程序猿经过漫长的项目开发之后,终于迎来了项目上线的曙光,这最后的一步就是APK代码混淆。代码混淆不仅仅能减少apk的体积,同时更是对我们劳动成果的保护、软件著作的尊重。混淆之后,一方面增加了被恶意破解、逆向解析的难度,另一方面也降低了代码的可阅读性,提高了软件的安全性。那么我们如何进行代码混淆配置呢?
大致分为两步:
第一步:在app下的build.gradle文件中进行配置;
第二步:在app下的proguard-rules.pro文件中进行混淆与防混淆的规则配置;
build.gradle文件中的配置:
主要修改buildTypes下的release中的配置,即正式打包的配置。
也可以进行debug测试的配置,这里不再赘述。
buildTypes {
release {
// 移除无用的resource文件
shrinkResources
true
// 是否进行zipAlign优化
zipAlignEnabled
true
// 是否进行混淆
minifyEnabled
true
// 签名配置
signingConfig
signingConfigs.debug
// 加载混淆文件
proguardFiles getDefaultProguardFile(
'proguard-android.txt'
),
'proguard-rules.pro'
}
......
}
proguard-rules.pro文件中的混淆与防混淆的规则配置:
在APK代码混淆中,有些代码混淆之后会出现异常(比如jni调用,本身就是根据包名去调用的,如果混淆了就会NotFoundMethod。另外还有集成的三方框架等),所以要在这里进行防混淆的规则配置。
注:以下规则配置为多个项目整合,包含自定义View、Application,微信,支付宝,
极光推送等。(少写可能会报错,多写目前没有发现问题)
# Add project specific ProGuard rules here.
# By default, the flags in this file are appended to flags specified
# in C:\Users\ZQZY-102\AppData\Local\Android\Sdk/tools/proguard/proguard-android.txt
# You can edit the include path and order by changing the proguardFiles
# directive in build.gradle.
#
# For more details, see
# Add any project specific keep options here:
# If your project uses WebView with JS, uncomment the following
# and specify the fully qualified class name to the JavaScript interface
# class:
#-keepclassmembers class fqcn.of.javascript.interface.for.webview {
# public *;
#}
#指定代码的压缩级别
-optimizationpasses
5
#包明不混合大小写
-dontusemixedcaseclassnames
#不去忽略非公共的库类
-dontskipnonpubliclibraryclasses
#优化 不优化输入的类文件
-dontoptimize
#预校验
-dontpreverify
#混淆时是否记录日志
-verbose
-printmapping
proguardMapping.txt
# 混淆时所采用的算法
-optimizations
!code/simplification/arithmetic,!field/*,!class/merging/*
#保护注解
-keepattributes
*Annotation*
-keepattributes
*Annotation*,InnerClasses
-keepattributes
Exceptions,InnerClasses
-keepattributes
Signature
-keepattributes
SourceFile,LineNumberTable
# 保持哪些类不被混淆
-keep
public class * extends android.app.Fragment
-keep
public class * extends android.app.Activity
-keep
public class * extends android.app.FragmentActivity
-keep
public class * extends android.app.Application
-keep
public class * extends android.app.MultiDexApplication
-keep
public class * extends android.app.Service
-keep
public class * extends android.content.BroadcastReceiver
-keep
public class * extends android.content.ContentProvider
-keep
public class * extends android.app.backup.BackupAgentHelper
-keep
public class * extends android.preference.Preference
-keep
public class com.android.vending.licensing.ILicensingService
#如果有引用v4包可以添加下面这行
-keep
public class * extends android.support.v4.app.Fragment
#忽略警告
-ignorewarning
##记录生成的日志数据,gradle build时在本项目根目录输出##
#apk 包内所有 class 的内部结构
-dump
proguard/class_files.txt
#未混淆的类和成员
-printseeds
proguard/seeds.txt
#列出从 apk 中删除的代码
-printusage
proguard/unused.txt
#混淆前后的映射
-printmapping
proguard/mapping.txt
########记录生成的日志数据,gradle build时 在本项目根目录输出-end######
#如果引用了v4或者v7包
-dontwarn
android.support.**
#保持 native 方法不被混淆
-keepclasseswithmembernames
class * {
native <methods>;
}
#保持自定义控件类不被混淆
-keepclasseswithmembers
class * {
public <init>(android.content.Context, android.util.AttributeSet);
}
#保持自定义控件类不被混淆
-keepclassmembers
class * extends android.app.Activity {
public void *(android.view.View);
