Confusion
studio uses Proguard for obfuscation, which is a tool for compressing, optimizing, and obfuscating Java bytecode files.
Functions: Shrinking (compression), Optimization (optimization), Obfuscattion (obfuscattion), and Preverification (pre-check).
advantage:
1. Delete useless resources of the project and effectively reduce the size of the apk;
2. Delete useless classes, class members, methods and attributes, and delete useless annotations to optimize bytecode files to the maximum extent;
3. Use a short and meaningless name to rename existing classes, methods, attributes, etc. to increase the difficulty of reverse engineering.
Configuration
buildTypes {
release {
// true - Open obfuscation minifyEnabled true
// true - Turn on resource compression shrinkResources true
// Used to set the planning path of Proguard; proguardFiles getDefaultProguardFile(''), '',
'../libModule/'
}
}
- : Among them is the system default obfuscation file, which is specifically in the directory ../sdk/tools/proguard/, which contains the most basic obfuscation of Android, and generally does not require any changes;
- : It is the rule we need to configure; if we want to configure obfuscation files of multiple modules, we only need to add commas and obfuscation file paths afterwards;
- Basic obfuscated configuration
# The code obfuscation compression ratio is between 0 and 7, and the default is 5, and no modification is generally made-optimizationpasses 5 #Do not use case mixing when mixing, the mixed class name is lowercase-dontusemixedcaseclassnames # Specify not to ignore classes that are not public libraries-dontskipnonpubliclibraryclasses # Specify not to ignore class members that are not public libraries-dontskipnonpubliclibraryclassmembers # This sentence can confuse our project and generate mapping files# Contains the mapping relationship of class names->obfuscated class names-verbose # No pre-checking, preverify is one of the four steps of proguard. Android does not need preverify. Remove this step can speed up the confusion.-dontpreverify # Keep Annotation without confusion This is very important when mapping JSON entities, such as fastJson-keepattributes *Annotation*,InnerClasses # Avoid confusion of generics-keepattributes Signature # Keep the line number when an exception is thrown-keepattributes SourceFile,LineNumberTable # Specify that obfuscation is used, and the following parameters are a filter# This filter is an algorithm recommended by Google and generally no changes are made-optimizations !code/simplification/cast,!field/*,!class/merging/* # Ignore warnings-ignorewarnings # Set whether to allow scope changes-allowaccessmodification # Confused the method names in the obfuscated class as well-useuniqueclassmembernames # The internal structure of all classes in the apk package-dump class_files.txt # Unconfused classes and members-printseeds seeds_txt # List the codes removed from the apk-printusage # Mapping before and after confusion-printmapping
Can't use obfuscation
1. For elements used in reflection, you need to ensure that the class name, method name, and attribute name remain unchanged, otherwise there will be problems with the reflection.
2. It is best not to confuse some bean classes
3. The four major components cannot be confused. The four major components must be registered and declared in the manifest. The class name will change after the confusion, which does not conform to the registration mechanism of the four major components.
-keep public class * extends -keep public class * extends -keep public class * extends -keep public class * extends -keep public class * extends -keep public class * extends -keep public class * extends -keep public class * extends . -keep public class * extends -keep public class * extends -keep public class
4. Annotations cannot be confused. In many scenarios, annotations are used to reflect some elements in progress.
-keepattributes *Annotation*
5. The value and valueOf methods in the enumeration cannot be confused, because these two methods are statically added to the code and will also be used reflectively, so these two methods cannot be confused. The application uses enumeration to add many methods, increasing the number of methods in the package, increasing the size of dex.
-keepclassmembers enum * {
public static **[] values();
public static ** valueOf();
}
6. When JNI calls Java methods, it needs to be formed by an address composed of class name and method name.
7. Java uses the Native method. Native is written in C/C++, and the methods cannot be confused together.
-keepclasseswithmembernames class * {
native <methods>;
}
8. JS calls Java methods
-keepattributes *JavascriptInterface*
9. The call method of JavaScript in Webview cannot be confused
Note: Which package is referenced by Webview?
-keepclassmembers class {
public *;
}
-keepclassmembers class * extends {
public void *(, , );
public boolean *(, );
}
-keepclassmembers class * extends {
public void *(, );
}
10. Third parties may recommend using their own confusion rules
11. The subclass of Parcelable and the static member variables of Creator are not confused, otherwise an exception will occur.
Serializable interface class deserialization:
-keep class * implements {
public static final $Creator *;
}
-keep class * implements {
public *;
}
-keepclassmembers class * implements {
static final long serialVersionUID;
private static final [] serialPersistentFields;
!static !transient <fields>;
private void writeObject();
private void readObject();
writeReplace();
readResolve();
}
12. Gson's serial number and deserialization are essentially used to obtain class parsing using reflection.
-keep class .** {*;}
-keep class {*;}
-keep class .** {*;}
-keep class .** {*;}
-keep class .** {
<fields>;
<methods>;
}
-dontwarn class .**
This is the end of this article about the detailed explanation of Android studio obfuscation configuration. For more related Android studio obfuscation content, please search for my previous articles or continue browsing the related articles below. I hope everyone will support me in the future!