The principle of proguard
from:http://www.eoeandroid.com/thread-209210-1-1.html
proguard principle
Java code is compiled into binary class file, this class file can also be decompiled into source code, except for comments, the original code is basically can be seen. In order to prevent important code from being leaked, we often need to obfuscate (Obfuscation code, that is, change the names of java elements such as methods, fields, packages and classes to meaningless names, so that the code structure does not change and can still run, but want to get It is difficult to understand the structure of the code. Proguard is such an obfuscation tool, it can analyze the structure of a group of classes, according to the user's configuration, and then obfuscate the obfuscated java element names of these class files. While analyzing the class, he There are two other functions, removing invalid code (Shrinking shrinking), and code optimization (Optimization Options).
By default, proguard will obfuscate all code, but the following cases cannot change the name of the java element, otherwise it will This will lead to program errors.
First, we use reflection.
Second, our code depends on the interface of the system, such as the callback method called by the system code. This situation is the most complicated.
Third, is our java element name It is configured in the configuration file.
So when using proguard, we need a configuration file to tell proguard that those java elements cannot be obfuscated. The most commonly used configuration option for
proguard configuration -dontwarn The default proguard will check whether each reference is correct, However, there are often unused classes in third-party libraries that are not properly referenced. If not configured, the system will report an error. The classes and class members specified by -keep are reserved as entry points.
-keepclassmembers Specified class members are preserved.
-keepclasseswithmembers Specified classes and class members are preserved, if the specified class members exist.
Although proguard problems and risk
code obfuscation have the benefits of obfuscation and optimization, it often brings the following problems
: 1. Obfuscation errors, when using third-party libraries, you must tell proguard not to check, otherwise proguard will report an error.
2. Running errors. When the code cannot be confused, we must configure it correctly, otherwise the program will run incorrectly, which is the most problematic situation.
3. Debugging is suffering, something goes wrong, the error stack is the obfuscated code, and I can't understand it myself.
In order to prevent confusion, you need to be familiar with all your code, the architecture of the system, and the integrated interface between the system and your code, and analyze it carefully. At the same time you must need a comprehensive round of testing. So there is still some risk of confusion. To avoid risk, you can just obfuscate some critical code, but then the effect of your obfuscation will be reduced.
Common androidCode
Android programs that cannot be confused should be reserved when the following code is confused.
Android system components, system components have fixed methods to be called by the system.
Referenced by the Android Resource file. The name has been fixed and cannot be confused, such as a custom View.
Android Parcelable, need to use android serialization.
Other Anroid official recommendations are not confusing, such as
android.app.backup.BackupAgentHelper
android.preference.Preference
com.android.vending.licensing.ILicensingService
Java serialization method, system serialization requires a fixed method.
Enumerations, the system needs a fixed method for handling enumerations.
Local methods, local method names cannot be modified
Annotations Annotation
database drives
Some resource files
Where reflection is used
How to implement
The current system has been configured to retain
Android system components when obfuscated
Custom View
Android Parcelable
Android R file
Android Parcelable
enumeration
Individual developers You must check whether your code uses reflection, and other places that cannot be confused. Tell me to modify the configuration file (it is not needed if it has been reserved)
The third-party library currently checked by the system department is
-dontwarn android.support.**
-dontwarn com.tencent.**
-dontwarn org.dom4j.**
-dontwarn org.slf4j.**
-dontwarn org.http.mutipart.**
-dontwarn org.apache.**
-dontwarn org.apache.log4j.**
-dontwarn org.apache.commons.logging.**
-dontwarn org.apache.commons.codec.binary.**
-dontwarn weibo4android.**
proguard parameters
-include {filename} Read configuration parameters from the given file
-basedirectory {directoryname} specify the base directory for future relative files name
-injars {class_path} specifies the application jar, war, ear and directory to be processed
-outjars {class_path} specifies the name of the jar, war, ear and directory to be output after processing
-libraryjars {classpath} specifies the application to be processed Library files required by program jar, war, ear and directories
-dontskipnonpubliclibraryclasses Specifies not to ignore non-public library classes.
-dontskipnonpubliclibraryclassmembers Specifies not to ignore members of library classes that are visible to the package.
reserved options
-keep {Modifier} {class_specification} protects the specified class files and members of the class
-keepclassmembers {modifier} {class_specification} protects the members of the specified class, if this class is protected they are better protected
-keepclasseswithmembers {class_specification} protect The specified class and class members, but only if all specified classes and class members are to exist.
