Use proguard in Android (favorites ).

Source: Internet
Author: User

JNI is used in the android project. When proguard is used, it is found that many variables cannot be found in the native method. It was originally optimized by produard. Therefore, use progurad with caution in JNI applications.

Solution:
1. Add a line to Android. mk:
Local_proguard_flags: =-include $ (local_path)/proguard. flags
2. Create the proguard. Flag file to write classes and methods that do not require proguard optimization. For example:

-Keep class OMS. Miracle. mobiletv. Broadcast. servicecontext {
*;
}

My class is related to JNI. If you don't want proguard to optimize it and cause errors, you can write it up.

---------- Below are some proguard information found online and posted for sharing:
Proguard is a free Java class File compression, optimization, obfuscator. it detects and deletes unused classes, fields, methods, and attributes. it deletes useless instructions and uses bytecode for maximum optimization. it uses meaningless names to rename classes, fields, and methods.

Proguard is used:

1. Create compact code documentation for faster network transmission, fast loading, and smaller memory usage.
2. It is difficult to use reverse engineering to create programs and libraries.
3. Therefore, it can delete code not called from the source file.
4. Make full use of the advantages of rapid loading of Java 6 to detect and return class files in Java 6 in advance.

Parameters:

-Include {filename}: Read the configuration parameters from the specified file.

-Basedirectory {directoryname}: Specify the base directory as the file name.

-Injars {class_path} specifies the application jar, war, ear, and directory to be processed.

-Outjars {class_path} specifies the name of the jar, war, ear, and directory to be output after processing.

-Libraryjars {classpath} specifies the application jar, war, ear, and library files required by the Directory to be processed.

-Dontskipnonpubliclibraryclasses specifies that non-public library classes are not ignored.

-Dontskipnonpubliclibraryclassmembers specifies that the visible Library Class Members of the package are not ignored.

Retain option
-Keep {modifier} {class_specification} protects specified class files and Class Members

-Keepclassmembers {modifier} {class_specification} protects the members of the specified class. If this class is protected, it will be better protected.

-Keepclasseswithmembers {class_specification} protects the specified class and class members, but the condition is that all specified classes and Class Members must exist.

-Keepnames {class_specification} protects the names of members of the specified class and class (if they are not compressed and deleted in the step)

-Keepclassmembernames {class_specification} protects the names of members of the specified class (if they are not removed from the compression step)

-Keepclasseswithmembernames {class_specification} protects the names of specified classes and Class Members. If all specified class members are present (after the compression step)

-Printseeds {filename} lists the Member-keep options of classes and classes, and outputs them to the specified files.

Compression
-Dontshrink does not compress input class files

-Printusage {filename}

-Whyareyoukeeping {class_specification}

Optimization
-Dontoptimize: the input class file is not optimized.

-Assumenosideeffects {class_specification}: the specified method is assumed during optimization without any side effects.

-Allowaccessmodification: allows access to and modification of modifier classes and class members during optimization.

Obfuscation
-Dontobfuscate does not confuse input class files

-Printmapping {filename}

-Added obfuscation when applymapping {filename} is reused.

-Obfuscationdictionary {filename} uses the keyword in the given file as the name of the method to be confused

-Overloadaggressively: Application intrusive overload during Obfuscation

-Useuniqueclassmembernames: Determine the names of members of a unified obfuscation class to add obfuscation.

-Flattenpackagehierarchy {package_name} repacks all renamed packages and stores them in a given single package.

-Repackageclass {package_name} repacks all renamed class files and stores them in a given single package.

-Dontusemixedcaseclassnames does not produce a variety of class names when obfuscation is performed.

-Keepattributes {attribute_name,...} protects specified optional attributes, such as linenumbertable, localvariabletable, sourcefile, deprecated, synthetic, signature, and innerclasses.

-Renamesourcefileattribute {string}: Set the given String constant in the source file.

Because we developed a project with the webwork + spring + hibernate architecture, all of which require detailed configuration. (Summary after N failures)

Example:
-Injars <project>. Jar
-Outjars <project> _ out. Jar

-Libraryjars <java. Home>/lib/RT. Jar
-Libraryjars <project. Home>/webroot/WEB-INF/lib/webwork. Jar
.......

# Retain public, friendly, private, public, and friendly methods in the Action interface class. All others are compressed, optimized, and obfuscated.
# Because the class name in the configuration file is a complete class name, this class may not be found after processing.
# Attributes are required for JSP pages. If the JSP page is processed, data in the action cannot be obtained.
-Keep public class * implements com. opensymphony. xwork. Action {
Public protected private <fields>;
Public protected <Methods>;
}

# Reserved public, friendly, and private members (attributes and methods) in the serializable Interface Class)
# This configuration mainly corresponds to the object class configuration.
-Keep public class * implements java. Io. serializable {
Public protected private *;
}

......

