混淆本质
把原来有具体含义的类名,变量名,方法名,修改成让人看不懂的名字,例如方法名getxx混淆为方法名a。
Android Studio中的混淆
Android工程目录下有个文件,proguard-rules.pro,内容是:
# Add project specific ProGuard rules here.
# By default, the flags in this file are appended to flags specified
# in /usr/local/sdk/tools/proguard/proguard-android.txt
# You can edit the include path and order by changing the proguardFiles
# directive in build.gradle.
#
# For more details, see
# http://developer.android.com/guide/developing/tools/proguard.html
# Add any project specific keep options here:
# If your project uses WebView with JS, uncomment the following
# and specify the fully qualified class name to the JavaScript interface
# class:
#-keepclassmembers class fqcn.of.javascript.interface.for.webview {
# public *;
#}
proguard-rules.pro是AS中专用的proguard配置文件,其实只是后缀名不同,与Eclipse中的proguard-project.txt是一样的,配置规则相同,后面会详细提到。
在gradle中处理混淆的语句是:
buildTypes {
release {
minifyEnabled false
proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.pro'
}
}
这个proguard-android.txt是sdk中groguard默认的文件,而文件是存在于sdk/tools/proguard/中:
# This is a configuration file for ProGuard.
# http://proguard.sourceforge.net/index.html#manual/usage.html
-dontusemixedcaseclassnames
-dontskipnonpubliclibraryclasses
-verbose
# Optimization is turned off by default. Dex does not like code run
# through the ProGuard optimize and preverify steps (and performs some
# of these optimizations on its own).
-dontoptimize
-dontpreverify
# Note that if you want to enable optimization, you cannot just
# include optimization flags in your own project configuration file;
# instead you will need to point to the
# "proguard-android-optimize.txt" file instead of this one from your
# project.properties file.
-keepattributes *Annotation*
-keep public class com.google.vending.licensing.ILicensingService
-keep public class com.android.vending.licensing.ILicensingService
# For native methods, see http://proguard.sourceforge.net/manual/examples.html#native
-keepclasseswithmembernames class * {
native <methods>;
}
# keep setters in Views so that animations can still work.
# see http://proguard.sourceforge.net/manual/examples.html#beans
-keepclassmembers public class * extends android.view.View {
void set*(***);
*** get*();
}
# We want to keep methods in Activity that could be used in the XML attribute onClick
-keepclassmembers class * extends android.app.Activity {
public void *(android.view.View);
}
# For enumeration classes, see http://proguard.sourceforge.net/manual/examples.html#enumerations
-keepclassmembers enum * {
public static **[] values();
public static ** valueOf(java.lang.String);
}
-keep class * implements android.os.Parcelable {
public static final android.os.Parcelable$Creator *;
}
-keepclassmembers class **.R$* {
public static <fields>;
}
# The support library contains references to newer platform versions.
# Don't warn about those in case this app is linking against an older
# platform version. We know about them, and they are safe.
-dontwarn android.support.**
将runProguard设置为true,gradle混淆编译:
./gradlew assembleRelease
语法
# -------------------------------------
# android 原始混淆模板
# -------------------------------------
# ----------------------------------
# 通过指定数量的优化能执行
# -optimizationpasses n
# ----------------------------------
-optimizationpasses 5
# ----------------------------------
# 混淆时不会产生形形色色的类名
# -dontusemixedcaseclassnames
# ----------------------------------
#-dontusemixedcaseclassnames
# ----------------------------------
# 指定不去忽略非公共的库类
# -dontskipnonpubliclibraryclasses
# ----------------------------------
#-dontskipnonpubliclibraryclasses
# ----------------------------------
# 不预校验
# -dontpreverify
# ----------------------------------
# -dontpreverify
# ----------------------------------
# 输出生成信息
# -verbose
# ----------------------------------
-verbose
# ----------------------------------
# 优化选项
# optimizations {optimization_filter}
# ----------------------------------
-optimizations !code/simplification/arithmetic,!field/*,!class/merging/*
-keep public class * extends android.app.Activity
-keep public class * extends android.app.Application
-keep public class * extends android.app.Service
-keep public class * extends android.content.BroadcastReceiver
-keep public class * extends android.content.ContentProvider
-keep public class * extends android.app.backup.BackupAgentHelper
-keep public class * extends android.preference.Preference
-keep public class com.android.vending.licensing.ILicensingService
-keepclasseswithmembernames class * {
native <methods>;
}
# -----------------
# modify 修改合并
# -----------------
-keep public class * extends android.view.View {
public <init>(android.content.Context);
