APP Packaging Obfuscation Code

Source: Internet
Author: User
Tags libgdx

after the development of the app project, when the tester tested, no bugs, in general, the company will have a number of technical personnel responsible for the release, promotion of app products. This is the general formal large companies will have a dedicated marketing department, Technical Maintenance Department, the app encryption obfuscation packaging, such as: the use of ant encryption, and the use of third-party encryption methods (love encryption, Bang Bang, Apkprotect, etc.). Presumably why the app product needs encryption confusion, as a developer , the boss understand the implication. However, there is also a way to pack and confuse the app, which is how Android uses eclipse to confuse code packaging + Proguard . The specific steps are as follows:

      I. Obfuscation and packaging of Android applications
      1. Add the following proguard.config=proguard.cfg to the project file Project.Properties as follows:
target= Android-8
eclipse will generate proguard.cfg files from the project catalog

      2. Build KeyStore ( If you have direct access)
          Follow the command line below in the D:\Program files\java\jdk1.6.0_07\bin> directory, enter Keytool- Genkey-alias android.keystore-keyalg rsa-validity 100000-keystore android.keystore
        &NBS p; parameter meaning:-validity mainly is the validity of the certificate, write 100,000 days; spaces, backspace keys are counted.
          command execution will generate Android.keystore files in the D:\Program files\java\jdk1.6.0_07\bin> directory.

3. Operation in ECLIPCE
File--Export, export, Android application, Select project, Using the existing keystore, and input Pass Word, select the destination APK file
After confusing the source code, the original class name and method name will be similar to a,b,c ... , the principle of confusion is actually the mapping of the class name and the method name.
Proguard, take one of your own exams.

second, the principle of Proguard
Java code compiled into a binary class file, this class file can also be compiled into source code, in addition to annotations, the original code base

Ben can see it all. In order to prevent important code from being leaked, we often need to confuse (obfuscation code, which is to put methods, fields, packages and

class, the names of these Java elements are changed to meaningless names, so that the code structure does not change and can run, but it is difficult to understand the architecture of the code.

Proguard is such a obfuscation tool, it can analyze a set of class structure, according to the user's configuration, and then the class files can be mixed

Xiao Java element names are confused. While analyzing class, he has two other functions, removing invalid code (Shrinking shrinkage), and code in

Line optimization (optimization Options).

By default, Proguard will confuse all of the code, but there are several situations where you can't change the name of a Java element, or it will

Causes the program to make an error.
One, we use the place of reflection.

Second, our code relies on the interface of the system, such as the callback method called by the system code, which is the most complicated situation.

Third, our Java element name is configured in the configuration file.
So when using Proguard, we need to have a configuration file that tells Proguard that Java elements are not to be confused.

Three, Proguard configuration
1. Most common configuration options
-dontwarn default Proguard checks to see if each reference is correct, but there are often classes that are not used in third-party libraries and are not referenced correctly. If not configured, the system will error.
-keep the specified class and class members are reserved as portals.
-keepclassmembers the specified class member is reserved.
-keepclasseswithmembers the specified class and class members are retained, if the specified class member exists.

2. Proguard Problems and risks
Code obfuscation has the advantage of confusing optimizations, but it often leads to several problems
1, confusion, use to third-party library, you must tell Proguard do not check, or Proguard will error.
2, run error, when code can not be confused, we must be properly configured, or the program will run an error, this situation is the most problematic.
3, debugging suffering, error, error stack is confused after the code, I can not read.

To prevent confusion, you need to be familiar with all of your code, system architecture, and the system and your code's integrated interface, and carefully analyze it. At the same time you have to need a round of comprehensive testing. So there is a certain risk of confusion. To avoid risk, you can just confuse some of the key code, but your confusion will be less effective.

3, the common can not confuse the Androidcode
Android program, the following code to confuse the time to keep in mind.
Android system components, system components have a fixed method to be called by the system.
Referenced by the Android Resource file. The name is fixed and cannot be confused, such as a custom view.
Android parcelable, need to use Android serialization.
Other Anroid official advice not to confuse such as
In the Java serialization method, system serialization requires a fixed method.
Enumeration, the system needs to handle the invariant method of the enumeration.
Local method, cannot modify local method name
Annotations Notes
Some resource file
Used to reflect the place

How to Implement
Now the system is configured to be confused when it is preserved
Android system components
Custom View
Android parcelable
Android R File
Android parcelable
Each developer must check that his or her code uses reflection, and other areas that cannot be confused. Tell me to modify the configuration file (it is not necessary to have the reservation)