}
-keep
public class * extends android.view.View {
public <init>(android.content.Context);
public <init>(android.content.Context, android.util.AttributeSet);
public <init>(android.content.Context, android.util.AttributeSet, int);
public void set*(...);
}
#保持 Parcelable 不被混淆
-keep
class * implements android.os.Parcelable {
public static final android.os.Parcelable$Creator *;
}
-keepnames
class * implements android.os.Parcelable {
public static final ** CREATOR;
}
#保持 Serializable 不被混淆
-keepnames
class * implements java.io.Serializable
#保持 Serializable 不被混淆并且enum 类也不被混淆
-keepclassmembers
class * implements java.io.Serializable {
static final long serialVersionUID;
private static final java.io.ObjectStreamField[] serialPersistentFields;
!static !transient <fields>;
!private <fields>;
!private <methods>;
private void writeObject(java.io.ObjectOutputStream);
private void readObject(java.io.ObjectInputStream);
java.lang.Object writeReplace();
java.lang.Object readResolve();
}
#保持枚举 enum 类不被混淆
-keepclassmembers
enum * {
public static **[] values();
public static ** valueOf(java.lang.String);
}
-keepclassmembers
class * {
public void *ButtonClicked(android.view.View);
}
#不混淆资源类
-keepclassmembers
class **.R$* {
public static <fields>;
}
#v4
-dontwarn
android.support.v4.**
-keep
class android.support.v4.** {
*;
}
-keep
interface android.support.v4.app.** {
*;
}
-keep
public class * extends android.support.v4.**
-keep
public class * extends android.app.Fragment
#避免混淆泛型 如果混淆报错建议关掉
#-keepattributes Signature
#移除Log类打印各个等级日志的代码,打正式包的时候可以做为禁log使用,这里可以作为禁止log打印的功能使用,另外的一种实现方案是通过BuildConfig.DEBUG的变量来控制
#-assumenosideeffects class android.util.Log {
# public static *** v(...);
# public static *** i(...);
# public static *** d(...);
# public static *** w(...);
# public static *** e(...);
#}
#############################################################################################
######################## 以上通用 ##################################
#############################################################################################
####################### 第三方模块的混淆选项 ###################################
#webview
-dontwarn
android.webkit.WebView
-keepclassmembers
class fqcn.of.javascript.interface.for.Webview {
public *;
}
-keepclassmembers
class * extends android.webkit.WebViewClient {
public void *(android.webkit.WebView, java.lang.String, android.graphics.Bitmap);
public boolean *(android.webkit.WebView, java.lang.String);
}
-keepclassmembers
class * extends android.webkit.WebViewClient {
public void *(android.webkit.WebView, jav.lang.String);
}
#自定义view(修改为项目包名)
-keep
class com.k12.customview.** {
*;
}
#application(修改为项目包名)
-keep
class com.k12.global.MyApplication {
*;
}
#gson
#如果用用到Gson解析包的,直接添加下面这几行就能成功混淆,不然会报错。
-keepattributes
Signature
# Gson specific classes
-keep
class sun.misc.Unsafe {
*;
}
# Application classes that will be serialized/deserialized over Gson
-keep
class com.google.gson.** {
*;
}
-keep
class com.google.gson.stream.** {
*;
}
-keep
class com.idea.fifaalarmclock.entity.***
#EventBus
-keepattributes
*Annotation*
-keepclassmembers
class ** {
@org.greenrobot.eventbus.Subscribe <methods>;
}
-keep
enum org.greenrobot.eventbus.ThreadMode {
*;
}
