JAVA之代码混淆proguard基础(一)

最新推荐文章于 2024-05-18 09:55:42 发布

allenlee

最新推荐文章于 2024-05-18 09:55:42 发布

阅读量3.7w

点赞数

分类专栏： java-代码保护文章标签： proguard

java-代码保护专栏收录该内容

1 篇文章 0 订阅

订阅专栏

讲解的比较全面的一篇文章http://blog.csdn.net/glony/article/details/8852245

一官方网站用法

http://proguard.sourceforge.net/index.html#/manual/examples.html

基础：

Input/Output Options
Keep Options
Shrinking Options
Optimization Options
Obfuscation Options
Preverification Options
General Options
Class Paths
File Names
File Filters
Filters
Overview of Keep Options
Keep Option Modifiers
Class Specifications

二proguard主要三部分功能

缩减代码、优化代码、混淆代码。三部分功能都可以在配置文件里配置不启用此功能。

#Shrink Options

#不缩减代码
-dontshrink

#Optimization Options
-dontoptimize

#Obfuscate Options
#-不混淆输入的类文件
#-dontobfuscate

三用法

Class Specifications 类规范，详细定义了类、接口、枚举、成员、方法等 -keep options 和-assumenosideeffects option的保留规则。

匹配符*在类、接口、枚举、成员、方法的使用方法。

仔细阅读

Filters

Overview of Keep Options

Keep Option Modifiers

Class Specifications

1.在配置文件中例如xml中引用到的类名，不能混淆重命名。因为配置时需要通过配置文件路径加载类。

android中的例如Activity的配置-keep public class * extends android.app.Activity（只保留类名，类名不会混淆重命名，但是其成员和方法会混淆）

在xml中出现的有Activity、Application、Service、BroadcastReceiver、ContentProvider、Fragment、Context、LinearLayout、View等自定义视图。

2.保留sdk系统自带的一些内容。

-keepattributes Exceptions,InnerClasses,Signature,Deprecated,SourceFile,LineNumberTable,*Annotation*,EnclosingMethod

比如-keepattributes *Annotation*会保留Activity的被@Override注释的方法onCreate、onDestroy方法等。

3.资源类变量需要保留

-keepclassmembers class **.R$* {
public static <fields>;
}

4.保留第三方jar包的所有类及其成员和方法，例如{ *;}匹配了类内的所有成员和方法。

#jar config
-dontwarn org.apache.log4j.**
-keep class org.apache.log4j.** { *;}

5.缺省情况下，proguard 会混淆所有代码，但是下面几种情况是不能改变java 元素的名称，否则就会这样就会导致程序出错。
一，我们用到反射的地方。
二，我们代码依赖于系统的接口，比如被系统代码调用的回调方法，这种情况最复杂。
三，是我们的java 元素名称是在配置文件中配置好的。

6.对出现问题的类的处理。遇见一个及添加。

-keep用法区别

1）保留某个类名不被混淆

-keep public class com.ebt.app.common.bean.Customer

2）保留类及其所有成员不被混淆

-keep public class com.ebt.app.common.bean.Customer { *;}

或者
-keepclasseswithmembers class com.ebt.app.common.bean.Customer {

<init>;#匹配所有构造函数

<fields>;#匹配所有成员
<methods>;#匹配所有方法
}

3）只保留类名及其部分成员不被混淆

-keep public class com.ebt.app.common.bean.Customer {

static final<fields>;

private void get*();

}

4）#保留包路径下所有的类及其属性和方法
-keep class com.ebt.app.sync.** { *;}

6.混淆后出现问题的调试方法

1）打印日志，保留异常，源文件行数信息。

-printmapping out.map
-renamesourcefileattribute SourceFile
-keepattributes Exceptions,SourceFile

2）确定哪一行哪个类出错。

也可以使用Log或者System.out在可能出错的行前后打印测试日志，以确定具体出错的类是哪一个。来决定是否保留。

参考http://blog.csdn.net/fastthinking/article/details/49420467

http://blog.chengyunfeng.com/?p=545

7.常见*的用法区别

修饰类、接口、枚举等时

`*`	matches any part of a class name not containing the package separator. For example, "`mypackage.Test`" matches "`mypackage.Test`" and "`mypackage.YourTestApplication`", but not "`mypackage.mysubpackage.MyTest`". Or, more generally, "`mypackage.*`" matches all classes in "`mypackage`", but not in its subpackages.
`**`	matches any part of a class name, possibly containing any number of package separators. For example, "`.Test`" matches all `Test` classes in all packages except the root package. Or, "`mypackage.`" matches all classes in "`mypackage`" and in its subpackages.

修饰构造函数、成员变量、方法

Fields and methods are specified much like in Java, except that method argument lists don't contain argument names (just like in other tools like javadoc and javap). The specifications can also contain the following catch-all wildcards:

`<init>`	matches any constructor.
`<fields>`	matches any field.
`<methods>`	matches any method.
`*`	matches any field or method.

Note that the above wildcards don't have return types. Only the <init> wildcard has an argument list.

Fields and methods may also be specified using regular expressions. Names can contain the following wildcards:

`?`	matches any single character in a method name.
`*`	matches any part of a method name.