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

When we develop Java, we usually encounter code problems that protect our development. Because Java is based on JVM, it is easy to decompile class files. Assume that we have developed a web program and released it to the customer. In fact, the customer can easily decompile our source code, including all SRC files and JSP files.

In fact, there are several methods to protect our source code: 1. Use the code obfuscator 2. Reload the classloader of the application server.

For the first method, there are a lot of open-source tools available outside, I personally think it is best to use proguard. Proguard is easy to learn. In addition, many functions are provided. The following is my personal experience

(1) download proguard tool from the Internet, proguard tool mainly contains several jar files and some example, http://proguard.sourceforge.net/

(2) add several jar files to the class path. Of course, you can also not add it, but in the following case, you must specify the classpath so that you can access this class during the obfuscation process.

(3) Compile a configuration file, mainly the parameters of the obfuscator. For example, the following is an example.
-Injars platform. Jar
-Outjars platform_out.jar
-Libraryjars <java. Home>/lib/RT. Jar
-Libraryjars ibatis-common-2.jar
-Libraryjars ibatis-dao-2.jar
-Libraryjars ibatis-sqlmap-2.jar
-Libraryjars junit-3.8.1.jar
-Libraryjars D:/J2EE. Jar
-Libraryjars struts. Jar
-Libraryjars commons-lang.jar
-Libraryjars D:/0 working/coreproject/byislib/jasperreports-0.6.1.jar
-Libraryjars commons-beanutils.jar

-Printmapping proguard. Map
-Overloadaggressively
-Defaultpackage''
-Allowaccessmodification
-Dontoptimize
-Keep public class *
{
Public protected *;
}
-Keep public class org .**
-Keep public class it .**

For more information about the parameters, see proguard. This document is very detailed and easy to use.

OK. Now the code obfuscation is complete. Open the generated jar package and you can see that many class files such as A, B, and C are added. The obfuscation result is successful. It is normal to delete and run the mixed jar package!

FAQs
A. memory overflow exception: the main cause is that proguard eats a lot of memory during obfuscation. Therefore, you can increase the memory when running the obfuscators, such as Java-mx512m .....
B. Stack Overflow exception: When proguard is obfuscation, it will optimize some code. If it encounters some complicated methods, it may throw this exception. The solution is to add the configuration parameter dontoptimize, as shown in the preceding configuration example.

For the second method, the classloader principle of the heavy load server is as follows. First, we use certain algorithms to encrypt the class file. Then we write our own classloader to replace the classloader of the server. In this way, we can read the class file, use our own algorithm to reverse encrypt it into the correct class, and then load it again. This method has not been applied yet. I have been studying it for the past few days. What new results will be summarized here.

Proguard is an open-source project. Its homepage is http://proguard.sourceforge.net/. currently, the latest architecture is 3.3.2 .. It is very easy to load obfuscators. You only need to extract proguard3.3.2.zip, and then select the proguard installation directory in the j2-> packing-> obfuscation tab. As shown in, you can configure the class names to be retained during obfuscation. The MIDlet class names must be retained for the Java Runtime Environment (JRE) of the device) the execution entry point can be found.

Http://images.csdn.net/20050112/image027.jpg,it's about the above PIC.

Another document
Proguard is a free Java class file compressors, optimizers, and obfuscators. It can discover and delete useless classes, fields, methods, and attribute values ). It can also optimize bytecode and delete useless commands. Finally, it uses a simple and meaningless name to rename your class name, field name, and method name. After the preceding operations, the JAR file will become smaller and it is difficult to reverse engineer. The main features of proguard are compression, optimization, and obfuscation. I will introduce these concepts first, and then introduce the basic usage of proguard.

L what is compression:

Java source code (. Java file) is usually compiled into a bytecode (. Class file ). Complete programs or libraries are usually compressed and published into Java documents (. Jar files ). Bytecode is more concise than Java source files, but it still contains a lot of useless Code, especially when it is a library. Proguard's compressor operations can analyze bytecode and delete useless classes, fields, and methods. The program only retains functional equivalence, including the information required for the exception stack description.

L what is obfuscation:

In general, the compiled bytecode still contains a lot of debugging information: source file name, row number, field name, method name, parameter name, variable name, and so on. This information makes it easy to decompile and obtain complete programs through reverse engineering. Sometimes, this is annoying. For example, obfuscators like proguard can delete the debugging information and replace all names with meaningless character sequences, making it difficult to reverse engineer and further streamline code free of charge. Except for the class name, method name, and row number required for the exception stack information, the program only retains functional equivalence. With the above understanding, you should understand why obfuscation is required.

