参考资料:
https://mp.weixin.qq.com/s?src=11×tamp=1559011203&ver=1633&signature=cJ77-Tq4Ff7D8XgEXRUv3VE8L4t-LKfYRenM69nV72taW15NmYFeP7U8aKmRgJqQ7ZvOFrMBk4lpLfGexuEOjThCHZ62IZU91aEVU5ZFCVUp6gj01xmp-I0ybOfRffD9&new=1
https://www.zhihu.com/question/24027474/answer/370741770
https://www.zhihu.com/question/33184477#answer-17942697
Android官网
The ProGuard tool shrinks, optimizes, and obfuscates your code by removing unused code and renaming classes, fields, and methods with semantically obscure names. The result is a smaller sized .apk file that is more difficult to reverse engineer.
Proguard通过移除无用的代码、使用语义学上晦涩的名字去重命名类、方法、变量来压缩、优化以及混淆代码。然后就可以得到一个更小的apk文件同时它更难被逆向(破解)。Proguard官网
ProGuard is a Java class file shrinker, optimizer, obfuscator, and preverifier. The shrinking step detects and removes unused classes, fields, methods, and attributes. The optimization step analyzes and optimizes the bytecode of the methods. The obfuscation step renames the remaining classes, fields, and methods using short meaningless names. These first steps make the code base smaller, more efficient, and harder to reverse-engineer.
Proguard是一个Java类文件压缩器、优化器、混淆器、预校验器。压缩环节会检测以及移除没有用到的类、字段、方法以及属性。优化环节会分析以及优化方法的字节码。混淆环节会用无意义的短变量去重命名类、变量、方法。这些步骤让代码更精简,更高效,也更难被逆向(破解)。四个步骤(预检验是针对J2ME以及Java 6的,对Android无用)
- android混淆文件放置
编辑项目下的build.gradle文件
buildTypes {
release {
minifyEnabled true
proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.pro'
signingConfig signingConfigs.eros
manifestPlaceholders = [
GETUI_APP_ID : GETUI_APPID,
GETUI_APP_KEY : GETUI_APPKEY,
GETUI_APP_SECRET: GETTUI_APPSECRET,
APP_ID : APPLICATION_ID
]
}
debug {
minifyEnabled true
proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.pro'
signingConfig signingConfigs.eros
manifestPlaceholders = [
GETUI_APP_ID : GETUI_APPID,
GETUI_APP_KEY : GETUI_APPKEY,
GETUI_APP_SECRET: GETTUI_APPSECRET,
APP_ID : APPLICATION_ID
]
}
}
混淆内容
- 避免混淆泛型 –keepattributes Signature
- 排除反射、序列化(Parcelable,Serializable)相关的类
- JNI 方法
- AndroidManifest.xml 中配置的类(Application、Activity、Service、ContentProvider、BroadcastReceiver等)
这些类的名字不能混淆,混淆后xml文件中相关的类找不到它们了。类里面的一些方法,变量是可以混淆的。
- R文件
-keep class **.R$* { *; }
- 自定义view
-keep public class * extends android.view.View {
*** get*();
void set*(***);
public <init>(android.content.Context);
public <init>(android.content.Context, android.util.AttributeSet);
public <init>(android.content.Context, android.util.AttributeSet, int);
}
- 保留行号的等信息方便崩溃之后还原日志,-renamesourcefileattribute SourceFile与-keepattributes SourceFile,LineNumberTable #输出错误信息行号等
- 第三方包需要按配置说明做相应混淆
(PUSH,登录,分享,网络库,图片库等)
混淆文件
默认混淆文件
proguard.config=${sdk.dir}/tools/proguard/proguard-android.txt:proguard-project.txt
该路径下的proguard-android.txt已经包含了Parcelable,JNI,R文件AndroidManifest.xml 中配置的类,自定义view。自定义混淆文件
一般再增加范型、反射相关的类、Serializable等-keep class XXX**{*;}
保留XXX开头的所有类不被混淆
单个*
表示匹配除.外的所有字符(个数不限制),两个**
表示匹配含.的所有字符。
比如
xx*
匹配xx222、xx2,但是不匹配xx2.2,而xx**
则匹配
-dontwarn [class_filter]
声明不输出那些未找到的引用和一些错误,但续混淆。配置中的class_filter 是一串正则表达式,被匹配到的类名相关的警告都不会被输出出来。-optimizationpasses n
指定执行几次优化,默认情况下,只执行一次优化。执行多次优化可以提高优化的效果,但是,如果执行过一次优化之后没有效果,就会停止优化,剩下的设置次数不再执行。这个选项只在 optimizate 阶段有效
# This is a configuration file for ProGuard.
# http://proguard.sourceforge.net/index.html#manual/usage.html
#
# This file is no longer maintained and is not used by new (2.2+) versions of the
# Android plugin for Gradle. Instead, the Android plugin for Gradle generates the
# default rules at build time and stores them in the build directory.
-dontusemixedcaseclassnames
-dontskipnonpubliclibraryclasses
-verbose
# Optimization is turned off by default. Dex does not like code run
# through the ProGuard optimize and preverify steps (and performs some
# of these optimizations on its own).
-dontoptimize
-dontpreverify
# Note that if you want to enable optimization, you cannot just
# include optimization flags in your own project configuration file;
# instead you will need to point to the
# "proguard-android-optimize.txt" file instead of this one from your
# project.properties file.
-keepattributes *Annotation*
-keep public class com.google.vending.licensing.ILicensingService
-keep public class com.android.vending.licensing.ILicensingService
# For native methods, see http://proguard.sourceforge.net/manual/examples.html#native
-keepclasseswithmembernames class * {
native <methods>;
}
# keep setters in Views so that animations can still work.
# see http://proguard.sourceforge.net/manual/examples.html#beans
-keepclassmembers public class * extends android.view.View {
void set*(***);
*** get*();
}
# We want to keep methods in Activity that could be used in the XML attribute onClick
-keepclassmembers class * extends android.app.Activity {
public void *(android.view.View);
}
# For enumeration classes, see http://proguard.sourceforge.net/manual/examples.html#enumerations
-keepclassmembers enum * {
public static **[] values();
public static ** valueOf(java.lang.String);
}
-keepclassmembers class * implements android.os.Parcelable {
public static final android.os.Parcelable$Creator CREATOR;
}
-keepclassmembers class **.R$* {
public static <fields>;
}
# The support library contains references to newer platform versions.
# Don't warn about those in case this app is linking against an older
# platform version. We know about them, and they are safe.
-dontwarn android.support.**
# Understand the @Keep support annotation.
-keep class android.support.annotation.Keep
-keep @android.support.annotation.Keep class * {*;}
-keepclasseswithmembers class * {
@android.support.annotation.Keep <methods>;
}
-keepclasseswithmembers class * {
@android.support.annotation.Keep <fields>;
}
-keepclasseswithmembers class * {
@android.support.annotation.Keep <init>(...);
}