# Only required if you use AsyncExecutor
-keepclassmembers
class * extends org.greenrobot.eventbus.util.ThrowableFailureEvent {
<init>(Java.lang.Throwable);
}
# 如果使用了Gson之类的工具要使被它解析的JavaBean类即实体类不被混淆。
-keep
class com.matrix.app.entity.json.** {
*;
}
#Glide
-keep
public class * implements com.bumptech.glide.module.GlideModule
-keep
public enum com.bumptech.glide.load.resource.bitmap.ImageHeaderParser$** {
**[] $VALUES;
public *;
}
#butterknife
-keep
class butterknife.** {
*;
}
-dontwarn
butterknife.internal.**
-keep
class **$$ViewBinder {
*;
}
-keepclasseswithmembernames
class * {
@butterknife.* <fields>;
}
-keepclasseswithmembernames
class * {
@butterknife.* <methods>;
}
#fastjson
-keep
class javax.ws.rs.** {
*;
}
-dontwarn
com.alibaba.fastjson.**
-keep
class com.alibaba.fastjson.** {
*;
}
-keepclassmembers
class * implements java.io.Serializable {
static final long serialVersionUID;
private static final java.io.ObjectStreamField[] serialPersistentFields;
private void writeObject(java.io.ObjectOutputStream);
private void readObject(java.io.ObjectInputStream);
java.lang.Object writeReplace();
java.lang.Object readResolve();
public <fields>;
}
-keepattributes
Signature
#ormlite
-keepattributes
*Annotation*
-keep
class com.j256.ormlite.** {
*;
}
-dontwarn
com.j256.ormlite.android.**
-dontwarn
com.j256.ormlite.dao.**
-dontwarn
com.j256.ormlite.db.**
-dontwarn
com.j256.ormlite.field.**
-dontwarn
com.j256.ormlite.logger.**
-dontwarn
com.j256.ormlite.misc.**
-dontwarn
com.j256.ormlite.stmt.**
-dontwarn
com.j256.ormlite.support.**
-dontwarn
com.j256.ormlite.table.**
#picasso
-keepattributes
SourceFile,LineNumberTable
-keep
class com.parse.*{
*;
}
-dontwarn
com.parse.**
-dontwarn
com.squareup.picasso.**
-keepclasseswithmembernames
class * {
native <methods>;
}
#okio
-dontwarn
okio.**
#retrofit2
-dontwarn
retrofit2.**
-keep
class retrofit2.** {
*;
}
-keepattributes
Signature
-keepattributes
Exceptions
#融云混淆
-keepattributes
Exceptions,InnerClasses
-keepattributes
Signature
# RongCloud SDK
-keep
class io.rong.** {
*;
}
-keep
class * implements io.rong.imlib.model.MessageContent {
*;
}
-dontwarn
io.rong.push.**
-dontnote
com.xiaomi.**
-dontnote
com.google.android.gms.gcm.**
-dontnote
io.rong.**
-keep
class com.yichengshuji.rongcloud.SealNotificationReceiver {
*;
}
# VoIP
-keep
class io.agora.rtc.** {
*;
}
# Location
-keep
class com.amap.api.**{
*;
}
-keep
class com.amap.api.services.**{
*;
}
# 红包
-keep
class com.google.gson.** {
*;
}
-keep
class com.uuhelper.Application.** {
*;
}
-keep
class net.sourceforge.zbar.** {
*;
}
-keep
class com.google.android.gms.** {
*;
}
-keep
class com.alipay.** {
*;
}
-keep
class com.jrmf360.rylib.** {
*;
}
-ignorewarnings
#友盟防混淆
-dontusemixedcaseclassnames
-dontshrink
-dontoptimize
-dontwarn
com.google.android.maps.**
-dontwarn
android.webkit.WebView
-dontwarn
com.umeng.**
-dontwarn
com.tencent.weibo.sdk.**
-dontwarn
com.facebook.**
-keep
public class javax.**
-keep
public class android.webkit.**
-dontwarn
android.support.v4.**
-keep
enum com.facebook.**
-keepattributes
Exceptions,InnerClasses,Signature
-keepattributes
*Annotation*
-keepattributes
SourceFile,LineNumberTable
-keep
public interface com.facebook.**
-keep
public interface com.tencent.**
-keep
public interface com.umeng.socialize.**
