Original: Android Project Combat (25): Android Studio obfuscation + pack + Verify success
Objective:
Single-heads Android projects, recent instant messaging with the ring letter, the integration of the SDK when the official word
Add the following keep to the Proguard file.
-keep class com.hyphenate.** {*;} -dontwarn com.hyphenate.**
namely: Obfuscation rules. I did not write about the confusion of packaging articles, here to fill in.
Below is an overview of the project obfuscation package operation under the Android studio environment.
----------------------------------------------------------------------------------------
First, Packaging:
A. apk file will be generated by the Android project to allow the user to install.
1. Toolbar Build->generate signed APK.
2, appear this interface, the first time to enter the words of the edit box is empty, and then click Crete New ... Button
3, here, fill in some relevant information, the specific contents of the unknown said
4, then back to the first step, this time click the button next, build type Select release Finish, and then in the APK Destination folder directory to build the project APK package
Packing process as above, over.
----------------------------------------------------------------------------------------
Second, confusion
The developers know that we can use some tools to decompile an APK, get the resources, and the intention is probably to refer to the good code in your project. Bad intentions might decompile the APK to find vulnerabilities in your project and make threats to project security.
So now, before we package a project, we need to confuse the project so that the APK cannot be easily recompiled and the product is more secure.
The obfuscation operation requires some configuration.
Modify the code within the android{} area in the Build.gradle file in the app directory
1.
// Perform a lint check, with any errors or warning prompts, will terminate the build lintoptions { false }
2.
buildtypes {debug {//Show LogBuildconfigfield"Boolean","Log_debug","true"Versionnamesuffix"-debug"minifyenabledfalsezipalignenabledfalseshrinkresourcesfalsesigningconfig Signingconfigs.debug} release {//do not display logBuildconfigfield"Boolean","Log_debug","false" //confusingMinifyenabledtrue //zipalign OptimizationZipalignenabledtrue //removing useless resource filesShrinkresourcestrue //The previous section represents the system default of the Android program to confuse the file, which already contains the basic obfuscation statement, after a file is the definition of its own confusing fileProguardfiles Getdefaultproguardfile ('Proguard-android.txt'),'Proguard-rules.pro' } }
3, modify the Proguard
The first is some fixed
-keepclassmembersclassFqcn.of.javascript.Interface. for. WebView { Public*;} #指定代码的压缩级别-optimizationpasses5#包明不混合大小写-dontusemixedcaseclassnames# not to ignore non-public library classes-dontskipnonpubliclibraryclasses #优化 do not optimize the input class file-dontoptimize #预校验-dontpreverify #混淆时是否记录日志-verbose # algorithm used to confuse-optimizations!code/simplification/arithmetic,!field/*,!class/merging/* #保护注解-keepattributes *annotation*# Keep What classes are not confused-keep public class * extends Android.app.fragment-keep public class * Extends Android.app.activity-keep public class * extends Android.app.application-keep public class * Extend s android.app.service-keep public class * extends Android.content.broadcastreceiver-keep public class * extends ANDROID.C Ontent. Contentprovider-keep public class * extends Android.app.backup.backupagenthelper-keep public class * extends Android.preference.preference-keep public class com.android.vending.licensing.ilicensingservice# If you have a reference V4 package you can add the following line-keep public class * extends android.support.v4.app.fragment# ignore warning-ignorewarning# #记录生成的日志数据, gradle Build at the root of this project output # # #apk package inside all class internal structure-dump proguard/class_files.txt# not confusing classes and members-printseeds proguard/seeds.txt# list from apk The code removed in-printusage proguard/unused.txt# before and after the mapping-printmapping proguard/mapping.txt####### #记录生成的日志数据, gradle Build In this project root output-end###### #如果引用了v4或者v7包-dontwarn android.support.