESDK Confusion Note

-keep class android.net.http.SslError-keep class android.webkit.**{*;}-keep class cn.sharesdk.**{*;}-keep class com.sina.**{*;}-keep class m.framework.**{*;}

Gson confusing configuration

-keepattributes *Annotation*-keep class sun.misc.Unsafe { *; }-keep class com.idea.fifaalarmclock.entity.***-keep class com.google.gson.stream.** { *; }

Umeng SDK Obfuscation Configuration

-keepclassmembers class * {public <init> (org.json.JSONObject);} -keep class Com.umeng.**-keep public class com.idea.fifaalarmclock.app.r$*{public static final int *;} -keep public class Com.umeng.fb.ui.ThreadView {}-dontwarn com.umeng.**-dontwarn org.apache.commons.**-keep public Class * extends Com.umeng.**-keep class com.umeng.** {*;}  

Regarding the configuration aspect, I write not enough concrete, can go to see the reference material second article, Proguard Official document. You are also welcome to communicate the use of problems and experience.

Data references:
1.http://proguard.sourceforge.net/
2.http://developer.android.com/tools/help/proguard.html

Original address: http://blog.isming.me/blog/2014/05/31/use-proguard/, welcome reprint, reproduced please indicate the source.