-keep
public interface com.umeng.socialize.sensor.**
-keep
public interface com.umeng.scrshot.**
-keep
class com.android.dingtalk.share.ddsharemodule.** {
*;
}
-keep
public class com.umeng.socialize.* {
*;
}
-keep
class com.facebook.**
-keep
class com.facebook.** {
*;
}
-keep
class com.umeng.scrshot.**
-keep
public class com.tencent.** {
*;
}
-keep
class com.umeng.socialize.sensor.**
-keep
class com.umeng.socialize.handler.**
-keep
class com.umeng.socialize.handler.*
-keep
class com.umeng.weixin.handler.**
-keep
class com.umeng.weixin.handler.*
-keep
class com.umeng.qq.handler.**
-keep
class com.umeng.qq.handler.*
-keep
class UMMoreHandler{
*;
}
-keep
class com.tencent.mm.sdk.modelmsg.WXMediaMessage {
*;
}
-keep
class com.tencent.mm.sdk.modelmsg.** implements com.tencent.mm.sdk.modelmsg.WXMediaMessage$IMediaObject {
*;
}
-keep
class im.yixin.sdk.api.YXMessage {
*;
}
-keep
class im.yixin.sdk.api.** implements im.yixin.sdk.api.YXMessage$YXMessageData{
*;
}
-keep
class com.tencent.mm.sdk.** {
*;
}
-keep
class com.tencent.mm.opensdk.** {
*;
}
-dontwarn
twitter4j.**
-keep
class twitter4j.** {
*;
}
-keep
class com.tencent.** {
*;
}
-dontwarn
com.tencent.**
public static final int *;
}
-keep
public class com.linkedin.android.mobilesdk.R$*{
public static final int *;
}
-keepclassmembers
enum * {
public static **[] values();
public static ** valueOf(java.lang.String);
}
-keep
class com.tencent.open.TDialog$*
-keep
class com.tencent.open.TDialog$* {
*;
}
-keep
class com.tencent.open.PKDialog
-keep
class com.tencent.open.PKDialog {
*;
}
-keep
class com.tencent.open.PKDialog$*
-keep
class com.tencent.open.PKDialog$* {
*;
}
-keep
class com.sina.** {
*;
}
-dontwarn
com.sina.**
-keep
class com.alipay.share.sdk.** {
*;
}
-keepnames
class * implements android.os.Parcelable {
public static final ** CREATOR;
}
-keep
class com.linkedin.** {
*;
}
-keepattributes
Signature
#高德定位
-keep
class com.amap.api.location.**{
*;
}
-keep
class com.amap.api.fence.**{
*;
}
-keep
class com.autonavi.aps.amapapi.model.**{
*;
}
#3D 地图 V5.0.0之前:
-keep
class com.amap.api.maps.**{
*;
}
-keep
class com.autonavi.amap.mapcore.*{
*;
}
-keep
class com.amap.api.trace.**{
*;
}
#3D 地图 V5.0.0之后:
-keep
class com.amap.api.maps.**{
*;
}
-keep
class com.autonavi.**{
*;
}
-keep
class com.amap.api.trace.**{
*;
}
#定位
-keep
class com.amap.api.location.**{
*;
}
-keep
class com.amap.api.fence.**{
*;
}
-keep
class com.autonavi.aps.amapapi.model.**{
*;
}
#搜索
-keep
class com.amap.api.services.**{
*;
}
#2D地图
-keep
class com.amap.api.maps2d.**{
*;
}
-keep
class com.amap.api.mapcore2d.**{
*;
}
#导航
-keep
class com.amap.api.navi.**{
*;
}
-keep
class com.autonavi.**{
*;
}
#高德补充
-dontwarn
com.amap.api.**
-dontwarn
com.a.a.**
-dontwarn
com.autonavi.**
-dontwarn
com.amap.apis.**
-keep
class com.amap.api.** {
*;
}
-keep
class com.a.a.** {
*;
}
-keep
class com.amap.apis.** {
*;
}
#个推
-dontwarn
com.igexin.**
-keep
class com.igexin.** {
*;
}
-keep
class org.json.** {
*;
}
#其他
-dontwarn
com.amazon.**
-keep
class com.amazon.** {
*;
}
-keepattributes
*Annotation*
-dontoptimize
-dontshrink
-keep
class org.apache.** {
*;
}
-keepclasseswithmembernames
class * {
native <methods>;
}
-dontskipnonpubliclibraryclasses
#为了不报错,下边是自己加的,可以删除
#-dontwarn io.rong.imkit.**