-keepnames {class_specification} protect the names of the specified classes and class members (if they will not be removed in the compaction step)
-keepclassmembernames {class_specification} protect the names of the specified class members (if they will not be removed in the compaction step)
-keepclasseswithmembernames {class_specification} protects the names of the specified class and class members if all specified class members are present (after the compression step)
-printseeds {filename} lists the list of classes and class members -keep option, stdout to the given file
compression
-dontshrink do not compress input class files
-printusage {filename}
-whyareyoukeeping {class_specification}
optimize
-dontoptimize do not optimize input class files
-assumenosideeffects {class_specification} optimizes assume specified methods without any side effects
-allowaccessmodification allow when optimizing Access and modify classes with modifiers and class members
obfuscate
-dontobfuscate don't obfuscate input class files
-printmapping {filename}
-applymapping {filename} reuse mapping to increase confusion
-obfuscationdictionary {filename} use keywords in given file as names of methods to obfuscate
-overloadaggressively apply intrusive overloading when
obfuscating -useuniqueclassmembernames determine uniform obfuscated class member names to increase obfuscation
-flattenpackagehierarchy {package_name} repackage all heavyweights Named packages and put in a given single package
-repackageclass {package_name} repackage all renamed class files into a given single package
-dontusemixedcaseclassnames don't produce assorted class names
when obfuscated -keepattributes {attribute_name, ...} Protect the given optional attributes, such as LineNumberTable, LocalVariableTable, SourceFile, Deprecated, Synthetic, Signature, and InnerClasses.
-renamesourcefileattribute {string} Set the given string constant in the source file to
solve the export packaging error
this time Export prompts "conversion to Dalvik format failed with error 1" error. There are many online sayings. Finally, I upgraded proguard from 4.4 to 4.8 and solved it. The official address is http://proguard.sourceforge.net. The above configuration file parameters can be found here.
The upgrade method is very simple, just overwrite the tool/proguard directory in the android sdk directory.
How to debug the packaged program
Once it is packaged, it cannot be viewed with the logcat of eclipse. Here you can view it with the tool of ddms.bat in the android sdk. As soon as you use it, you will find that it is actually the same thing as logcat, that is, there is one more device s Choice.
Using the configuration required by gson
When Gson uses generics, an error will be reported. This is really depressing for a long time, prompting "Missing type parameter". Finally found a material to give a solution, reference: http://stackoverflow.com/questio ... sing-type-parameter.
In addition, I used JsonObject again, and the members in the submitted Object were actually changed to a. So the things given above are not enough, but also add
# JsonObject using your own splicing
-keep class com.google.gson.JsonObject { *; }
Personally suggest to reduce the trouble caused by the confusion of these dependent packages, and simply keep them all. confused. For example
-keep class com.badlogic.** { *; }
-keep class * implements com.badlogic.gdx.utils.Json*
-keep class com.google.** { *; }
The configuration required to use libgdx
refer to http: //code.google.com/p/libgdx-users/wiki/Ant
verify the packaging effect
Using the apktool decompilation tool, decompress the packaged file and take a look. If the changes of the package path, class name, variable name, and method name are consistent with your expectations, then it is OK. Command:
apktool.bat d xxx.apk destdir
configuration instance
-injars androidtest.jar [jar package address]
-outjars out [output address]
-libraryjars 'D:\android-sdk-windows\platforms\android-9\android. jar' [The jar of the referenced library, used to parse the jar class specified by
injars] -optimizationpasses 5
-dontusemixedcaseclassnames [various class names will not be generated when confused]
-dontskipnonpubliclibraryclasses [Specify not to ignore non-public library classes. ]
-dontpreverify [do not pre-verify]
-verbose
-optimizations !code/simplification/arithmetic,!field/*,!class/merging/* [optimization]
-keep public class * extends android.app.Activity [do not keep confusion As is]
-keep public class * extends android.app.Application
-keep public class * extends android.app.Service
-keep public class * extends android.content.BroadcastReceiver
-keep public class * extends android.content.ContentProvider
-keep public class * extends android.app.backup.BackupAgentHelper
-keep public class * extends android.preference.Preference
-keep public class com.android.vending.licensing.ILicensingService
-keep public abstract interface com.asqw.android.Listener{
public protected <methods>; [All methods are not obfuscated]
}
-keep public class com.asqw.android{
public void Start( java.lang.String); [Do not confuse this method]
}
-keepclasseswithmembernames class * { [Protect the names of the specified classes and members of the class, if all specified class members are present (after the compression step)]
native <methods >;
}
-keepclasseswithmembers class * { [Protect the specified classes and class members, but the condition is that all specified classes and class members are to exist. 】
public <init>(android.content.Context, android.util.AttributeSet);
}
-keepclasseswithmembers class * {
public <init>(android.content.Context, android.util.AttributeSet, int);
}
-keepclassmembers class * extends android.app.Activity {[protect the members of the specified class, if this class is protected they will be better protected]
public void *(android.view.View);
}
-keepclassmembers enum * {
public static **[] values( );
public static ** valueOf(java.lang.String);
}
-keep class * implements android.os.Parcelable {[protect the specified class file and class members]
public static final android.os.Parcelable$Creator *;
}
//Do not confuse the classes under the specified package -
keep class com.aspire.**