Code obfuscation under Android programming

Source: Internet
Author: User

What is code obfuscation

Java is a cross-platform, interpreted language in which Java source code is compiled into an intermediate "bytecode" stored in a class file. Because of the cross-platform requirements, Java bytecode contains a lot of source code information, such as variable name, method name, and through these names to access variables and methods, these symbols with a lot of semantic information, it is easy to decompile the Java source code. To prevent this, we can use Java obfuscation to confuse Java bytecode.

Confusion is the re-organization and processing of the published program, so that the processed code and the pre-processing code to complete the same function, and the confusing code is difficult to decompile, even if the anti-compilation success is difficult to derive the true semantics of the program. The obfuscated program code, still in accordance with the original file format and instruction set, the execution result is the same as before, but the confusion of all the variables, functions, classes in the code to the name of the short English letter code, in the absence of the corresponding function name and program comments, even if it is anti-compilation, it will be difficult to read. At the same time confusion is irreversible, in the process of confusion, some information that does not affect the normal operation will be lost permanently, the loss of this information makes the program more difficult to understand.

The role of the obfuscation is not only to protect the code, it also has the function of simplifying the size of the compiled program. Because of the shortened variables and function names described above, and the reasons for missing some information, the size of the jar file can be reduced by approximately 25%, which makes sense for the current cost of the wireless network transmission is more expensive.

Confusing file proguard.cfg parameters

-optimizationpasses 5 # Specifies the compression level of the Code-dontusemixedcaseclassnames                                                # Whether to use case mixed-dontskipnonpubliclibraryclasses # Is it confusing if third party jar-dontpreverify # is confusing when doing Pre-calibration-verbose # Whether to log-optimizations when confused!code/simpli fication/arithmetic,!field/*, the algorithm used in!class/merging/* # obfuscation-keep public class * Extends # keeps what Class is not confused-keep public class * extends # Keep What classes are not confused-keep public class * Exten DS # keeps what classes are not confused-keep public class * extends Android.content.BroadcastRec Eiver # Keep What classes are not confused-keep public class * extends Android.content.ContentProvider # Keep what classes do not  Be confused-keep public class * extends # Keep What classes are not confused-keep public class * extends Android.preference.Preference # Keep What classes are not confused-keep public class Service # keeps what classes are not confused-keepclasseswithmembernames class * {# keeps Nativ E-method is not confused native <methods>;} -keepclasseswithmembers class * {# Keep custom control classes from being confused with public <iNit> (Android.content.Context, android.util.AttributeSet);}     -keepclasseswithmembers class * {public <init> (Android.content.Context, android.util.AttributeSet, int); # Keep custom control classes from being confused}-keepclassmembers class * extends {# Keep custom control classes from being confused with public voi D * (Android.view.View);} -keepclassmembers enum * {# keep Enum enum class not confused public static **[] VA    Lues (); public static * * VALUEOF (java.lang.String);} -keep class * Implements android.os.Parcelable {# Keep Parcelable not confused public static final Android.os.parcelable$creator *;}                                                            -keep class MyClass; # Keep your defined classes from being confused

Method of code obfuscation

Depending on the version of the SDK, there are 2 different ways of confusing code, the information involved in the PROGUARD.CFG parameter details above is a confusing script under the lower version of the SDK , in fact, in the higher version of the SDK The principle and parameters of the confusion are similar to those of the lower versions, except that the confusing scripts are introduced in different versions of the SDK . Here's how:

  • Low versionSDK, the project contains bothproguard.cfgAndproject.propertiesFile, you only need to fileAdd at the endProguard. config=proguard.cfg to export the project again.
  • High versionSDK, the project contains bothProguard-project.txtAndproject.propertiesfile, you need to proguard-project.txt Configuration of the following information in the file, and thenthen export the project to。 The following is a demonstration of a real file.
# This file is automatically generated by Android tools.# do not modify the This file--YOUR changes'll is erased!## This file must is checked in Version Control systems.## To customize properties used by the Ant build system edit# "", and override values for adapt the script to yo ur# Project structure.## to enable Proguard to shrink and obfuscate your code, uncomment this (available PROPERTIES:SDK.D IR, User.home): #proguard. Config=${sdk.dir}/tools/proguard/proguard-android.txt: Proguard-project.txtproguard.config= ${sdk.dir}/tools/proguard/proguard-android.txt:proguard-project.txt  # project  

The configuration information above is the contents of the file, and the blue text is the configuration information we need to add during the code obfuscation, where:sdk.dir is your SDK on the current machine The installation path . If you want to keep the files under a package from being confused, you can include a statement that retains the corresponding package name in the proguard-project.txt file.

# to enable Proguard in your project, edit to define the Proguard.config property as described  file.## ADD Project specific Proguard rules here.# by default, the ' flags in ' This file is appended to ' flags specified# in  ${sdk.dir}/tools/proguard/proguard-android.txt# You can edit the include path and order by changing the proguard# include Property in to more details, see# Http:// . html# ADD any project specific keep options here:-dontwarn** -keep class** {*;}# If your project uses WebView with JS, uncomment the following# and specify the fully qualified class name to the JAVASCR IPT interface# Class:#-keepclassmembers class Fqcn.of.javascript.interface.for.webview {# public *;#}

Code obfuscation under Android programming

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.