关于apk代码混淆,网上的博文已经很多,简单浏览一下发现大家都是直接拿“代码混淆”的360百科或者百度百科的解释和基本介绍粘贴过来。
其实说起来做Android开发的应该都反编译过自己或者别人的apk,应该也都知道代码混淆是干什么用的,所以这里就不多做解释了。但是有一件事大家应该明确:不论你的代码混淆或者加固做的多好多nb都不能保证做到apk100%安全,都说道高一尺魔高一丈,所以我们需要做的事就是努力修炼自己的级别开发出更安全的apk。
用adt开发apk时的代码混淆:
应该是在adt17.0及更高版本时proguard.cfg文件替换为了proguard-project.txt,在此之前避免混淆的代码在proguard.cfg进行配置,然后在 project.properties 文件末尾添加 proguard.config=proguard.cfg即可。
替换为proguard-project.txt之后,跟proguard.cfg用法基本相同,避免混淆的代码配置在proguard-project.txt中,然后将project.properties文件中proguard.config=${sdk.dir}/tools/proguard/proguard-android.txt:proguard-project.txt这句打开即可,这句配置是project.properties文件中自带的。
如图:
打开这句配置之后直接在adt中run或者debug run你的工程是不会进行代码混淆的,可以复制出来bin目录下的apk包反编译看下。只有通过Android Tools 导出的apk才是混淆之后的,签不签名都可以。
接下来说下proguard-project.txt文件的配置
自带的内容截图:
If your project uses WebView with JS, uncomment the following and specify the fully qualified class name to the JavaScript interface class:
这句话的意思是:如果你的项目使用了WebView JS,取消下边的注释并指定JavaScript接口类的完全限定类名。
这样就避免打包时将js相关的代码混淆掉。
以下是我的工程中proguard-project.txt文件的配置
# To enable ProGuard in your project, edit project.properties # to define the proguard.config property as described in that file. # # Add project specific ProGuard rules here. # By default, the flags in this file are appended to flags specified # in ${sdk.dir}/tools/proguard/proguard-android.txt # You can edit the include path and order by changing the ProGuard # include property in project.properties. # # For more details, see # http://developer.android.com/guide/developing/tools/proguard.html # Add any project specific keep options here: # If your project uses WebView with JS, uncomment the following # and specify the fully qualified class name to the JavaScript interface # class: #-keepclassmembers class fqcn.of.javascript.interface.for.webview { # public *; #} #引入lib目录下的jar包 -libraryjars libs/android-support-v4.jar -libraryjars libs/baidumapapi.jar -libraryjars libs/jackson-all-1.8.5.jar -libraryjars libs/pica_bean2json.jar -libraryjars libs/pinyin4j-2.5.0.jar -libraryjars libs/umpay_sdk.jar -libraryjars libs/WebtrendsAndroidClientLib.jar -libraryjars libs/wmqtt.jar -libraryjars libs/fastjson-1.1.41.jar -libraryjars libs/alipaySdk-20160825.jar -libraryjars libs/cmcc-sso-sdk.jar #忽略相应的警告 -ignorewarnings -dontwarn android.support.v4.** -dontwarn org.codehaus.jackson.** -dontwarn net.sourceforge.pinyin4j.** -dontwarn demo.** -dontwarn com.alibaba.fastjson.** #保证泛型不被混淆 -keepattributes Signature #保证相应类中的代码不被混淆 -keep class android.support.v4.** { *; } -keep public class * extends android.support.v4.** -keep public class * extends android.app.Fragment -keep public class com.umpay.creditcard.android.** {*;} -keep public class com.webtrends.mobile.** {*;} -keep public class com.pica.util.** {*;} -keep public class org.codehaus.jackson.** {*;} -keep public class com.baidu.mapapi.** {*;} -keep public class com.hp.hpl.sparta.** {*;} -keep public class demo.** {*;} -keep public class net.sourceforge.pinyin4j.** {*;} -keep public class com.ibm.mqtt.** {*;} -keep public class com.pica.mobilebusiness.model.** {*;} -keep public class com.alibaba.fastjson.** {*;} #alipay不被混淆 -keep class com.alipay.android.app.IAlixPay{*;} -keep class com.alipay.android.app.IAlixPay$Stub{*;} -keep class com.alipay.android.app.IRemoteServiceCallback{*;} -keep class com.alipay.android.app.IRemoteServiceCallback$Stub{*;} -keep class com.alipay.sdk.app.PayTask{ public *;} -keep class com.alipay.sdk.app.AuthTask{ public *;} #和飞信不被混淆 -keep public class com.cmcc.sso.dynamic.** {*;} -keep public class com.cmcc.sso.sdk.auth.** {*;} -keep public class com.cmcc.sso.sdk.common.** {*;} -keep public class com.cmcc.sso.sdk.util.** {*;} -keep public class com.cmcc.sso.service.** {*;} -keep class com.cmcc.sso.sdk.auth.AuthnHelper$1{*;} -keep class com.cmcc.sso.sdk.common.Config$ENV{*;} -keep class com.cmcc.sso.service.IPCCallback$Stub$Proxy{*;} -keep class com.cmcc.sso.service.ISsoService$Stub$Proxy{*;} -keep class com.cmcc.sso.service.SsoService$1{*;} #-keep class com.cmcc.proxy.* { # ; # ; #} #-keep class com.cmcc.sso.* { # ; # ; #} #保证四大组件不被混淆 -keep public class * extends android.app.Activity -keep public class * extends android.app.Application -keep public class * extends android.app.Service -keep public class * extends android.content.BroadcastReceiver -keep public class * extends android.content.ContentProvider -keep public class com.android.vending.licensing.ILicensingService # 保留本地native方法不被混淆 -keepclasseswithmembers class * { native ; } # 保护指定的类和类的成员,但条件是所有指定的类和类成员是要存在 -keepclasseswithmembers class * { public (android.content.Context, android.util.AttributeSet); } -keepclasseswithmembers class * { public (android.content.Context, android.util.AttributeSet, int); } # 保留枚举类不被混淆 -keepclassmembers enum * { public static **[] values(); public static ** valueOf(java.lang.String); } # 保留Parcelable序列化类不被混淆 -keep class * implements android.os.Parcelable { public static final android.os.Parcelable$Creator *; }
再例如我们在proguard-project.txt文件中指定了IAlixPay类和其下的所有方法不可以被混淆,如图:
果然,查看mapping.txt中的IAlixPay类及以下方法并没有被混淆掉,如图:
那么怎样指定对应的包、类和方法不被混淆呢?请看下图:
android studio中的代码混淆参考:http://blog.csdn.net/jerrywu145/article/details/54093291
ps:欢迎批评指正!