Code obfuscation in Android programming

Code obfuscation in Android programming

What is code obfuscation

Java is a cross-platform and interpreted language. Java source code is compiled into an intermediate "bytecode" and stored in class files. Because of cross-platform requirements, Java bytecode contains a lot of source code information, such as variable names and method names, and these names are used to access variables and methods. These symbols contain a lot of semantic information, it is easy to decompile into Java source code. To prevent this problem, we can use the Java obfuscator to confuse Java bytecode.

Obfuscation means re-organizing and processing the released programs, so that the processed code and the pre-processing code have the same functions, and the obfuscated code is difficult to be decompiled, even if the decompilation succeeds, it is difficult to obtain the true semantics of the program. The program code that has been obfuscated still follows the original file format and instruction set, and the execution result is the same as before, the obfuscator only changes the names of all variables, functions, and classes in the Code into short letters and codes. In the absence of corresponding function names and program comments, even if they are decompiled, it will be hard to read. At the same time, obfuscation is irreversible. During the obfuscation process, information that does not affect normal operation will be lost permanently. The loss of such information makes the program more difficult to understand.

Obfuscators not only protect code, but also reduce the size of compiled programs. Due to the reduction of variable and function names and the loss of some information described above, the size of the compiled jar file can be reduced by approximately 25%, this makes some sense for the currently expensive wireless network transmission.

Detailed description of the proguard. cfg parameter in the obfuscation File

 

-Optimizationpasses 5 # specify the compression level of the code-dontusemixedcaseclassnames # whether to use case-sensitive hybrid-dontskipnonpubliclibraryclasses # Whether to confuse third-party jar-dontpreverify # Whether to perform pre-check-verbose -optimizations! Code/simplification/arithmetic ,! Field /*,! Class/merging/* # algorithm used for obfuscation-keep public class * extends android. app. activity # keep classes that are not Obfuscated-keep public class * extends android. app. application # keep classes that are not Obfuscated-keep public class * extends android. app. service # Do not confuse classes-keep public class * extends android. content. broadcastReceiver # keep classes that are not Obfuscated-keep public class * extends android. content. contentProvider # Do not confuse classes-keep public class * extends android. app. backup. backupAgentHelper # keep classes that are not Obfuscated-keep public class * extends android. preference. preference # keep classes that are not Obfuscated-keep public class com. android. vending. licensing. ILicensingService # Keep classes not Obfuscated-keepclasseswithmembernames class * {# Keep native METHOD not obfuscated native
 
  
;}-Keepclasseswithmembers class * {# Keep the custom control class public
  
   
(Android. content. Context, android. util. AttributeSet);}-keepclasseswithmembers class * {public
   
    
(Android. content. context, android. util. attributeSet, int); # Do not confuse custom control classes}-keepclassmembers class * extends android. app. activity {# Keep the custom control class from being confused with public void * (android. view. view);}-keepclassmembers enum * {# Keep The enum class from being confused public static ** [] values (); public static ** valueOf (java. lang. string);}-keep class * implements android. OS. parcelable {# Keep Parcelable not to be confused public static final android. OS. parcelable $ Creator *;}-keep class MyClass; # keep the class defined by yourself not confused
   
  
 

 

Code obfuscation method

Different SDK versions have different code obfuscation methods in 2. The above proguard. the information involved in the cfg parameter explanation is a obfuscation script under the earlier SDK version. In fact, the obfuscation principle and parameters in the later SDK version are almost the same as those in the lower version, the obfuscation script is introduced in different SDK versions. The specific method is as follows:

• In earlier SDK versions, the project contains both the proguard. cfg and project. properties files. You only need to add proguard. config = proguard. cfg at the end of the project. properties file and then add the project Export.
• Under the higher SDK, the project contains both the proguard-project.txt and the project. properties file, you need to configure the following information in the proguard-project.txt file, and then the project Export. The following describes how to use a real file.

  # This file is automatically generated by Android Tools.# Do not modify this file -- YOUR CHANGES WILL BE ERASED!## This file must be checked in Version Control Systems.## To customize properties used by the Ant build system edit# ant.properties, and override values to adapt the script to your# project structure.## To enable ProGuard to shrink and obfuscate your code, uncomment this (available properties: sdk.dir, user.home):#proguard.config=${sdk.dir}/tools/proguard/proguard-android.txt:proguard-project.txtproguard.config=${sdk.dir}/tools/proguard/proguard-android.txt:proguard-project.txt# Project target.target=android-16

  The above configuration information is the project. in the properties file, the blue text shows the configuration information that needs to be added during code obfuscation, where: sdk. dir is the path for installing the SDK on the current machine. If you want to keep files under a package unobfuscated, you can add a statement in the proguard-project.txt file to keep the corresponding package name.

  # To enable ProGuard in your project, edit project.properties# to define the proguard.config property as described in that file.## Add project specific ProGuard rules here.# By default, the flags in this file are appended to flags specified# in ${sdk.dir}/tools/proguard/proguard-android.txt# You can edit the include path and order by changing the ProGuard# include property in project.properties.## For more details, see#   http://developer.android.com/guide/developing/tools/proguard.html# Add any project specific keep options here:-dontwarn com.cnki.android.cnkireader.** -keep class com.cnki.android.cnkireader.** { *; }# If your project uses WebView with JS, uncomment the following# and specify the fully qualified class name to the JavaScript interface# class:#-keepclassmembers class fqcn.of.javascript.interface.for.webview {#   public *;#}