Source Confusion What
Java is a cross-platform, interpreted language in which Java source code is compiled into an intermediate "bytecode" stored in a class file. Because of the cross-platform requirements, Java bytecode contains a lot of source code information, such as variable name, method name, and through these names to access variables and methods, these symbols with a lot of semantic information, it is easy to decompile the Java source code. To prevent this, we can use Java obfuscation to confuse Java bytecode.
Confusion is the re-organization and processing of the published program, so that the processed code and the pre-processing code to complete the same function, and the confusing code is difficult to decompile, even if the anti-compilation success is difficult to derive the true semantics of the program. The obfuscated program code, still in accordance with the original file format and instruction set, the execution result is the same as before, but the confusion of all the variables, functions, classes in the code to the name of the short English letter code, in the absence of the corresponding function name and program comments, even if it is anti-compilation, it will be difficult to read. After the Android code is confused, the code is guaranteed to be secure, but protection is not comprehensive.
Thanks for the "Love Encryption" they provide protection, including: Dex Shell Protection, DEX instruction dynamic load protection and advanced source code obfuscation protection. The Dex shell protection, which is protected by the use of the Anti-compilation tool to get the app source code and so library protection by hiding the Dex file and generating a shell file similar to virtual image, prevents the hacker from using the decompile tools to secure the security of the C/C + + layer. Plus resource File Protection (image, audio and other files of anti-viewing and anti-modification), XML Master File Protection (two signatures of the main files), memory protection and other measures, can basically ensure the dynamic and static security of the app. As a reference ....
interested can look under Http://www.ijiami.cn/appprotect_mobile_games
Confusing file proguard.cfg parameters
-optimizationpasses 5 # specifies the compression level of the Code-dontusemixedcaseclassnames # Whether to use case mixed-dontskipnonpubliclibraryclasses &Whether nbsp; # is confusing third party jar-dontpreverify # whether to do pre-calibration when confusing-verbose # If the log is logged when confused-optimizations !code/simplification/arithmetic,!field/*,!class/merging/* # The algorithm used in the confusion is-keep public class * extends android.app.activity # maintain which classes are not confused-keep public class * extends android.app.Application # Keep What classes are not confused-keep public class * extends android.app.service # maintain which classes are not confused-keep public class * extends android.conTent. broadcastreceiver # maintain which classes are not confused-keep public class * extends android.content.contentprovider # maintain which classes are not confused-keep public class * extends android.app.backup.BackupAgentHelper # maintain which classes are not confused-keep public class * extends android.preference.preference # maintain which classes are not confused-keep public class com.android.vending.licensing.ilicensingservice # maintain which classes are not confused-keepclasseswithmembernames class * { # Keep native method not to be confused native <methods>;} -keepclasseswithmembers class * { # Keep custom control classes from being confused public <init> (android.content.context, Android.util.AttributeSet);} -keepclasseswithmembers class * { public <init> ( Android.content.context, android.util.attributeset, int); # Keep custom control classes from being confused}-keepclassmembers class * extends android.app.activity { # Keep custom control classes from being confused public void * (Android.view.View);} -keepclassmembers enum * { # Keep enumerations enum classes from being confused public Static **[] values (); public static ** valueof ( java.lang.String);} -keep class * implements android.os.parcelable { # Keep Parcelable not be confused public static final android.os.parcelable$creator *;} -keep class myclass; # keep your defined classes from being confused
Method of code obfuscation
Depending on the version of the SDK, there are 2 different ways of confusing code, the information involved in the PROGUARD.CFG parameter details above is a confusing script under the lower version of the SDK , in fact, in the higher version of the SDK The principle and parameters of the confusion are similar to those of the lower versions, except that the confusing scripts are introduced in different versions of the SDK . Here's how:
-
low version , the project contains project.properties file, you only need to file ; >proguard . Config=proguard.cfg re-project export .
The proguard-project.txt and project.properties files are included in the project under the high-version SDK , and you need to in the Proguard-project.txt file, configure the following information before you export the project . The following is a demonstration of a real file.
# This file was automatically generated by Android tools.# does not modify this file--YOUR changes would be erased!## this F Ile must is checked in Version Control systems.## to customize properties used by the Ant build system edit# "Ant.properti Es ", and override values to adapt the script to your# project structure.## to enable Proguard to shrink and obfuscate your Code, uncomment this (available Properties:sdk.dir, user.home): #proguard. config=${sdk.dir}/tools/proguard/ Proguard-android.txt:proguard-project.txtproguard.config=${sdk.dir}/tools/proguard/proguard-android.txt: proguard-project.txt# Project Target.target=android-16
The configuration information above is the contents of the project.properties file, and the blue text is the configuration information we need to add during the code obfuscation, where:sdk.dir is your SDK on the current machine The installation path . If you want to keep the files under a package from being confused, you can include a statement that retains the corresponding package name in the proguard-project.txt file.
# to enable proguard in your project, edit project.properties# to define the proguard.config property as described in that file.## Add project specific ProGuard rules here.# By default, the flags in this file are appended to flags specified# in ${ Sdk.dir}/tools/proguard/proguard-android.txt# you can edit the include path and order by changing the ProGuard# include property in Project.properties.## for more details, see# http://developer.android.com /guide/developing/tools/proguard.html# add any project specific keep options here:-dontwarn com.cnki.android.cnkireader.** -keep class com.cnki.android.cnkireader.** { *; }# if your project uses webview with js, uncomment the Following# and specify the fully qualified class name to the JavaScript interface# class:#-keepclassmembers class fqcn.of.javascript.interface.for.webview {# public *;#}
Talk about the code obfuscation under Android programming, and click on it to see ....