L proguard supports the following types of optimization:

In addition to useless classes, fields, and Methods deleted during compression operations, proguard can also provide performance optimization at the bytecode level. The internal methods include:

2. constant expression evaluate

2. Delete unnecessary field access

2. Delete unnecessary method calls

2. Delete unnecessary branches

2. Delete unnecessary comparisons and instanceof Verification

2. delete unused code

2. delete a write-only segment

2. delete unused method parameters

2. Various peephole optimizations like push/pop simplification

2. Add static and final modifiers to the class whenever possible

2. Add private, static, and final modifiers to the method whenever possible

2. Make the get/Set Method inline whenever possible

2. replace an interface with only one implementation class.

2. Optional log deletion code

The actual optimization result depends on your code and the virtual machine that executes the code. Simple virtual machines are more effective than advanced virtual machines with complex JIT compilers. In any case, your bytecode will become smaller.

There are still some technologies that need to be optimized obviously not supported:

2. Make non-final constant fields inline

2. Make other methods inline like the get/Set Method

2. Move the constant expression out of the loop

2 optimizations that require escape Analysis

Proguard is a command line tool and provides a graphical user interface. It can also be used in combination with ant or j2-wireless toolkit. The more streamlined jar files obtained through proguard mean that only a smaller storage space is needed; network transmission is more time-saving; loading speed is faster and memory usage is smaller. In addition, proguard is very fast and efficient. It only takes a few seconds and a few megabytes to exist in the processing program. The processing sequence is compressed first, optimized, and then obfuscated. The results section presents actual figures for a number of applications. Compared with other Java obfuscators, proguard has the primary advantage of simple configuration based on template files. Some intuitive command line options or a simple configuration file are enough. For example, the following configuration options protect all Applets in the jar file:

-Keep public class * extends java. Applet. Applet

All available options are described in the user guide, and a large number of examples are provided to demonstrate these powerful configuration options.

I talked about many advantages of proguard. Now let's take a look at how to use proguard in the program. We also mentioned that proguard can execute and process programs using command lines, graphical interfaces, ant, etc, the configuration file is also mentioned. Let's take a look at how to use it:

Run the following command to run proguard:

Java-jar proguard. Jar options ......

For specific options, refer to the proguard user guide. You can also write these attributes in the configuration file. during runtime, you only need to specify this configuration file. For example:

Java-jar proguard. Jar @ config. Pro

The configuration file format must also be written in the format provided by proguard. For details, refer to the configuration file in the proguard example to configure the proguard configuration file suitable for your application system. Proguard provides graphical interface configuration and running programs. You can configure the desired parameters on the interface and then run the program. The configuration files to be manually written can also be configured and generated on the GUI.

If you want to run proguard in ant, you only need to add one of the following targets:

<Target name = "proguard" depends = "init">

<Taskdef resource = "proguard/ANT/task. properties" classpath = "$ {Lib. dir}/proguard. Jar"/>

<Proguard configuration = "$ {SRC. dir}/config. Pro"/>

</Target>

You only need to set the Lib. dir and SRC. dir attributes. Similarly, the proguard configuration file is used here, which is the same as above. We recommend that you use proguardgui as a wizard to generate a configuration file. In this way, you only need to modify the configuration file instead of writing a new configuration file.

If you think proguard is good, add it to your project.

Document 3
This is something that should not appear in the open-source community, but it is indeed an open-source project, just like its name, proguard (Program Guard ), it represents the relative aspect of open source-code protection.

As an advanced language such as Java, the product of compilation is only a concept relative to the source code. Although bytecode is not as easy to understand as the source code, it is not impossible to decompile it, there are many anti-compilation products for Java, such as cavaj and Jad. In the face of the continuous emergence of decompilation products, the developers who regard the code as a fortune should go further.

Obfuscators come into being in this context. Since it is impossible to reject the decompilation, let them decompile the obfuscators. As long as the results of decompilation cannot be directly used by others, isn't it enough? As long as the code is mixed up, the results of decompilation cannot be understood by others, or even cannot be compiled.

There are many obfuscation methods, mainly in the following aspects.
Rename: Change the name of a private class, Private member, and variable in the method body to A, B, C, or even 1, 2, 3 (the Code does not allow non-equivalent deliverables)
Change the logic flow. For example, if conditions are reversed and if/else is reversed.
Equivalent Code, for example, changing a loop to a GOTO
Invalid code, useless code inserted
Proguard is an excellent open-source Java obfuscator. It can be downloaded at http://proguard.sourceforge.net/. now let me download proguard together.

