How does android prevent code decompilation and android prevent decompilation?

How does android prevent code decompilation and android prevent decompilation?

As an Android app developer, you have to face an embarrassing situation: applications that have worked hard to develop can be decompiled easily by others.

Google also seems to have discovered this problem. From SDK2.3, we can see that there is a proguard folder under android-sdk-windows \ tools \.

Proguard is a java code obfuscation tool. With proguard, even if you decompile your apk package, others will only see some ugly code to protect the code.

Add the following sentence to "default. properties" of the project: "proguard. config = proguard. cfg"
The. APK behind the package signature is obfuscated. In fact, we only need to do one step to add such a sentence "proguard. config = proguard. cfg" in "default. properties.

If you want to confuse the Code with greater complexity, you can configure the file in detail.




Because the apk is loaded by the Android virtual machine, it has certain specifications. After the apk is encrypted, Dalvik cannot identify the apk. It is impossible to avoid it completely. Someone can always crack your code. But there are several
To improve the difficulty of code decompilation:

1. The key code uses jni to call local code and is written in c or c ++. Therefore, it is relatively difficult to decompile the code.

2. obfuscated java code. Obfuscation adds or renames useless code without changing the code logic, making it difficult to understand the decompiled source code.

There are many open-source java code obfuscation tools on the Internet, which are usually compiled in ant mode.

Detailed description of android obfuscation file proguard. cfg:

-Injars androidtest. jar [Address of the jar package]
-Outjars out [Output address]

-Libraryjars 'd: \ android-sdk-windows \ platforms \ android-9 \ android. jar '[jar of the referenced library, used to parse the jar class specified by injars]

-Optimizationpasses 5
-Dontusemixedcaseclassnames: [classes of different types are not generated during obfuscation]
-Dontskipnonpubliclibraryclasses [specify not to ignore non-public library classes. ]
-Dontpreverify [no pre-verification]

-Verbose
-Optimizations! Code/simplification/arithmetic ,! Field /*,! Class/merging/* [optimization]

-Keep public class * extends android. app. Activity [unchanged without obfuscation]
-Keep public class * extends android. app. Application
-Keep public class * extends android. app. Service
-Keep public class * extends android. content. BroadcastReceiver
-Keep public class * extends android. content. ContentProvider
-Keep public class * extends android. app. backup. BackupAgentHelper
-Keep public class * extends android. preference. Preference
-Keep public class com. android. vending. licensing. ILicensingService

-Keep public abstract interface com. asqw. android. Listener {
Public protected <methods>; [do not confuse all methods]
}
-Keep public class com. asqw. android {
Public void Start (java. lang. String); [do not confuse this method]
}

-Keepclasseswithmembernames class * {[Protect the name of the specified class and class member. If all specified class members are present (after the compression step )]

Native <methods>;
}

-Keepclasseswithmembers class * {[protect the members of the specified class and class, but the condition is that all specified class and class Members must exist .]
Public <init> (android. content. Context, android. util. AttributeSet );
}

-Keepclasseswithmembers class *{
Public <init> (android. content. Context, android. util. AttributeSet, int );
}

-Keepclassmembers class * extends android. app. Activity {[protect members of a specified class. If this class is protected, it will be better protected]
Public void * (android. view. View );
}

-Keepclassmembers enum *{
Public static ** [] values ();
Public static ** valueOf (java. lang. String );
}

-Keep class * implements android. OS. Parcelable {[Protect specified class files and class members]
Public static final android. OS. Parcelable $ Creator *;
}