concept:

To put it simply, it is to make the source code difficult to understand. If you don’t want to be decompiled after the app is put on the shelf and get the source code directly to the CV, it is recommended to take a look, haha

benefit:

Increase the difficulty of reading the decompiled only source code

Automatically optimize code to reduce application size and remove unused classes and members

Perform optimizations at the bytecode level to make applications run faster.

Without further ado, let’s compare the two pictures:

Before obfuscation:

After obfuscation:

From the comparison of these two pictures, it is easy to find that many package names and class names here are confused, as well as code optimization

use:

Add code in Android main project build.gradle

android{
 buildTypes {

        debug {
            minifyEnabled false
            proguardFiles getDefaultProguardFile('proguard-android-optimize.txt'), 'proguard-rules.pro'
        }

        release {
            minifyEnabled true
            proguardFiles getDefaultProguardFile('proguard-android-optimize.txt'), 'proguard-rules.pro'
        }
    }
}

That's it, isn't it very simple?

minifyEnabled is the switch for confusion.
There will be a proguard-rules.pro file in the corresponding module. If you need to customize the confusion rules yourself, you can change them in this file.

Basic obfuscation rules:

Lazy to throw a link:

Obfuscation Rules Reference

Commonly used obfuscation rules:

Lazy people can directly use CV Dafa in the project

# This is a configuration file for ProGuard.
# http://proguard.sourceforge.net/index.html#manual/usage.html
#
# Starting with version 2.2 of the Android plugin for Gradle, this file is distributed together with
# the plugin and unpacked at build-time. The files in $ANDROID_HOME are no longer maintained and
# will be ignored by new version of the Android plugin for Gradle.

# Optimizations can be turned on and off in the 'postProcessing' DSL block.
# The configuration below is applied if optimizations are enabled.
# Adding optimization introduces certain risks, since for example not all optimizations performed by
# ProGuard works on all versions of Dalvik.  The following flags turn off various optimizations
# known to have issues, but the list may not be complete or up to date. (The "arithmetic"
# optimization can be used if you are only targeting Android 2.0 or later.)  Make sure you test
# thoroughly if you go this route.
# --------------------------------------------基本指令区-------------------------------------------# 指定代码的压缩级别(在0~7之间，默认为5)
-optimizationpasses 5
# 是否使用大小写混合(windows大小写不敏感，建议加入)
-dontusemixedcaseclassnames
 # 是否混淆非公共的库的类
-dontskipnonpubliclibraryclasses
# 是否混淆非公共的库的类的成员
-dontskipnonpubliclibraryclassmembers
# 混淆时是否做预校验(Android不需要预校验，去掉可以加快混淆速度)
# 混淆时是否记录日志(混淆后会生成映射文件)
-verbose


# 混淆时所采用的算法(谷歌推荐算法)
-optimizations !code/simplification/arithmetic,!field/*,!class/merging/*,!code/allocation/variable
-useuniqueclassmembernames
-allowaccessmodification
# 将文件来源重命名为“SourceFile”字符串
-renamesourcefileattribute SBFile

# 保持注解不被混淆
-keepattributes *Annotation*
-keep class * extends java.lang.annotation.Annotation {*;}

# 保持泛型不被混淆
-keepattributes Signature
# 保持反射不被混淆
-keepattributes EnclosingMethod
# 保持异常不被混淆
-keepattributes Exceptions
# 保持内部类不被混淆
-keepattributes Exceptions,InnerClasses
# 抛出异常时保留代码行号
-keepattributes SourceFile,LineNumberTable

# --------------------------------------------默认保留区--------------------------------------------#
# 保持基本组件不被混淆
-keep public class * extends android.app.Fragment
-keep public class * extends android.app.Activity
-keep public class * extends android.app.Application
-keep public class * extends android.app.Service
-keep public class * extends android.content.BroadcastReceiver
-keep public class * extends android.content.ContentProvider
-keep public class * extends android.app.backup.BackupAgentHelper
-keep public class * extends android.preference.Preference


# Support包规则
-dontwarn android.support.**
-keep public class * extends android.support.v4.**
-keep public class * extends android.support.v7.**
-keep public class * extends android.support.annotation.**

# 保持 native 方法不被混淆
-keepclasseswithmembernames class * {
    native <methods>;
}

# 保留自定义控件(继承自View)不被混淆
-keep public class * extends android.view.View {
    *** get*();
    void set*(***);
    public <init>(android.content.Context);
    public <init>(android.content.Context, android.util.AttributeSet);
    public <init>(android.content.Context, android.util.AttributeSet, int);
}

# 保留指定格式的构造方法不被混淆
-keepclasseswithmembers class * {
    public <init>(android.content.Context, android.util.AttributeSet);
    public <init>(android.content.Context, android.util.AttributeSet, int);
}

# 保留在Activity中的方法参数是view的方法(避免布局文件里面onClick被影响)
-keepclassmembers class * extends android.app.Activity {
    public void *(android.view.View);
}

# 保持枚举 enum 类不被混淆
-keepclassmembers enum * {
    public static **[] values();
    public static ** valueOf(java.lang.String);
}

# 保持R(资源)下的所有类及其方法不能被混淆
-keep class **.R$* { *; }

# 保持 Parcelable 序列化的类不被混淆(注：aidl文件不能去混淆)
-keep class * implements android.os.Parcelable {
    public static final android.os.Parcelable$Creator *;
}

