Talk about the code obfuscation under Android programming, and click on it to see ....

What does the source confuse?

Java is a cross-platform, interpreted language in which Java source code is compiled into an intermediate "bytecode" stored in a class file. Because of the cross-platform requirements, Java bytecode contains a lot of source code information, such as variable name, method name, and through these names to access variables and methods, these symbols with a lot of semantic information, it is easy to decompile the Java source code. To prevent this, we can use Java obfuscation to confuse Java bytecode.

Confusion is the re-organization and processing of the published program, so that the processed code and the pre-processing code to complete the same function, and the confusing code is difficult to decompile, even if the anti-compilation success is difficult to derive the true semantics of the program. The obfuscated program code, still in accordance with the original file format and instruction set, the execution result is the same as before, but the confusion of all the variables, functions, classes in the code to the name of the short English letter code, in the absence of the corresponding function name and program comments, even if it is anti-compilation, it will be difficult to read. After the Android code is confused, the code is guaranteed to be secure, but protection is not comprehensive.

Thanks for the "Love Encryption" they provide protection, including: Dex Shell Protection, DEX instruction dynamic load protection and advanced source code obfuscation protection. The Dex shell protection, which is protected by the use of the Anti-compilation tool to get the app source code and so library protection by hiding the Dex file and generating a shell file similar to virtual image, prevents the hacker from using the decompile tools to secure the security of the C/C + + layer. Plus resource File Protection (image, audio and other files of anti-viewing and anti-modification), XML Master File Protection (two signatures of the main files), memory protection and other measures, can basically ensure the dynamic and static security of the app. As a reference ....

interested can look under Http://www.ijiami.cn/appprotect_mobile_games

Confusing file proguard.cfg parameters

-optimizationpasses 5                                                              #  specifies the compression level of the Code-dontusemixedcaseclassnames                                                        #  Whether to use case mixed-dontskipnonpubliclibraryclasses                                     &Whether nbsp;            #  is confusing third party jar-dontpreverify                                                                      #  whether to do pre-calibration when confusing-verbose                                                                            #  If the log is logged when confused-optimizations !code/simplification/arithmetic,!field/*,!class/merging/*        #  The algorithm used in the confusion is-keep public class * extends android.app.activity                                 #  maintain which classes are not confused-keep public class *  extends android.app.Application                             #  Keep What classes are not confused-keep public class * extends android.app.service                                  #  maintain which classes are not confused-keep public class  * extends android.conTent. broadcastreceiver                   #  maintain which classes are not confused-keep public class * extends  android.content.contentprovider                     #  maintain which classes are not confused-keep public class * extends  android.app.backup.BackupAgentHelper                #  maintain which classes are not confused-keep public class * extends  android.preference.preference                       #  maintain which classes are not confused-keep public class  com.android.vending.licensing.ilicensingservice               #  maintain which classes are not confused-keepclasseswithmembernames class * {                                             #  Keep  native  method not to be confused     native <methods>;} -keepclasseswithmembers class * {                                                  #  Keep custom control classes from being confused     public <init> (android.content.context,  Android.util.AttributeSet);} -keepclasseswithmembers class * {    public <init> ( Android.content.context, android.util.attributeset, int);      #  Keep custom control classes from being confused}-keepclassmembers class * extends  android.app.activity {                         #  Keep custom control classes from being confused    public  void * (Android.view.View);} -keepclassmembers enum * {                                                         #  Keep enumerations  enum  classes from being confused     public  Static **[] values ();     public static ** valueof ( java.lang.String);} -keep class * implements android.os.parcelable {                                 #  Keep  Parcelable  not be confused   public  static final android.os.parcelable$creator *;} -keep class myclass;                                                               #  keep your defined classes from being confused

Method of code obfuscation

Depending on the version of the SDK, there are 2 different code obfuscation, the above proguard.cfg parameter in the details of the information is in the lower version of the SDK under the confusion of the script, in fact, in the high version of the SDK confusing principle and parameters are similar to the lower version, There is a difference in the way that confusing scripts are introduced in different SDK versions. Here's how:

• Low version  sdk , the project contains both  proguard.cfg  and   Project.properties  file, you only need to   Project.properties  file end Add  proguard.config=proguard.cfg  the project  export   can be.

• The proguard-project.txt and project.properties files are included in the project under the high-version SDK and need to be in the proguard-project.txt The following information is configured in the file, and then export the project . The following is a demonstration of a real file.

 # this file is automatically generated by android tools.# do  not modify this file -- your changes will be erased!##  this file must be checked in version control systems.## to  customize properties used by the Ant build system edit#  " Ant.properties ",  and override values to adapt the script to your#  project structure.## to enable proguard to shrink and obfuscate  your code, uncomment this  (available properties: sdk.dir, user.home): #proguard. Config=${sdk.dir}/tools/proguard/proguard-android.txt:proguard-project.txtproguard.config=${sdk.dir} /tools/proguard/proguard-android.txt:proguard-project.txt# project target.target=android-16 

The configuration information above is the contents of the Project.Properties file, and the blue text is the configuration information we need to add during the code obfuscation, where: Sdk.dir is your installation path to the SDK on the current machine. If you want to keep the files under a package from being confused, you can include a statement that retains the corresponding package name in the Proguard-project.txt file.

# to enable proguard in your project, edit project.properties# to  define the proguard.config property as described in that file.##  Add project specific ProGuard rules here.# By default, the  flags in this file are appended to flags specified# in ${ Sdk.dir}/tools/proguard/proguard-android.txt# you can edit the include path  and order by changing the ProGuard# include property in  Project.properties.## for more details, see#   http://developer.android.com /guide/developing/tools/proguard.html# add any project specific keep options  here:-dontwarn com.cnki.android.cnkireader.** -keep class  com.cnki.android.cnkireader.** { *; }# if your project uses webview with js, uncomment the  Following# and specify the fully qualified class name to the  JavaScript interface# class:#-keepclassmembers class  fqcn.of.javascript.interface.for.webview {#   public *;#}

Talk about the code obfuscation under Android programming, and click on it to see ....