Android Project Combat (25): Android Studio obfuscation + pack + Verify success

Source: Internet
Author: User

Original: Android Project Combat (25): Android Studio obfuscation + pack + Verify success

Objective:

Single-heads Android projects, recent instant messaging with the ring letter, the integration of the SDK when the official word

Add the following keep to the Proguard file.

-keep class com.hyphenate.** {*;} -dontwarn com.hyphenate.**

namely: Obfuscation rules. I did not write about the confusion of packaging articles, here to fill in.

Below is an overview of the project obfuscation package operation under the Android studio environment.

----------------------------------------------------------------------------------------

First, Packaging:

A. apk file will be generated by the Android project to allow the user to install.

1. Toolbar Build->generate signed APK.

2, appear this interface, the first time to enter the words of the edit box is empty, and then click Crete New ... Button

3, here, fill in some relevant information, the specific contents of the unknown said

4, then back to the first step, this time click the button next, build type Select release Finish, and then in the APK Destination folder directory to build the project APK package

Packing process as above, over.

----------------------------------------------------------------------------------------

Second, confusion

The developers know that we can use some tools to decompile an APK, get the resources, and the intention is probably to refer to the good code in your project. Bad intentions might decompile the APK to find vulnerabilities in your project and make threats to project security.

So now, before we package a project, we need to confuse the project so that the APK cannot be easily recompiled and the product is more secure.

The obfuscation operation requires some configuration.

Modify the code within the android{} area in the Build.gradle file in the app directory

1.

// Perform a lint check, with any errors or warning prompts, will terminate the build     lintoptions {        false    }

2.

buildtypes {debug {//Show LogBuildconfigfield"Boolean","Log_debug","true"Versionnamesuffix"-debug"minifyenabledfalsezipalignenabledfalseshrinkresourcesfalsesigningconfig Signingconfigs.debug} release {//do not display logBuildconfigfield"Boolean","Log_debug","false"            //confusingMinifyenabledtrue            //zipalign OptimizationZipalignenabledtrue            //removing useless resource filesShrinkresourcestrue            //The previous section represents the system default of the Android program to confuse the file, which already contains the basic obfuscation statement, after a file is the definition of its own confusing fileProguardfiles Getdefaultproguardfile ('Proguard-android.txt'),'Proguard-rules.pro'        }    }

3, modify the Proguard

The first is some fixed

-keepclassmembersclassFqcn.of.javascript.Interface. for. WebView { Public*;} #指定代码的压缩级别-optimizationpasses5#包明不混合大小写-dontusemixedcaseclassnames# not to ignore non-public library classes-dontskipnonpubliclibraryclasses #优化 do not optimize the input class file-dontoptimize #预校验-dontpreverify #混淆时是否记录日志-verbose # algorithm used to confuse-optimizations!code/simplification/arithmetic,!field/*,!class/merging/* #保护注解-keepattributes *annotation*# Keep What classes are not confused-keep public class * extends Android.app.fragment-keep public class * Extends Android.app.activity-keep public class * extends Android.app.application-keep public class * Extend s android.app.service-keep public class * extends Android.content.broadcastreceiver-keep public class * extends ANDROID.C Ontent. Contentprovider-keep public class * extends Android.app.backup.backupagenthelper-keep public class * extends Android.preference.preference-keep public class com.android.vending.licensing.ilicensingservice# If you have a reference V4 package you can add the following line-keep public class * extends android.support.v4.app.fragment# ignore warning-ignorewarning# #记录生成的日志数据, gradle Build at the root of this project output # # #apk package inside all class internal structure-dump proguard/class_files.txt# not confusing classes and members-printseeds proguard/seeds.txt# list from apk The code removed in-printusage proguard/unused.txt# before and after the mapping-printmapping proguard/mapping.txt####### #记录生成的日志数据, gradle Build In this project root output-end###### #如果引用了v4或者v7包-dontwarn android.support.**### #混淆保护自己项目的部分代码以及引用的第三方jarPackage library-end#### #保持 Native method is not confused-keepclasseswithmembernames class * {native <methods>;} #保持自定义控件类不被混淆-keepclasseswithmembers class * {public <init> (Android.content.Context, Android.util.AttributeSet);} #保持自定义控件类不被混淆-keepclassmembers class * extends android.app.Activity {public void * (Android.view.View);}    -keep public class * extends Android.view.View {public <init> (android.content.Context);    Public <init> (Android.content.Context, Android.util.AttributeSet);    Public <init> (Android.content.Context, Android.util.AttributeSet, int.); public void set* (...);} #保持 parcelable not be confused-keep class * implements android.os.Parcelable {public static final Android.os.parcelable$creator *;} #保持 Serializable not be confused-keepnames class * Implements java.io.serializable# keep Serializable not be confused and enum    Class is also not confused-keepclassmembers class * Implements Java.io.Serializable {static final long serialversionuid; private static final java.io.objectstreamfield[] SerialpersisteNtfields;    !static!transient <fields>;    !private <fields>;    !private <methods>;    private void WriteObject (Java.io.ObjectOutputStream);    private void ReadObject (Java.io.ObjectInputStream);    Java.lang.Object Writereplace (); Java.lang.Object readresolve ();}  #保持枚举 enum class is not confused-keepclassmembers enum * {public static **[] values (); public static * * VALUEOF (java.lang.String);} -keepclassmembers class * {public void *buttonclicked (Android.view.View);} #不混淆资源类-keepclassmembers class * *. r$* {public static <fields>;} #避免混淆泛型 if confusing the error suggest to turn off #-keepattributes Signature