# 需要序列化和反序列化的类不能被混淆(注：Java反射用到的类也不能被混淆)
-keepnames class * implements java.io.Serializable

# 保持 Serializable 序列化的类成员不被混淆
-keepclassmembers class * implements java.io.Serializable {
    static final long serialVersionUID;
    private static final java.io.ObjectStreamField[] serialPersistentFields;
    !static !transient <fields>;
    !private <fields>;
    !private <methods>;
    private void writeObject(java.io.ObjectOutputStream);
    private void readObject(java.io.ObjectInputStream);
    java.lang.Object writeReplace();
    java.lang.Object readResolve();
}

# 保持 BaseAdapter 类不被混淆
-keep public class * extends android.widget.BaseAdapter { *; }

# --------------------------------------------webView区--------------------------------------------#
# WebView处理，项目中没有使用到webView忽略即可
# 保持Android与JavaScript进行交互的类不被混淆
-keep class **.AndroidJavaScript { *; }
-keepclassmembers class * extends android.webkit.WebViewClient {
     public void *(android.webkit.WebView,java.lang.String,android.graphics.Bitmap);
     public boolean *(android.webkit.WebView,java.lang.String);
}
-keepclassmembers class * extends android.webkit.WebChromeClient {
     public void *(android.webkit.WebView,java.lang.String);
}

# 网络请求相关
-keep public class android.net.http.SslError



################retrofit###############
-dontwarn retrofit2.**
-keep class retrofit2.** { *; }
-keepattributes Signature
-keepattributes Exceptions

################butterknife###############
-keep class butterknife.** { *; }
-dontwarn butterknife.internal.**
-keep class **$$ViewBinder { *; }
-keepclasseswithmembernames class * {
   @butterknife.* <fields>;
}
-keepclasseswithmembernames class * {
 @butterknife.* <methods>;
}

################gson###############
-keepattributes Signature
-keepattributes *Annotation*
-keep class com.google.gson.stream.** { *; }
# Application classes that will be serialized/deserialized over Gson
-keep class com.sunloto.shandong.bean.** { *; }


################okhttp###############
-keepattributes Signature
-keepattributes *Annotation*
-keep class com.squareup.okhttp.** { *; }
-keep interface com.squareup.okhttp.** { *; }
-keep class okhttp3.** { *; }
-keep interface okhttp3.** { *; }
-dontwarn com.squareup.okhttp.**

-keep class com.facebook.** { *; }

################autolayout###############
-keep class com.zhy.autolayout.** { *; }
-keep interface com.zhy.autolayout.** { *; }

################RxJava and RxAndroid###############
-dontwarn org.mockito.**
-dontwarn org.junit.**
-dontwarn org.robolectric.**

-keep class io.reactivex.** { *; }
-keep interface io.reactivex.** { *; }

-keepattributes Signature
-keepattributes *Annotation*
-keep class com.squareup.okhttp.** { *; }
-dontwarn okio.**
-keep interface com.squareup.okhttp.** { *; }
-dontwarn com.squareup.okhttp.**

-dontwarn io.reactivex.**
-dontwarn retrofit.**
-keep class retrofit.** { *; }
-keepclasseswithmembers class * {
    @retrofit.http.* <methods>;
}


-dontwarn java.lang.invoke.*


-keepclassmembers class io.reactivex.internal.util.unsafe.*ArrayQueue*Field* {
    long producerIndex;
    long consumerIndex;
}

Custom obfuscation rules:

From the first two pictures, you can see that the confused names are all a, b, c, etc., but if you want to customize this way, this is also very simple and you need to add it to the proguard-rules.pro file
#指定外部模糊字典
-obfuscationdictionary filename.txt
#指定class模糊字典
-classobfuscationdictionary filename.txt
#指定package模糊字典
-packageobfuscationdictionary filename.txt
I put the filename.txt file in the demo, the location is ..app/filename.txt, just copy it directly,

Of course, if you want to control the content of filename.txt by yourself, please follow the steps below:

download demo

Copy the proguardcreater package to your own project, or run the main method in the Main class in the demo (remember to change the rules yourself) (ps: it can be in Chinese hahaha, just play around, because the printed log cannot pass mapping to view)

Copy the generated file to your own project

The apk directory generated by custom obfuscation dictionary:

You can see that it has become a rule defined by myself, the package name composed of 0, o, O, of course the class name and method are the same

Confuse the four major components:

Anyone with a little foundation should know that under normal circumstances, it is not allowed to confuse the four major components, which will cause the program to fail to find the component and report an error. However, the obfuscation of the four major components here is achieved through incremental obfuscation . At that time, I found an open source project written by a big guy, so I recorded it.

GitHub address: click me GGG~~

Precautions:

Some classes cannot be confused and are hereby documented:

Use a custom View to ensure that it cannot be confused

Enumeration is used to ensure that the enumeration is not confused

Do not obfuscate classes in third-party libraries

Classes that use reflection are not confused

Tools such as Gson are used to prevent the JavaBean class, that is, the entity class, from being confused

When citing a third-party library, the obfuscation rules of the library are generally marked. It is recommended to add the obfuscation rules when using it, so as not to find it at the end

Useful JS calls to WebView also need to ensure that the written interface methods are not confused, the reason is the same as the first one

Subclasses of Parcelable and Creator static member variables are not confused, otherwise Android.os.BadParcelableException will be generated

The four major components used, the custom Application* entity class

Classes called in JNI

View constructor (custom control), android:onClick, etc. used by Layout layout.

Demo address:

Application GO~ https://gitee.com/li-weihao1010/text-proguard

Android confusion (including confusion of the four major components)