#-dontwarn com.loc.ad.**
#-keep class com.amap.api.** { *; }
#欢
#RxJava RxAndroid
-dontwarn
sun.misc.**
-keepclassmembers
class rx.internal.util.unsafe.*ArrayQueue*Field* {
long producerIndex;
long consumerIndex;
}
-keepclassmembers
class rx.internal.util.unsafe.BaseLinkedQueueProducerNodeRef {
rx.internal.util.atomic.LinkedQueueNode producerNode;
}
-keepclassmembers
class rx.internal.util.unsafe.BaseLinkedQueueConsumerNodeRef {
rx.internal.util.atomic.LinkedQueueNode consumerNode;
}
#greenDao
-keepclassmembers
class * extends org.greenrobot.greendao.AbstractDao {
public static java.lang.String TABLENAME;
}
-keep
class **$Properties
# If you do not use SQLCipher:
-dontwarn
org.greenrobot.greendao.database.**
# If you do not use Rx:
-dontwarn
rx.**
# ProGuard configurations for NetworkBench Lens
#ActivityRouter
-keep
class com.github.mzule.activityrouter.router.** {
*;
}
#nineoldandroids
-keep
class com.nineoldandroids.** {
*;
}
#menu
-keep
class !android.support.v7.internal.view.menu.**,** {
*;
}
#okhttp
-dontwarn
okhttp3.**
-dontwarn
okio.**
-dontwarn
okio.**
#极光推送
-dontoptimize
-dontpreverify
-dontwarn
cn.jpush.**
-keep
class cn.jpush.** {
*;
}
-keep
class * extends cn.jpush.android.helpers.JPushMessageReceiver {
*;
}
-dontwarn
cn.jiguang.**
-keep
class cn.jiguang.** {
*;
}
-dontwarn
com.google.**
-keep
class com.google.gson.** {
*;
}
-keep
class com.google.protobuf.** {
*;
}
#支付宝支付
-keep
class com.alipay.android.app.IAlixPay{
*;
}
-keep
class com.alipay.android.app.IAlixPay$Stub{
*;
}
-keep
class com.alipay.android.app.IRemoteServiceCallback{
*;
}
-keep
class com.alipay.android.app.IRemoteServiceCallback$Stub{
*;
}
-keep
class com.alipay.sdk.app.PayTask{
public *;
}
-keep
class com.alipay.sdk.app.AuthTask{
public *;
}
-keep
class com.alipay.sdk.app.H5PayCallback {
<fields>;
<methods>;
}
-keep
class com.alipay.android.phone.mrpc.core.** {
*;
}
-keep
class com.alipay.apmobilesecuritysdk.** {
*;
}
-keep
class com.alipay.mobile.framework.service.annotation.** {
*;
}
-keep
class com.alipay.mobilesecuritysdk.face.** {
*;
}
-keep
class com.alipay.tscenter.biz.rpc.** {
*;
}
-keep
class org.json.alipay.** {
*;
}
-keep
class com.alipay.tscenter.** {
*;
}
-keep
class com.ta.utdid2.** {
*;
}
-keep
class com.ut.device.** {
*;
}
#微信支付
-keep
class com.tencent.mm.opensdk.** {
*;
}
-keep
class com.tencent.wxop.** {
*;
}
-keep
class com.tencent.mm.sdk.** {
*;
}
# --------------------------------------------------------------------------
# Addidional for x5.sdk classes for apps
-keep
class com.tencent.smtt.export.external.**{
*;
}
-keep
class com.tencent.tbs.video.interfaces.IUserStateChangedListener {
*;
}
-keep
class com.tencent.smtt.sdk.CacheManager {
public *;
}
-keep
class com.tencent.smtt.sdk.CookieManager {
public *;
}
-keep
class com.tencent.smtt.sdk.WebHistoryItem {
public *;
}
-keep
class com.tencent.smtt.sdk.WebViewDatabase {
public *;
}
-keep
class com.tencent.smtt.sdk.WebBackForwardList {
public *;
}
-keep
public class com.tencent.smtt.sdk.WebView {
public <fields>;
public <methods>;
}
-keep
public class com.tencent.smtt.sdk.WebView$HitTestResult {
public static final <fields>;
public java.lang.String getExtra();
public int getType();
}
-keep
public class com.tencent.smtt.sdk.WebView$WebViewTransport {
