An example of Android implementation code obfuscation
1. Introduction
Obfuscated code, also known as flower instructions, is a form of conversion to a computer program's code into a functionally equivalent but difficult to read and understand.
The purpose of confusion is to increase the cost of decompilation, but it cannot completely prevent decompilation.
2. How to enable confusion
Usually we need to find the file in the app directory under the project path, find the configuration minifyEnabled, and then set it to true, as follows:
release {
minifyEnabled true
proguardFiles getDefaultProguardFile(''), ''
}
3. What is proguard
This is the definition given by the official Java website:
ProGuard is a free Java Class file shrinker, optimizer, obfuscator, and preverifier. It detects and removes unused classes, fields, methods, and attributes. It optimizes bytecode and removes unused instructions. It renames the remaining classes, fields, and methods using short meaningless names. Finally, it preverifies the processed code for Java 6 or higher, or for Java Micro Edition.
effect:
- proguard is a tool that integrates file compression, optimization, obfuscation and verification functions, etc.
- Detect and delete useless classes, variables, methods and properties
- Optimize bytecode and delete useless instructions
- Confusion effect is achieved by renaming class names, variable names and method names to meaningless names
- Also check the processed code
4. Common sentences
-optimizationpasses 5
Code obfuscated compressed notes, between 0 and 7
-dontusemixedcaseclassnames
Class names are all lowercase after confusion
-dontskipnonpubliclibraryclasses
Don't ignore non-public libraries
-dontskipnonpubliclibraryclassmembers
Don't ignore members of non-public libraries
-dontpreverify
No pre-checking operation
-verbose -printmapping
Generate mapping files for the original class name and obfuscated class name
-optimizations !code/simplification/cast,!field/*,!class/merging/*
Algorithms used when specifying obfuscation
-keepattributes *Annotation*,InnerClasses
Not confusing annotations
-keepattributes Signature
Generics are not confusing
-keepattributes SourceFile,LineNumberTable
Keep the line number when an exception is thrown
The most used instructions
-keep class XXXX
Keep the class name unchanged, that is, the class name is not confused, and the member names in the class are not guaranteed. Of course, it can also inherit all class names of XXX class without confusion
-keepclasseswithmembers class XXXX
Keep the class name and member name, of course, it can also be specific methods in the class.
5. What are not confusing
- Elements used in reflection
- Entity classes related to network requests
- Elements using annotations
- Four major components
- Classes that interact with JS in WebView
- Enumeration
6. Obfuscated file writing
According to the above rules and basic statements, we divide the obfuscated file into two areas:
Customized areas: divided into entity categories, third parties, js-related, and reflection-related. They should be written according to the real situation of the project, and the details will be mentioned later;
Just copy the basic non-moving area directly.
#------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------#--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
#--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
#------------------------------------------------------------------------------------------------------------------------------
#--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
#------------------------------------------------------------------------------------------------------------------------------#-------------------------------------------------------------------------------------------------------------------------------optimizationpasses 5
-dontskipnonpubliclibraryclassmembers
-printmapping
-optimizations !code/simplification/cast,!field/*,!class/merging/*
-keepattributes *Annotation*,InnerClasses
-keepattributes Signature
-keepattributes SourceFile,LineNumberTable
#----------------------------------------------------------------------------
#---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------keep public class * extends
-keep public class * extends
-keep public class * extends
-keep public class * extends
-keep public class * extends
-keep public class * extends
-keep public class * extends
-keep public class * extends
-keep public class
-keep class .** {*;}
-keep public class * extends {
*** get*();
void set*(***);
public <init>();
public <init>(, );
public <init>(, , int);
}
-keepclasseswithmembers class * {
public <init>(, );
public <init>(, , int);
}
-keepclassmembers class * implements {
static final long serialVersionUID;
private static final [] serialPersistentFields;
private void writeObject();
private void readObject();
writeReplace();
readResolve();
}
-keep class **.R$* {
*;
}
-keepclassmembers class * {
void *(**On*Event);
}
#---------------------------------webview------------------------------------
-keepclassmembers class {
public *;
}
-keepclassmembers class * extends {
public void *(, , );
public boolean *(, );
}
-keepclassmembers class * extends {
public void *(, );
}
#------------------------------------------------------------------------------------
Entity Class:
-keep class The package where your entity class resides.* { ; }
Entity classes need to be retained because they involve interaction with the server, interactions of various gsons, etc. Pick out all the entity classes in your project and keep them with the above syntax.
If the entity classes are all in the same package, it is the same as above, which is very simple; if the entity classes are distributed under each package, I'm sorry, add them one by one.
Third-party package
You need to find all the added dependencies in the project file, and then go to the official website or github to find the corresponding obfuscation code and add it to our own obfuscation file.
If it is a jar package, it is like writing as follows
#log4j
-libraryjars log4j-1.2.
-dontwarn .log4j.**
-keep class .log4j.** { *;}
The general meaning is not to be confused or warn. If gradle reports an error, you can consider commenting out the sentence -libraryjars log4j-1.2.
Related to JS interaction
If not, you can skip
-keep class The package where your class resides.** { *; }
If it is an internal class, write it like this:
-keepclasseswithmembers class The package where your class resides.Parent class$Subclass { <methods>; }
Reflection related
No to skip
-keep class The package where your class resides.** { *; }
OK, that's fine, but the confusion is actually very simple!
If you have any questions, please leave a message or go to the community of this site to exchange and discuss. Thank you for reading. I hope it can help you. Thank you for your support for this site!