Take version 3.2 as an example. Release the compressed package. As an open-source project, the docs, Lib, SRC, and sample folders are available. We will not describe them here.
Enter the lib directory, which contains proguard. Jar. If you want to have a obfuscator shell or use it as an ant plug-in, you will use it. For details, refer to the proguard documentation.
We should look at proguardgui. jar, which is the graphical interface of proguard. We use JDK to open it. Note that JDK is not a JRE.

Click the input/output tag, select the jar package to be confused (note that it is a jar package), output the jar package, and all the class libraries used.
Click the obfuscation label and select classes that do not need to be confused (classes to be reflected cannot be confused)
Click the process tag and the process button. Wait for the result to be viewed.
Proguard also includes code optimization and code sorting functions, which are not the scope of this article. If you are interested, study it yourself)
Obfuscation-only options

In this way, if a-Z has been used, it will switch to AA. class, such as the configuration interface.
1, 4, 6, 9, 10, 11, 12

Source code
Package org. zwm. Pub;

Public class Bru {

/**
* @ Param ARGs
*/

Public static void main (string [] ARGs ){
// Todo auto-generated method stub
System. Out. println (showmsg ());
}
Public static string showmsg (){
Return "You are my sun ";
}
}
Decompiled code
// Decompiled by Jad v1.5.8g. Copyright 2001 Pavel Kouznetsov.
// Jad home page: http://www.kpdus.com/jad.html
// Decompiler options: packimports (3)

Package org. zwm. Pub;

Import java. Io. printstream;

Public class bru
{

Public Bru ()
{
}

Public static void main (string ARGs [])
{
System. Out. println (pk0304140008000800fz ());
}

Public static string pk0304140008000800fz ()
{
Return "You are my sun ";
}
}

The class name remains unchanged and the method name is mixed.

Another example is to help you:

Run the proguard command in the command line: Java-jar proguard. Jar @ proguard. Pro, where the proguard. Pro file contains the specified obfuscation information.

For example, a swing application:

-Injars gibd. Jar
-Outjars gimt_out.jar
-Libraryjars lib/RT. Jar
-Libraryjars lib/anlr/antlr-2.7.5H3.jar
-Libraryjars lib/cglib/cglib-full-2.0.2.jar
-Libraryjars lib/db2-connector/db2jcc_license_cu.jar
-Libraryjars lib/dom4j/dom4j-1.5.2.jar
-Libraryjars lib/encache/ehcache-1.1.jar
-Libraryjars lib/hibernate/hibernate3.jar
-Libraryjars lib/Jakarta-Common/commons-beanutils.jar
-Libraryjars lib/log4j/log4j-1.2.9.jar
-Libraryjars lib/MySQL-connector/mysql-connector-java-3.0.17-ga-bin.jar
-Libraryjars lib/spring. Jar
-Libraryjars lib/db2-connector/db2jcc. Jar
-Libraryjars lib/Jakarta-Common/commons-collections-2.1.1.jar
-Libraryjars lib/Jakarta-Common/commons-dbcp-1.2.1.jar
-Libraryjars lib/Jakarta-Common/commons-lang-2.0.jar
-Libraryjars lib/Jakarta-Common/commons-logging-1.0.4.jar
-Libraryjars lib/Jakarta-Common/commons-pool-1.2.jar
-Libraryjars lib/spring/spring-mock.jar
-Libraryjars lib/J2EE/JTA. Jar
-Libraryjars lib/db2-connector/db2java.zip

-Printmapping proguard. Map
-Overloadaggressively
-Defaultpackage''
-Allowaccessmodification
-Dontoptimize

-Keep public class com. Wisdom. tool. Mainframe {
Public static void main (Java. Lang. String []);
}

-Keep class * extends javax. Swing. plaf. componentui {
Public static javax. Swing. plaf. componentui createui (javax. Swing. jcomponent );
}

-Keep public class com. Wisdom. model. User .*{
*;
}

-Keep public class com. Wisdom. Service .*{
*;
}

-Keep public class com. Wisdom. Service. impl. menuserviceimpl

Note:
1. The "-dontoptimize" option is not added at the beginning, and sometimes problems may occur, as mentioned above.
2. List all dependent. Jar packages.
3. The keep option tells proguard that those do not need to be confused.
A. the portal of the entire swing application cannot be confused.
B. For Classes inherited from componentui, createui cannot be confused.
C. Using hibernate's domain object spring's service object, the reflection mechanism is used.

 

Http://blog.csdn.net/wbw1985/article/details/6932149

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.