This is then added in accordance with the third party added in the project, and is typically found in third-party documents

Like what:

#gson # If you use the Gson parsing package, add the following lines directly can be successfully confused, or will error. -keepattributes signature# Gson specific Classes-keepclassSun.misc.Unsafe {*; } # application Classes that'll be serialized/deserialized over Gson-keepclasscom.google.gson.** {*; }-keepclasscom.google.gson.stream.** {*; } #mob-keepclassAndroid.net.http.SslError-keepclassandroid.webkit.**{*;}-keepclasscn.sharesdk.**{*;}-keepclasscom.sina.**{*;}-keepclassm.framework.**{*;}-keepclass**. r$* {*;}-keepclass**. r{*;}-dontwarn Cn.sharesdk.**-dontwarn * *. r$*#butterknife-keepclassbutterknife.** {*; }-dontwarn Butterknife.Internal. **-keepclass**$ $ViewBinder {*; }-keepclasseswithmembernamesclass*{@butterknife.* <fields>;}-keepclasseswithmembernamesclass*{@butterknife.* <methods>;} ##### #引用的其他Module可以直接在app的这个混淆文件里配置 # If you use a tool such as Gson to make the JavaBean class that it parses, that is, the entity class is not confused. -keepclasscom.matrix.app.entity.json.** {*; }-keepclasscom.matrix.appsdk.network.model.** {*; } # # # # # # # # # #混淆保护自己项目的部分代码以及引用的第三方jar包library ####### #如果在当前的application module or a dependent library module uses third-party libraries and does not need to explicitly add rules # -Libraryjars xxx# adds the possibility of encountering the same jar multiple specified errors at the time of packaging, generally simply adding a declaration that ignores the warning and keeps certain classes from being confused. #以libaray的形式引用了开源项目, if you do not want to confuse keep off, set minifyenabled in the Build.gradle of the introduced module=false-keepclasscom.nineoldandroids.** {*; }-keepInterfacecom.nineoldandroids.** {*; }-dontwarn com.nineoldandroids.**# drop-down refresh-keepclass inch. srain.cube.** {*; }-keepInterface inch. srain.cube.** {*; }-dontwarninch. srain.cube.**# Observablescrollview:tab Fragment-keepclasscom.github.ksoichiro.** {*; }-keepInterfacecom.github.ksoichiro.** {*; }-dontwarn com.github.ksoichiro.**

At this point, the first step of packaging, you can generate a confusing apk.

----------------------------------------------------------------------------------------

Third, anti-compilation apk, verify that the APK has been confused

A tool is used here

Dex2jar (source file acquisition) download

These two files are available after download

1. Manually change the file type to. zip after the packaged apk file, then unzip it to get a series of files

Find the Classes.dex file (which is the Java file compiled and packaged by the DX tool) and copy it to our downloaded dex2jar-2.0 file.

2. Under command line, navigate to the directory where the Dex2jar.bat is located, enter

D2j-dex2jar.bat   Classes.dex

Note The first command needs to correspond to the D2j-dex2jar.bat file in your folder

in this directory, a Classes_dex2jar.jar file is generated, and then the Jd-gui.exe in the tool Jd-gui folder is opened,

Then use the tool to open the previously generated Classes_dex2jar.jar file, you can see the source code, the effect is as follows: The name became A,b,c,d and so on the success

Android Project Combat (25): Android Studio obfuscation + pack + Verify success

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.