public <init>(android.content.Context, android.util.AttributeSet);
public <init>(android.content.Context, android.util.AttributeSet, int);
public void set*(...);
}
-keepclassmembers enum * {
public static **[] values();
public static ** valueOf(java.lang.String);
}
-keep class * implements android.os.Parcelable {
public static final android.os.Parcelable$Creator *;
}
#--------------------------
# 保护类型 -keepattributes 说明
# Exceptions, Signature, Deprecated, SourceFile, SourceDir, LineNumberTable, LocalVariableTable,
# LocalVariableTypeTable, Synthetic, EnclosingMethod, RuntimeVisibleAnnotations, RuntimeInvisibleAnnotations,
# RuntimeVisibleParameterAnnotations, RuntimeInvisibleParameterAnnotations, and AnnotationDefault
# --------------------
-keepattributes **
-libraryjars <java.home>/lib/rt.jar
# ----------------------
# 不压缩指定的文件
# -dontshrink
# ----------------------
-dontshrink
# ----------------------
# 不优化指定的文件
# -dontoptimize
# -----------------------
-dontoptimize
# -----------------------
# 不混淆指定的文件
# -dontobfuscate
# -----------------------
# ----- 混淆包路径 -------
-repackageclasses ''
-flattenpackagehierarchy ''
-target 1.6
# -------- 以下是使用了 roboguice-1.1.2.jar 以及 guice-2.0-no_app.jar 功能需要保护的字段及类相关 --------
-keep class com.google.inject.Binder
-keepclassmembers class * {
@com.google.inject.Inject <init>(...);
}
-keepclassmembers class * {
void *(**On*Event);
}
-keepclassmembers class **.R$* {
public static <fields>;
}
# ------ 编译时需要用到的 jar 包
-libraryjars D:/dev_rc/android-sdk-windows/add-ons/addon_google_apis_google_inc_11/libs/maps.jar
# ------ 保护 谷歌第三方 jar 包,界面特效 ----------
-keep class android.support.v4.**
-dontwarn android.support.v4.**
# ------ 保护百度地址jar包 --------
-keep class com.baidu.mapapi.** { *; }
-dontwarn com.baidu.mapapi.**
# --- 打包时忽略以下类的警告 --
-dontwarn com.classpackage.AA
#-keepnames class * implements java.io.Serializable
# ---------保护所有实体中的字段名称----------
-keepclassmembers class * implements java.io.Serializable {
<fields>;
}
# --------- 保护类中的所有方法名 ------------
-keepclassmembers class * {
public <methods>;
}
更多可查看:http://proguard.sourceforge.net/index.html#manual/examples.html
-keep {Modifier} {class_specification} 保护指定的类文件和类的成员
-keepclassmembers {modifier} {class_specification} 保护指定类的成员,如果此类受到保护他们会保护的更好
-keepclasseswithmembers {class_specification} 保护指定的类和类的成员,但条件是所有指定的类和类成员是要存在。
-keepnames {class_specification} 保护指定的类和类的成员的名称(如果他们不会压缩步骤中删除)
-keepclassmembernames {class_specification} 保护指定的类的成员的名称(如果他们不会压缩步骤中删除)
-keepclasseswithmembernames {class_specification} 保护指定的类和类的成员的名称,如果所有指定的类成员出席(在压缩步骤之后)
-printseeds {filename} 列出类和类的成员-keep选项的清单,标准输出到给定的文件
#压缩
-dontshrink 不压缩输入的类文件
-printusage {filename}
-whyareyoukeeping {class_specification}
#优化
-dontoptimize 不优化输入的类文件
-assumenosideeffects {class_specification} 优化时假设指定的方法,没有任何副作用
-allowaccessmodification 优化时允许访问并修改有修饰符的类和类的成员
#混淆
-dontobfuscate 不混淆输入的类文件
-obfuscationdictionary {filename} 使用给定文件中的关键字作为要混淆方法的名称
-overloadaggressively 混淆时应用侵入式重载
-useuniqueclassmembernames 确定统一的混淆类的成员名称来增加混淆
-flattenpackagehierarchy {package_name} 重新包装所有重命名的包并放在给定的单一包中
-repackageclass {package_name} 重新包装所有重命名的类文件中放在给定的单一包中
-dontusemixedcaseclassnames 混淆时不会产生形形色色的类名
-keepattributes {attribute_name,...} 保护给定的可选属性,例如LineNumberTable, LocalVariableTable, SourceFile, Deprecated, Synthetic, Signature, and InnerClasses.
-renamesourcefileattribute {string} 设置源文件中给定的字符串常量
后面的文件名,类名,或者包名等可以使用占位符代替
?表示一个字符
可以匹配多个字符,但是如果是一个类,不会匹配其前面的包*] 可以匹配多个字符,会匹配前面的包名。
在android中在android Manifest文件中的activity,service,provider, receviter,等都不能进行混淆。一些在xml中配置的view也不能进行混淆,android提供的默认配置中都有。
混淆的输出文件及用处
混淆之后,会给我们输出一些文件,在gradle方式下是在/build/proguard/目录下,ant是在/bin/proguard目录,eclipse构建在/proguard目录像。
分别有以下文件:
+ dump.txt 描述apk文件中所有类文件间的内部结构。
+ mapping.txt 列出了原始的类,方法,和字段名与混淆后代码之间的映射。
+ seeds.txt 列出了未被混淆的类和成员
+ usage.txt 列出了从apk中删除的代码
当我们发布的release版本的程序出现bug时,可以通过以上文件(特别时mapping.txt)文件找到错误原始的位置,进行bug修改。同时,可能一开始的proguard配置有错误,也可以通过错误日志,根据这些文件,找到哪些文件不应该混淆,从而修改proguard的配置。
一些常用包的混淆配置
sharesdk混淆注意
-keep class android.net.http.SslError
-keep class android.webkit.**{*;}
-keep class cn.sharesdk.**{*;}
-keep class com.sina.**{*;}
-keep class m.framework.**{*;}
Gson混淆配置
-keepattributes *Annotation*
-keep class sun.misc.Unsafe { *; }
-keep class com.idea.fifaalarmclock.entity.***
-keep class com.google.gson.stream.** { *; }
Umeng sdk混淆配置
-keepclassmembers class * {
public <init>(org.json.JSONObject);
}
-keep class com.umeng.**
-keep public class com.idea.fifaalarmclock.app.R$*{
public static final int *;
}
-keep public class com.umeng.fb.ui.ThreadView {
}
-dontwarn com.umeng.**
-dontwarn org.apache.commons.**
-keep public class * extends com.umeng.**
-keep class com.umeng.** {*; }