Android现在对安全方面要求比较高了,我今天要做的对apk进行混淆,用所有的第三方工具都不能反编译,作者的知识产权得到保障了,是不是碉堡了。
一,首先说明我这是在4.0基础上进行的。
先看看project.properties 这个文件。
# This file is automatically generated by Android Tools.
# Do not modify this file -- YOUR CHANGES WILL BE ERASED!
#
# This file must be checked in Version Control Systems.
#
# To customize properties used by the Ant build system edit
# "ant.properties", and override values to adapt the script to your
# project structure.
#
# To enable ProGuard to shrink and obfuscate your code, uncomment this (available properties: sdk.dir, user.home):
# proguard.config=${sdk.dir}/tools/proguard/proguard-android.txt:proguard-project.txt
# Project target.
target=android-17
#proguard.config=proguard.cfg
proguard.config=${sdk.dir}/tools/proguard/proguard-android.txt:proguard-project.txt
先把proguard.config=${sdk.dir}/tools/proguard/proguard-android.txt:proguard-project.txt 的注释去掉。
其实混淆的难点就是项目引进了第三方包,如果没有引入第三方包,直接把上面的东西注释掉就可以混淆了,如果引入了第三方包就比较麻烦,请看下面。
再把第三方包进行添加,注意,一般第三方jar已经混淆过了,所以不能再次混淆。下面是我把第三方jar包过滤掉的操作。一般方在最下面。
这个文件proguard-project.txt
# To enable ProGuard in your project, edit project.properties
# to define the proguard.config property as described in that file.
#
# Add project specific ProGuard rules here.
# By default, the flags in this file are appended to flags specified
# in ${sdk.dir}/tools/proguard/proguard-android.txt
# You can edit the include path and order by changing the ProGuard
# include property in project.properties.
#
# For more details, see
# http://developer.android.com/guide/developing/tools/proguard.html
# Add any project specific keep options here:
#-keep class packagename.** {*;}
# If your project uses WebView with JS, uncomment the following
# and specify the fully qualified class name to the JavaScript interface
# class:
#-keepclassmembers class fqcn.of.javascript.interface.for.webview {
# public *;
#}
-keepclasseswithmembernames class * {
native <methods>;
}
-keepclasseswithmembers class * {
public <init>(android.content.Context, android.util.AttributeSet);
}
-keepclasseswithmembers class * {
public <init>(android.content.Context, android.util.AttributeSet, int);
}
-keepclassmembers class * extends android.app.Activity {
public void *(android.view.View);
}
-keepclassmembers enum * {
public static **[] values();
public static ** valueOf(java.lang.String);
}
-keep class * implements android.os.Parcelable {
public static final android.os.Parcelable$Creator *;
}
-dontwarn com.umeng.**
-dontwarn org.apache.commons.**
-dontwarn com.tencent.weibo.sdk.**
-keepattributes *Annotation*
-keep class com.umeng*.** {*; }
-keep public class [your_pkg].R$*{
public static final int *;
}
-keep class com.tencent.open.TDialog$*
-keep class com.tencent.open.TDialog$* {*;}
-keep class com.tencent.open.PKDialog
-keep class com.tencent.open.PKDialog {*;}
-keep class com.tencent.open.PKDialog$*
-keep class com.tencent.open.PKDialog$* {*;}
-keep class com.tencent.mm.sdk.openapi.WXMediaMessage {*;}
-keep class com.tencent.mm.sdk.openapi.** implements com.tencent.mm.sdk.openapi.WXMediaMessage$IMediaObject {*;}
-libraryjars /libs/achartengine-1.1.0.jar
-dontwarn achartengine.**
-keep class achartengine.** { *;}
-libraryjars /libs/android-support-v4.jar
-dontwarn android.support.v4.**
-keep class android.support.v4.** { *;}
-libraryjars /libs/jpush-sdk-release1.4.0.jar
-dontwarn jpush.sdk.release.**
-keep class jpush.sdk.release.** { *;}
-libraryjars /libs/umeng_sdk.jar
-dontwarn umeng.sdk.**
-keep class umeng.sdk.** { *;}
-libraryjars /libs/umeng_social_sdk.jar
-dontwarn umeng.social.sdk.**
-keep class umeng.social.sdk.** { *;}
-libraryjars /libs/universal-image-loader.jar
-dontwarn universal.image.loader.**
-keep class universal.image.loader.** { *;}
-libraryjars /libs/ShareSDK-SinaWeibo-2.1.2.jar
-dontwarn cn.sharesdk.sina.weibo.**
-keep class cn.sharesdk.sina.weibo.** { *;}
-libraryjars /libs/ShareSDK-TencentWeibo-2.1.2.jar
-dontwarn cn.sharesdk.tencent.weibo.**
-keep class cn.sharesdk.tencent.weibo.** { *;}
-libraryjars /libs/ShareSDK-Wechat-Moments-2.1.2.jar
-dontwarn cn.sharesdk.wechat.moments.**
-keep class cn.sharesdk.wechat.moments.** { *;}
这些对应上面的jar包,防止再次混淆。
-braryjars libs/nineoldandroids-2.4.0.jar----指明lib包的在工程中的路径
而-dontwarn com.xx.bbb.**和-keep class com.xx.bbb.** { ;}
这两个参数用来保持第三方库中的类而不乱,将-dontwarn和-keep 结合使用,意思是保持com.xx.bbb.*这个包里面的所有类和所有方法而不混淆,接着还叫ProGuard不要警告找不到com.xx.bbb.**这个包里面的类的相关引用。
-libraryjars ..第三方库的工程名 -dontwarn 包名.** -keep class 包名.** { *;}
最后打包签名,成功。
完毕。