Code obfuscation and App obfuscation in app security

Source: Internet
Author: User

Code obfuscation and App obfuscation in app security

Refer:

Http://www.cnblogs.com/sunzn/archive/2013/03/06/2946952.html

Http://www.apkbus.com/android-240707-1-1.html


1. Find in the project root directoryProject. propertiesFile, remove the circled code comments, that is, declare that our obfuscation file isProguard-project.txt:


2. Find in the project root directoryProguard-project.txtFile, add and modify the following code as needed:

# Specify the compression level of the code-optimizationpasses 5 # Do not use case-insensitive mixing-dontusemixedcaseclassnames # Do not confuse third-party jar-dontskipnonpubliclibraryclasses # do not perform pre-check when obfuscation-dontpreverify # the algorithm used for obfuscation-optimizations! Code/simplification/arithmetic ,! Field /*,! Class/merging/* # declare that the external jar package is not Obfuscated-libraryjars libs/alipay. jar-libraryjars libs/httpmime-4.1.1.jar-libraryjars libs/ShareSDK-Core-2.4.2.jar-libraryjars libs/ShareSDK-QZone-2.4.2.jar-libraryjars libs/ShareSDK-SinaWeibo-2.4.2.jar-libraryjars libs/ShareSDK-Wechat-2.4.2.jar-libraryjars libs/ShareSDK-Wechat-Core-2.4.2.jar-libraryjars libs/ShareSDK-Wechat-Moments-2.4.2.jar # do not need to confuse parts such as system components and API classes: -keep public c Lass * extends android. app. fragment-keep public class * extends android. app. activity-keep public class * extends android. app. application-keep public class * extends android. app. service-keep public class * extends android. content. broadcastReceiver-keep public class * extends android. content. contentProvider-keep public class * extends android. app. backup. backupAgentHelper-keep public class * extends Android. preference. preference-keep public class * extends android. support. v4. ** # Keep the native method unobfuscated-keepclasseswithmembernames class * {native <methods >;}# the default proguard checks whether each reference is correct, however, third-party libraries often do not use classes # They are not correctly referenced. If this parameter is not configured, the system reports an error-dontwarn android. support. **-dontwarn com. amap. api. ** # the specified class member is retained-keepclassmembers class * extends android. app. activity {public void * (android. view. view) ;}# the specified class and class member are retained. If the specified class member exists,-keepclasseswithmembers class * {public <init> (android. content. context, android. util. attributeSet) ;}# keep the custom control class unobfuscated-keepclasseswithmembers class * {public <init> (android. content. context, android. util. attributeSet) ;}# keep the custom control class unobfuscated-keepclasseswithmembers class * {public <init> (android. content. context, android. util. attributeSet, int) ;}# keep the custom control class from confusion-keepclassmembers class * extends android. app. activity {public void * (android. view. view) ;}# keep the enum class unobfuscated-keepclassmembers enum * {public static ** [] values (); public static ** valueOf (java. lang. string) ;}# keep Parcelable intact-keep class * implements android. OS. parcelable {public static final android. OS. parcelable $ Creator *;} # keep the class defined by yourself not confused-keep class MyClass

3. The above comments are quite detailed, but the important points are as follows:

(1)The jar package stated here can only be referenced in this project. The jar package referenced in other projects of this project does not need to be stated in this obfuscation file:

# Declare that the external jar package is not Obfuscated-libraryjars libs/alipay. jar
(2)The following statement needs to be added according to the jar package referenced in your project. For example, if you do not add the package, you can export the apk file directly. In this case, the error message is displayed on the Console, add the error class path one by one, such as com. amap. api. ** declare com. amap. api. xxx won't be confused:

# By default, proguard checks whether each reference is correct, but there are usually some classes in the third-party library that are not used # No correct reference. If this parameter is not configured, the system reports an error-dontwarn android. support. **-dontwarn com. alibaba. fastjson. **-dontwarn org. eclipse. persistence. **-dontwarn com. amap. api. **-dontwarn javax. persistence. **


4. Finally, the result is displayed after obfuscation decompilation. The class name, method name, and variable name are automatically obfuscated into names that others cannot understand:


Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.