public <methods>;
}
-keep
public class com.tencent.smtt.sdk.WebView$PictureListener {
public <fields>;
public <methods>;
}
-keepattributes
InnerClasses
-keep
public enum com.tencent.smtt.sdk.WebSettings$** {
*;
}
-keep
public enum com.tencent.smtt.sdk.QbSdk$** {
*;
}
-keep
public class com.tencent.smtt.sdk.WebSettings {
public *;
}
-keepattributes
Signature
-keep
public class com.tencent.smtt.sdk.ValueCallback {
public <fields>;
public <methods>;
}
-keep
public class com.tencent.smtt.sdk.WebViewClient {
public <fields>;
public <methods>;
}
-keep
public class com.tencent.smtt.sdk.DownloadListener {
public <fields>;
public <methods>;
}
-keep
public class com.tencent.smtt.sdk.WebChromeClient {
public <fields>;
public <methods>;
}
-keep
public class com.tencent.smtt.sdk.WebChromeClient$FileChooserParams {
public <fields>;
public <methods>;
}
-keep
class com.tencent.smtt.sdk.SystemWebChromeClient{
public *;
}
# 1. extension interfaces should be apparent
-keep
public class com.tencent.smtt.export.external.extension.interfaces.* {
public protected *;
}
# 2. interfaces should be apparent
-keep
public class com.tencent.smtt.export.external.interfaces.* {
public protected *;
}
-keep
public class com.tencent.smtt.sdk.WebViewCallbackClient {
public protected *;
}
-keep
public class com.tencent.smtt.sdk.WebStorage$QuotaUpdater {
public <fields>;
public <methods>;
}
-keep
public class com.tencent.smtt.sdk.WebIconDatabase {
public <fields>;
public <methods>;
}
-keep
public class com.tencent.smtt.sdk.WebStorage {
public <fields>;
public <methods>;
}
-keep
public class com.tencent.smtt.sdk.DownloadListener {
public <fields>;
public <methods>;
}
-keep
public class com.tencent.smtt.sdk.QbSdk {
public <fields>;
public <methods>;
}
-keep
public class com.tencent.smtt.sdk.QbSdk$PreInitCallback {
public <fields>;
public <methods>;
}
-keep
public class com.tencent.smtt.sdk.CookieSyncManager {
public <fields>;
public <methods>;
}
-keep
public class com.tencent.smtt.sdk.Tbs* {
public <fields>;
public <methods>;
}
-keep
public class com.tencent.smtt.utils.LogFileUtils {
public <fields>;
public <methods>;
}
-keep
public class com.tencent.smtt.utils.TbsLog {
public <fields>;
public <methods>;
}
-keep
public class com.tencent.smtt.utils.TbsLogClient {
public <fields>;
public <methods>;
}
-keep
public class com.tencent.smtt.sdk.CookieSyncManager {
public <fields>;
public <methods>;
}
# Added for game demos
-keep
public class com.tencent.smtt.sdk.TBSGamePlayer {
public <fields>;
public <methods>;
}
-keep
public class com.tencent.smtt.sdk.TBSGamePlayerClient* {
public <fields>;
public <methods>;
}
-keep
public class com.tencent.smtt.sdk.TBSGamePlayerClientExtension {
public <fields>;
public <methods>;
}
-keep
public class com.tencent.smtt.sdk.TBSGamePlayerService* {
public <fields>;
public <methods>;
}
-keep
public class com.tencent.smtt.utils.Apn {
public <fields>;
public <methods>;
}
-keep
class com.tencent.smtt.** {
*;
}
# end
#------------------ 下方是共性的排除项目 ----------------
# 方法名中含有“JNI”字符的,认定是Java Native Interface方法,自动排除
# 方法名中含有“JRI”字符的,认定是Java Reflection Interface方法,自动排除
-keepclasseswithmembers
class * {
... *JNI*(...);
}
-keepclasseswithmembernames
class * {
... *JRI*(...);
}
-keep
class **JNI* {
*;
}