What is code obfuscation
Java is a cross-platform, interpreted language in which Java source code is compiled into an intermediate "bytecode" stored in a class file. Because of the cross-platform requirements, Java bytecode contains a lot of source code information, such as variable name, method name, and through these names to access variables and methods, these symbols with a lot of semantic information, it is easy to decompile the Java source code. To prevent this, we can use Java obfuscation to confuse Java bytecode.
Confusion is the re-organization and processing of the published program, so that the processed code and the pre-processing code to complete the same function, and the confusing code is difficult to decompile, even if the anti-compilation success is difficult to derive the true semantics of the program. The obfuscated program code, still in accordance with the original file format and instruction set, the execution result is the same as before, but the confusion of all the variables, functions, classes in the code to the name of the short English letter code, in the absence of the corresponding function name and program comments, even if it is anti-compilation, it will be difficult to read. At the same time confusion is irreversible, in the process of confusion, some information that does not affect the normal operation will be lost permanently, the loss of this information makes the program more difficult to understand.
The role of the obfuscation is not only to protect the code, it also has the function of simplifying the size of the compiled program. Because of the shortened variables and function names described above, and the reasons for missing some information, the size of the jar file can be reduced by approximately 25%, which makes sense for the current cost of the wireless network transmission is more expensive.
Confusing file proguard.cfg parameters
-optimizationpasses 5 # Specifies the compression level of the Code-dontusemixedcaseclassnames # Whether to use case mixed-dontskipnonpubliclibraryclasses # Is it confusing if third party jar-dontpreverify # is confusing when doing Pre-calibration-verbose # Whether to log-optimizations when confused!code/simpli fication/arithmetic,!field/*, the algorithm used in!class/merging/* # obfuscation-keep public class * Extends Android.app.Activity # keeps what Class is not confused-keep public class * extends Android.app.Application # Keep What classes are not confused-keep public class * Exten DS Android.app.Service # keeps what classes are not confused-keep public class * extends Android.content.BroadcastRec Eiver # Keep What classes are not confused-keep public class * extends Android.content.ContentProvider # Keep what classes do not Be confused-keep public class * extends Android.app.backup.BackupAgentHelper # Keep What classes are not confused-keep public class * extends Android.preference.Preference # Keep What classes are not confused-keep public class com.android.vending.licensing.ILicensing Service # keeps what classes are not confused-keepclasseswithmembernames class * {# keeps Nativ E-method is not confused native <methods>;} -keepclasseswithmembers class * {# Keep custom control classes from being confused with public <iNit> (Android.content.Context, android.util.AttributeSet);} -keepclasseswithmembers class * {public <init> (Android.content.Context, android.util.AttributeSet, int); # Keep custom control classes from being confused}-keepclassmembers class * extends android.app.Activity {# Keep custom control classes from being confused with public voi D * (Android.view.View);} -keepclassmembers enum * {# keep Enum enum class not confused public static **[] VA Lues (); public static * * VALUEOF (java.lang.String);} -keep class * Implements android.os.Parcelable {# Keep Parcelable not confused public static final Android.os.parcelable$creator *;} -keep class MyClass; # Keep your defined classes from being confused
Method of code obfuscation
Depending on the version of the SDK, there are 2 different ways of confusing code, the information involved in the PROGUARD.CFG parameter details above is a confusing script under the lower version of the SDK , in fact, in the higher version of the SDK The principle and parameters of the confusion are similar to those of the lower versions, except that the confusing scripts are introduced in different versions of the SDK . Here's how:
- Low versionSDK, the project contains bothproguard.cfgAndproject.propertiesFile, you only need to project.properties fileAdd at the endProguard. config=proguard.cfg to export the project again.
- High versionSDK, the project contains bothProguard-project.txtAndproject.propertiesfile, you need to proguard-project.txt Configuration of the following information in the file, and thenthen export the project to。 The following is a demonstration of a real file.
# This file is automatically generated by Android tools.# do not modify the This file--YOUR changes'll is erased!## This file must is checked in Version Control systems.## To customize properties used by the Ant build system edit# "Ant.properties", and override values for adapt the script to yo ur# Project structure.## to enable Proguard to shrink and obfuscate your code, uncomment this (available PROPERTIES:SDK.D IR, User.home): #proguard. Config=${sdk.dir}/tools/proguard/proguard-android.txt: Proguard-project.txtproguard.config= ${sdk.dir}/tools/proguard/proguard-android.txt:proguard-project.txt # project Target.target=android-16
The configuration information above is the contents of the project.properties file, and the blue text is the configuration information we need to add during the code obfuscation, where:sdk.dir is your SDK on the current machine The installation path . If you want to keep the files under a package from being confused, you can include a statement that retains the corresponding package name in the proguard-project.txt file.
# to enable Proguard in your project, edit project.properties# to define the Proguard.config property as described file.## ADD Project specific Proguard rules here.# by default, the ' flags in ' This file is appended to ' flags specified# in ${sdk.dir}/tools/proguard/proguard-android.txt# You can edit the include path and order by changing the proguard# include Property in project.properties.## to more details, see# Http://developer.android.com/guide/developing/tools/proguard . html# ADD any project specific keep options here:-dontwarn com.cnki.android.cnkireader.** -keep class com.cnki.android.cnkireader.** {*;}# If your project uses WebView with JS, uncomment the following# and specify the fully qualified class name to the JAVASCR IPT interface# Class:#-keepclassmembers class Fqcn.of.javascript.interface.for.webview {# public *;#}
Code obfuscation under Android programming