Iv. At present, the third party libraries of system department inspection is
-dontwarn com.tencent.**
-dontwarn org.dom4j.**
-dontwarn org.slf4j.**
-dontwarn org.http.mutipart.**
-dontwarn org.apache.**
-dontwarn org.apache.log4j.**
-dontwarn org.apache.commons.logging.**
-dontwarn org.apache.commons.codec.binary.**
-dontwarn weibo4android.**
Proguard parameters
-include {filename} reads configuration parameters from a given file
-basedirectory {directoryname} specifies the base directory for later relative file names
-injars {Class_path} specifies the application jar,war,ear and directory to be processed
-outjars {Class_path} Specifies the name of the Jar,war,ear and directory to output after processing
-libraryjars {classpath} specifies the library files required for the application Jar,war,ear and directories to be processed
-dontskipnonpubliclibraryclasses specifies that non-public library classes are not ignored.
-dontskipnonpubliclibraryclassmembers specifies that the members of the Library class that the package is visible are not ignored.
Retention options
-keep {Modifier} {class_specification} protects the specified class file and members of the class
-keepclassmembers {modifier} {class_specification} Protects members of the specified class, and if this class is protected they will be better protected
-keepclasseswithmembers {class_specification} protects the specified class and members of the class, but the condition is that all specified classes and class members are to be present.
-keepnames {class_specification} protects the names of the specified classes and members of the class (if they are not removed in the compression step)
-keepclassmembernames {class_specification} protects the names of the members of the specified class (if they are not removed in the compression step)
-keepclasseswithmembernames {class_specification} protects the name of a member of the specified class and class if all the specified class members are present (after the compression step)
-printseeds {filename} lists the members of the class and class-keep options, standard output to the given file
-dontshrink does not compress the input class file
-printusage {filename}
-whyareyoukeeping {class_specification}
-dontoptimize does not optimize the input class file
-assumenosideeffects {class_specification} Optimizations assume the specified method without any side effects
-allowaccessmodification allows access to and modification of members of classes and classes with modifiers when optimized
-dontobfuscate does not confuse the input class file
-printmapping {filename}
-applymapping {filename} reuse mappings Add confusion
-obfuscationdictionary {filename} uses the keyword in the given file as the name of the method to be confused
-overloadaggressively obfuscation when applying intrusive overloads
-useuniqueclassmembernames determining the member names of a unified obfuscation class to increase confusion
-flattenpackagehierarchy {package_name} repack all renamed packages and place them in a given single package
-repackageclass {package_name} repack all renamed class files in a given single package
-dontusemixedcaseclassnames confusion does not produce a variety of class names
-keepattributes {attribute_name,...} Protects the given optional attributes, such as linenumbertable, Localvariabletable, sourcefile, Deprecated, synthetic, Signature, and innerclasses.
-renamesourcefileattribute {String} sets the given string constant in the source file

Five, solve the export packaging error
This time the export hint "conversion to Dalvik format failed with error 1" errors, online saying there are many kinds of, finally I still upgrade Proguard from 4.4 to 4.8 is resolved. The official address is The above configuration file parameters can be viewed here.
The upgrade approach is simple, just cover the Tool/proguard directory in the Android SDK directory.
How to debug a packaged program
Once packaged out, you can't use eclipse Logcat to see, here can use the Android SDK Ddms.bat tool to see, a use to find and logcat is actually a thing, is more than a device choice.

Using the configuration required by Gson
When the Gson used the generic type will have an error, this really depressed for a half day, prompted "Missing type parameter". Finally find a data to give a solution, refer to: Http:// ... sing-type-parameter.
In addition, I used the jsonobject, the members of the submitted object was actually changed to a. So the above is not enough to give, but also to add
# Use the jsonobject of your own stitching
-keep class {*;}

Personal suggestions to reduce the confusion caused by these dependency packs are simply all reserved without confusion. For example
-keep class com.badlogic.** {*;}
-keep class * Implements com.badlogic.gdx.utils.json*
-keep class** {*;}

Using the configuration required by Libgdx
Reference Http://

Verifying the packaging effect
Using the Apktool's anti-compilation tool, the package files are unzipped and looked at, if the package path, class name, variable name, method name these changes and you expect the same, then OK. Command:
Apktool.bat D xxx.apk Destdir

Configuration instance
-injars Androidtest.jar "jar Package Address"
-outjars out "Output address"
The jar of the library referenced by-libraryjars ' D:\android-sdk-windows\platforms\android-9\android.jar ', used to parse the jar class specified by Injars "

-optimizationpasses 5
-dontusemixedcaseclassnames "does not produce a variety of class names when confused"
-dontskipnonpubliclibraryclasses "Specifies that non-public library classes are not ignored. 】
-dontpreverify "No pre-check"
-optimizations!code/simplification/arithmetic,!field/*,!class/merging/* "Optimization"
-keep public class * extends "Do not confuse and remain as is"
-keep public class * extends
-keep public class * extends
-keep public class * extends Android.content.BroadcastReceiver
-keep public class * extends Android.content.ContentProvider
-keep public class * extends
-keep public class * extends Android.preference.Preference
-keep public class
-keep Public Abstract Interface{
public protected; "All methods are not confused"
-keep public class{
public void Start (java.lang.String); "No confusion with this method"
-keepclasseswithmembernames class * {"protects the name of a member of a specified class and class if all the specified class members are present (after the compression step)"
-keepclasseswithmembers class * {"Protects the members of the specified class and class, but the condition is that all specified classes and class members are to be present." 】
Public (Android.content.Context, Android.util.AttributeSet);
-keepclasseswithmembers class * {
Public (Android.content.Context, android.util.AttributeSet, int);
-keepclassmembers class * extends {"Protects members of a specified class if this class is protected they will be better protected"
public void * (Android.view.View);
-keepclassmembers enum * {
public static **[] values ();
public static * * VALUEOF (java.lang.String);
-keep class * Implements Android.os.Parcelable {"Protection of members of specified class files and classes"
public static final Android.os.parcelable$creator *;
Do not confuse classes under a specified package
-keep class com.aspire.**


Of course, the app packaging involves the third set of jar package, the factor is more, some jar inside the class is no need to confuse, some need to be confused, the specific situation, to analyze the preservation of those classes, methods are not confused. These are commonly used for informational purposes only.

APP Packaging Obfuscation Code

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.