**### #混淆保护自己项目的部分代码以及引用的第三方jarPackage library-end#### #保持 Native method is not confused-keepclasseswithmembernames class * {native <methods>;} #保持自定义控件类不被混淆-keepclasseswithmembers class * {public <init> (Android.content.Context, Android.util.AttributeSet);} #保持自定义控件类不被混淆-keepclassmembers class * extends android.app.Activity {public void * (Android.view.View);} -keep public class * extends Android.view.View {public <init> (android.content.Context); Public <init> (Android.content.Context, Android.util.AttributeSet); Public <init> (Android.content.Context, Android.util.AttributeSet, int.); public void set* (...);} #保持 parcelable not be confused-keep class * implements android.os.Parcelable {public static final Android.os.parcelable$creator *;} #保持 Serializable not be confused-keepnames class * Implements java.io.serializable# keep Serializable not be confused and enum Class is also not confused-keepclassmembers class * Implements Java.io.Serializable {static final long serialversionuid; private static final java.io.objectstreamfield[] SerialpersisteNtfields; !static!transient <fields>; !private <fields>; !private <methods>; private void WriteObject (Java.io.ObjectOutputStream); private void ReadObject (Java.io.ObjectInputStream); Java.lang.Object Writereplace (); Java.lang.Object readresolve ();} #保持枚举 enum class is not confused-keepclassmembers enum * {public static **[] values (); public static * * VALUEOF (java.lang.String);} -keepclassmembers class * {public void *buttonclicked (Android.view.View);} #不混淆资源类-keepclassmembers class * *. r$* {public static <fields>;} #避免混淆泛型 if confusing the error suggest to turn off #-keepattributes Signature
This is then added in accordance with the third party added in the project, and is typically found in third-party documents
Like what:
#gson # If you use the Gson parsing package, add the following lines directly can be successfully confused, or will error. -keepattributes signature# Gson specific Classes-keepclassSun.misc.Unsafe {*; } # application Classes that'll be serialized/deserialized over Gson-keepclasscom.google.gson.** {*; }-keepclasscom.google.gson.stream.** {*; } #mob-keepclassAndroid.net.http.SslError-keepclassandroid.webkit.**{*;}-keepclasscn.sharesdk.**{*;}-keepclasscom.sina.**{*;}-keepclassm.framework.**{*;}-keepclass**. r$* {*;}-keepclass**. r{*;}-dontwarn Cn.sharesdk.**-dontwarn * *. r$*#butterknife-keepclassbutterknife.** {*; }-dontwarn Butterknife.Internal. **-keepclass**$ $ViewBinder {*; }-keepclasseswithmembernamesclass*{@butterknife.* <fields>;}-keepclasseswithmembernamesclass*{@butterknife.* <methods>;} ##### #引用的其他Module可以直接在app的这个混淆文件里配置 # If you use a tool such as Gson to make the JavaBean class that it parses, that is, the entity class is not confused. -keepclasscom.matrix.app.entity.json.** {*; }-keepclasscom.matrix.appsdk.network.model.** {*; } # # # # # # # # # #混淆保护自己项目的部分代码以及引用的第三方jar包library ####### #如果在当前的application module or a dependent library module uses third-party libraries and does not need to explicitly add rules # -Libraryjars xxx# adds the possibility of encountering the same jar multiple specified errors at the time of packaging, generally simply adding a declaration that ignores the warning and keeps certain classes from being confused. #以libaray的形式引用了开源项目, if you do not want to confuse keep off, set minifyenabled in the Build.gradle of the introduced module=false-keepclasscom.nineoldandroids.** {*; }-keepInterfacecom.nineoldandroids.** {*; }-dontwarn com.nineoldandroids.**# drop-down refresh-keepclass inch. srain.cube.** {*; }-keepInterface inch. srain.cube.** {*; }-dontwarninch. srain.cube.**# Observablescrollview:tab Fragment-keepclasscom.github.ksoichiro.** {*; }-keepInterfacecom.github.ksoichiro.** {*; }-dontwarn com.github.ksoichiro.**
At this point, the first step of packaging, you can generate a confusing apk.
----------------------------------------------------------------------------------------
Third, anti-compilation apk, verify that the APK has been confused
A tool is used here
Dex2jar (source file acquisition) download
These two files are available after download
1. Manually change the file type to. zip after the packaged apk file, then unzip it to get a series of files
Find the Classes.dex file (which is the Java file compiled and packaged by the DX tool) and copy it to our downloaded dex2jar-2.0 file.
2. Under command line, navigate to the directory where the Dex2jar.bat is located, enter
D2j-dex2jar.bat Classes.dex
Note The first command needs to correspond to the D2j-dex2jar.bat file in your folder
in this directory, a Classes_dex2jar.jar file is generated, and then the Jd-gui.exe in the tool Jd-gui folder is opened,
Then use the tool to open the previously generated Classes_dex2jar.jar file, you can see the source code, the effect is as follows: The name became A,b,c,d and so on the success
Android Project Combat (25): Android Studio obfuscation + pack + Verify success