Types in descriptors can contain the following wildcards:

`%`	matches any primitive type ("`boolean`", "`int`", etc, but not "`void`").
`?`	matches any single character in a class name.
`*`	matches any part of a class name not containing the package separator.
`**`	matches any part of a class name, possibly containing any number of package separators.
`***`	matches any type (primitive or non-primitive, array or non-array).
`...`	matches any number of arguments of any type.

Note that the ?, *, and ** wildcards will never match primitive types. Furthermore, only the *** wildcards will match array types of any dimension. For example, "** get*()" matches "java.lang.Object getObject()", but not "float getFloat()", nor "java.lang.Object[] getObjects()".

Constructors can also be specified using their short class names (without package) or using their full class names. As in the Java language, the constructor specification has an argument list, but no return type.
The class access modifiers and class member access modifiers are typically used to restrict wildcarded classes and class members. They specify that the corresponding access flags have to be set for the member to match. A preceding ! specifies that the corresponding access flag should be unset.
Combining multiple flags is allowed (e.g. public static). It means that both access flags have to be set (e.g. public and static), except when they are conflicting, in which case at least one of them has to be set (e.g. at least public or protected).

ProGuard supports the additional modifiers synthetic, bridge, and varargs, which may be set by compilers.

四常见实例

http://proguard.sourceforge.net/index.html#/manual/examples.html

五总结常见的保留原则

-keep options选项里说明了一些要保留的选项。

六一个android apk 配置实例

#Shrink Options
#不缩减代码
-dontshrink

#Optimization Options
-dontoptimize
-optimizations !code/simplification/arithmetic
-allowaccessmodification

#Obfuscate Options 
#-不混淆输入的类文件 
#-dontobfuscate 
-printmapping out.map
-renamesourcefileattribute SourceFile
-keepattributes Exceptions,InnerClasses,Signature,Deprecated,SourceFile,LineNumberTable,*Annotation*,EnclosingMethod
-repackageclasses ''

# Add any project specific keep options here:
#Keep Options

<span style="color:#ff0000;">#android config</span>
-keep public class * extends android.app.Activity
-keep public class * extends android.app.Application
-keep public class * extends android.app.Service
-keep public class * extends android.content.BroadcastReceiver
-keep public class * extends android.content.ContentProvider
-keep public class * extends android.app.Fragment
-keep public class * extends LinearLayout
-keep public class * extends android.view.View {
    public <init>(android.content.Context);
    public <init>(android.content.Context, android.util.AttributeSet);
    public <init>(android.content.Context, android.util.AttributeSet, int);
    public void set*(...);
}

-keepclasseswithmembers class * {
    public <init>(android.content.Context, android.util.AttributeSet);
}

-keepclasseswithmembers class * {
    public <init>(android.content.Context, android.util.AttributeSet, int);
}

-keepclassmembers class * extends android.content.Context {
   public void *(android.view.View);
   public void *(android.view.MenuItem);
}

-keepclassmembers class * implements android.os.Parcelable {
    static ** CREATOR;
}

-keepclassmembers class **.R$* {
    public static <fields>;
}

-keepclassmembers class * {
    @android.webkit.JavascriptInterface <methods>;
}

# Keep serializable classes and necessary members for serializable classes
# Copied from the ProGuard manual at http://proguard.sourceforge.net.
-keepnames class * implements java.io.Serializable
-keepclassmembers class * implements java.io.Serializable {
    static final long serialVersionUID;
    private static final java.io.ObjectStreamField[] serialPersistentFields;
    !static !transient <fields>;
    private void writeObject(java.io.ObjectOutputStream);
    private void readObject(java.io.ObjectInputStream);
    java.lang.Object writeReplace();
    java.lang.Object readResolve();
}

# If your project uses WebView with JS, uncomment the following
# and specify the fully qualified class name to the JavaScript interface
# class:
-keepclassmembers class fqcn.of.javascript.interface.for.webview {
   public *;
}

<span style="color:#ff0000;">#jar config</span>
-dontwarn org.apache.log4j.**
-keep class org.apache.log4j.** { *;}

-dontwarn com.baidu.oauth.**
-keep class com.baidu.oauth.** { *;}

-dontwarn org.achartengine.**
-keep class org.achartengine.** { *;}

-dontwarn net.sourceforge.jeval.**
-keep class net.sourceforge.jeval.** { *;}

-dontwarn de.greenrobot.dao.**
-keep class de.greenrobot.dao.** { *;}

-dontwarn org.wltea.expression.**
-keep class org.wltea.expression.** { *;}

-dontwarn org.apache.commons.net.**
-keep class org.apache.commons.net.** { *;}

-dontwarn com.baidu.pcs.**
-keep class com.baidu.pcs.** { *;}

-dontwarn de.mindpipe.android.logging.log4j.**
-keep class de.mindpipe.android.logging.log4j.** { *;}

-dontwarn com.google.gson.**
-keep class com.google.gson.** { *;}

-dontwarn com.google.**
-keep class com.google.** { *;}

-dontwarn org.apache.http.entity.mime.**
-keep class org.apache.http.entity.mime.** { *;}


<span style="color:#ff0000;">#special config</span>
-keep public class com.app.common.bean.CustomerData { *;}
#-keep public class com.app.common.bean.Customer { *;}
-keepclasseswithmembers class com.app.common.bean.Customer {
    <fields>;
    <methods>;
}
-keep public class com.app.common.bean.VRepositoryCategory {*;}