Code obfuscation and App obfuscation in app security

Code obfuscation and App obfuscation in app security

Refer:

Http://www.cnblogs.com/sunzn/archive/2013/03/06/2946952.html

Http://www.apkbus.com/android-240707-1-1.html

1. Find in the project root directoryProject. propertiesFile, remove the circled code comments, that is, declare that our obfuscation file isProguard-project.txt:

2. Find in the project root directoryProguard-project.txtFile, add and modify the following code as needed:

# Specify the compression level of the code-optimizationpasses 5 # Do not use case-insensitive mixing-dontusemixedcaseclassnames # Do not confuse third-party jar-dontskipnonpubliclibraryclasses # do not perform pre-check when obfuscation-dontpreverify # the algorithm used for obfuscation-optimizations! Code/simplification/arithmetic ,! Field /*,! Class/merging/* # declare that the external jar package is not Obfuscated-libraryjars libs/alipay. jar-libraryjars libs/httpmime-4.1.1.jar-libraryjars libs/ShareSDK-Core-2.4.2.jar-libraryjars libs/ShareSDK-QZone-2.4.2.jar-libraryjars libs/ShareSDK-SinaWeibo-2.4.2.jar-libraryjars libs/ShareSDK-Wechat-2.4.2.jar-libraryjars libs/ShareSDK-Wechat-Core-2.4.2.jar-libraryjars libs/ShareSDK-Wechat-Moments-2.4.2.jar # do not need to confuse parts such as system components and API classes: -keep public c Lass * extends android. app. fragment-keep public class * extends android. app. activity-keep public class * extends android. app. application-keep public class * extends android. app. service-keep public class * extends android. content. broadcastReceiver-keep public class * extends android. content. contentProvider-keep public class * extends android. app. backup. backupAgentHelper-keep public class * extends Android. preference. preference-keep public class * extends android. support. v4. ** # Keep the native method unobfuscated-keepclasseswithmembernames class * {native <methods >;}# the default proguard checks whether each reference is correct, however, third-party libraries often do not use classes # They are not correctly referenced. If this parameter is not configured, the system reports an error-dontwarn android. support. **-dontwarn com. amap. api. ** # the specified class member is retained-keepclassmembers class * extends android. app. activity {public void * (android. view. view) ;}# the specified class and class member are retained. If the specified class member exists,-keepclasseswithmembers class * {public <init> (android. content. context, android. util. attributeSet) ;}# keep the custom control class unobfuscated-keepclasseswithmembers class * {public <init> (android. content. context, android. util. attributeSet) ;}# keep the custom control class unobfuscated-keepclasseswithmembers class * {public <init> (android. content. context, android. util. attributeSet, int) ;}# keep the custom control class from confusion-keepclassmembers class * extends android. app. activity {public void * (android. view. view) ;}# keep the enum class unobfuscated-keepclassmembers enum * {public static ** [] values (); public static ** valueOf (java. lang. string) ;}# keep Parcelable intact-keep class * implements android. OS. parcelable {public static final android. OS. parcelable $ Creator *;} # keep the class defined by yourself not confused-keep class MyClass

3. The above comments are quite detailed, but the important points are as follows:

(1)The jar package stated here can only be referenced in this project. The jar package referenced in other projects of this project does not need to be stated in this obfuscation file:

# Declare that the external jar package is not Obfuscated-libraryjars libs/alipay. jar

(2)The following statement needs to be added according to the jar package referenced in your project. For example, if you do not add the package, you can export the apk file directly. In this case, the error message is displayed on the Console, add the error class path one by one, such as com. amap. api. ** declare com. amap. api. xxx won't be confused:

# By default, proguard checks whether each reference is correct, but there are usually some classes in the third-party library that are not used # No correct reference. If this parameter is not configured, the system reports an error-dontwarn android. support. **-dontwarn com. alibaba. fastjson. **-dontwarn org. eclipse. persistence. **-dontwarn com. amap. api. **-dontwarn javax. persistence. **

4. Finally, the result is displayed after obfuscation decompilation. The class name, method name, and variable name are automatically obfuscated into names that others cannot understand: