Android 混淆配置
前言
为什么要混淆呢? Android最大的乐趣就是可以反编译看代码,一边用一边骂对方代码写的low.本人为了防止被骂,所以总结一下混淆的基本配置.废话不说直接上配置
1 .在app的build,gradle 文加下开启混淆
release {
minifyEnabled true // 混淆
zipAlignEnabled true // Zipalign优化
shrinkResources true // 移除无用的resource文件
proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.pro' // 加载默认混淆配置文件
signingConfig signingConfigs.relealse // 签名
}
2 混淆的规则
-
四大组件不能混淆,activity service 等
-
自定义View不能混淆,因为在xml里面引用需要根据View的名字去找
-
menu不能混淆
-
native方法不能混淆
-
js调用java方法不能混淆
-
反射类不能混淆
-
实体类不能混淆
-
序列化类不能混淆
-
注解不能混淆
…
3 配置模板
- 基本配置
#基本配置
# 设置混淆的压缩比率 0 ~ 7
-optimizationpasses 5
# 混淆时不使用大小写混合,混淆后的类名为小写
-dontusemixedcaseclassnames
# 指定不去忽略非公共库的类
-dontskipnonpubliclibraryclasses
# 指定不去忽略非公共库的成员
-dontskipnonpubliclibraryclassmembers
# 混淆时不做预校验
-dontpreverify
# 混淆时不记录日志
-verbose
# 忽略警告
-ignorewarning
# 代码优化
-dontshrink
# 不优化输入的类文件
-dontoptimize
# 保留注解不混淆
-keepattributes *Annotation*,InnerClasses
# 避免混淆泛型
-keepattributes Signature
# 保留代码行号,方便异常信息的追踪
-keepattributes SourceFile,LineNumberTable
# 混淆采用的算法
-optimizations !code/simplification/cast,!field/*,!class/merging/*
# dump.txt文件列出apk包内所有class的内部结构
-dump class_files.txt
# seeds.txt文件列出未混淆的类和成员
-printseeds seeds.txt
# usage.txt文件列出从apk中删除的代码
-printusage unused.txt
# mapping.txt文件列出混淆前后的映射
-printmapping mapping.txt
2 不需要混淆的Android类
-keep public class * extends android.app.Fragment
-keep public class * extends android.app.Activity
-keep public class * extends android.app.Application
-keep public class * extends android.app.Service
-keep public class * extends android.content.BroadcastReceiver
-keep public class * extends android.preference.Preference
-keep public class * extends android.content.ContentProvider
-keep public class * extends android.app.backup.BackupAgentHelper
-keep public class * extends android.preference.Preference
-keep public class * extends android.view.View
-keep public class com.android.vending.licensing.ILicensingService
3 support下的所有类以及内部类,以及
#support
-keep class android.support.** {*;}
-dontwarn android.support.**
-keep interface android.support.** { *; }
#adnroidX
-keep class androidx.** {*;}
-keep interface androidx.** {*;}
-keep public class * extends androidx.**
-dontwarn androidx.**
4 suppor V4和V7库
-keep public class * extends android.support.v4.**
-keep public class * extends android.support.v7.**
-keep public class * extends android.support.annotation.**
5 support design库
#support
-dontwarn android.support.design.**
-keep class android.support.design.** { *; }
-keep interface android.support.design.** { *; }
-keep public class android.support.design.R$* { *; }
#adnroidX
-keep class com.google.android.material.** {*;}
-dontwarn com.google.android.material.**
-dontnote com.google.android.material.**
6 避免混淆自定义控件的set和get方法
-keep public class * extends android.view.View{
*** get*();
void set*(***);
public <init>(android.content.Context);
public <init>(android.content.Context, android.util.AttributeSet);
public <init>(android.content.Context, android.util.AttributeSet, int);
}
7 关闭log日志,这个是实际测试无法取消掉所有的log打印,一般我们都是自定义log类,这样就是你的包名+你自定义的log方法.这个还要注意 dontoptimize不要配置,不然将会关闭优化,导致日志语句不会被优化掉。
-assumenosideeffects class android.util.Log {
public static boolean isLoggable(java.lang.String, int);
public static int v(...);
public static int i(...);
public static int w(...);
public static int d(...);
public static int e(...);
}
-assumenosideeffects class 包名.LogUtils{
public static *** d(...);
public static *** v(...);
public static *** i(...);
public static *** e(...);
public static *** w(...);
}
8 避免R文件混淆
-keep class **.R$* {*;}
9 避免layout文件里面给设置的onclick属性
-keepclassmembers class * extends android.app.Activity{
public void *(android.view.View);
}
10 避免回调函数 onxxevent方法混淆
-keepclassmembers class * {
void *(*Event);
}
11 避免混淆枚举
-keepclassmembers enum * {
public static **[] values();
public static ** valueOf(java.lang.String);
}
12 Native方法混淆
-keepclasseswithmembernames class * {
native <methods>;
}
13 避免parcelable混淆 和避免Serializable接口的子类中指定的某些成员变量和方法混淆
-keep class * implements android.os.Parcelable {
public static final android.os.Parcelable$Creator *;
}
-keepclassmembers class * implements java.io.Serializable {
static final long serialVersionUID;
private static final java.io.ObjectStreamField[] serialPersistentFields;
!static !transient <fields>;
private void writeObject(java.io.ObjectOutputStream);
private void readObject(java.io.ObjectInputStream);
java.lang.Object writeReplace();
java.lang.Object readResolve();
}
14 避免webView混淆
-keepclassmembers class fqcn.of.javascript.interface.for.webview {
public *;
}
-keepclassmembers class * extends android.webkit.webViewClient {
public void *(android.webkit.WebView, java.lang.String, android.graphics.Bitmap);
public boolean *(android.webkit.WebView, java.lang.String);
}
-keepclassmembers class * extends android.webkit.webViewClient {
public void *(android.webkit.webView, jav.lang.String);
}
-keep public class [包名.类名]$[内部类]{
public *;
}
-keepattributes JavascriptInterface
4 常用第三方库混淆配置,这个要根据你使用给的版本去官网找
-
butterKnife混淆
-keep class butterknife.** { *; } -dontwarn butterknife.internal.** -keep class **$$ViewBinder { *; } -keepclasseswithmembernames class * { @butterknife.* <fields>; } -keepclasseswithmembernames class * { @butterknife.* <methods>; }
-
Okhttp3
-dontwarn com.squareup.okhttp3.** -keep class com.squareup.okhttp3.** { *;} -dontwarn okio.**
-
Retrofit2混淆
-dontwarn retrofit2.** -keep class retrofit2.** { *; } -keepattributes Signature -keepattributes Exceptions
-
Rxjava,RxAndroid混淆
-dontwarn sun.misc.** -keepclassmembers class rx.internal.util.unsafe.*ArrayQueue*Field* { long producerIndex; long consumerIndex; } -keepclassmembers class rx.internal.util.unsafe.BaseLinkedQueueProducerNodeRef { rx.internal.util.atomic.LinkedQueueNode producerNode; } -keepclassmembers class rx.internal.util.unsafe.BaseLinkedQueueConsumerNodeRef { rx.internal.util.atomic.LinkedQueueNode consumerNode; }
-
Glide混淆
#Glide 3 -keep public class * implements com.bumptech.glide.module.GlideModule -keep public enum com.bumptech.glide.load.resource.bitmap.ImageHeaderParser$** { **[] $VALUES; public *; } #Glide 4 -keep public class * implements com.bumptech.glide.module.AppGlideModule -keep public class * implements com.bumptech.glide.module.LibraryGlideModule -keep public enum com.bumptech.glide.load.ImageHeaderParser$** { **[] $VALUES; public *; }
-
json混淆
# fastjson -dontwarn com.alibaba.fastjson.** -keep class com.alibaba.fastjson.**{*; } #Gson -keep class com.google.gson.** {*;} -keep class com.google.**{*;} -keep class sun.misc.Unsafe { *; } -keep class com.google.gson.stream.** { *; } -keep class com.google.gson.examples.android.model.** { *; }
-
picasso fresco 混淆
# picasso -keep class com.parse.*{ *; } -dontwarn com.parse.** -dontwarn com.squareup.picasso.** -keepclasseswithmembernames class * { native <methods>; } #fresco # Keep our interfaces so they can be used by other ProGuard rules. # See http://sourceforge.net/p/proguard/bugs/466/ -keep,allowobfuscation @interface com.facebook.common.internal.DoNotStrip -keep,allowobfuscation @interface com.facebook.soloader.DoNotOptimize # Do not strip any method/class that is annotated with @DoNotStrip -keep @com.facebook.common.internal.DoNotStrip class * -keepclassmembers class * { @com.facebook.common.internal.DoNotStrip *; } # Do not strip any method/class that is annotated with @DoNotOptimize -keep @com.facebook.soloader.DoNotOptimize class * -keepclassmembers class * { @com.facebook.soloader.DoNotOptimize *; } # Keep native methods -keepclassmembers class * { native <methods>; } -dontwarn okio.** -dontwarn com.squareup.okhttp.** -dontwarn okhttp3.** -dontwarn javax.annotation.** -dontwarn com.android.volley.toolbox.** -dontwarn com.facebook.infer.**
-
Banner
-keep class com.youth.banner.** { *; }
-
映射数据库
#GreenDao2 -keep class de.greenrobot.dao.** {*;} -keepclassmembers class * extends de.greenrobot.dao.AbstractDao { public static Java.lang.String TABLENAME; } -keep class **$Properties #GreenDao 3 -keepclassmembers class * extends org.greenrobot.greendao.AbstractDao { public static java.lang.String TABLENAME; } -keep class **$Properties # If you do not use SQLCipher: -dontwarn org.greenrobot.greendao.database.** # If you do not use Rx: -dontwarn rx.**
-
百度定位百度地图高德地图混淆
#百度定位 -keep class vi.com.gdi.** { *; } -keep public class com.baidu.** {*;} -keep public class com.mobclick.** {*;} -dontwarn com.baidu.mapapi.utils.* -dontwarn com.baidu.platform.comapi.b.* -dontwarn com.baidu.platform.comapi.map.* #百度地图 -keep class com.baidu.** {*;} -keep class vi.com.** {*;} -dontwarn com.baidu.** #高德地图 -dontwarn com.amap.api.** -dontwarn com.a.a.** -dontwarn com.autonavi.** -keep class com.amap.api.** {*;} -keep class com.autonavi.** {*;} -keep class com.a.a.** {*;}
-
bugly混淆
-dontwarn com.tencent.bugly.** -keep public class com.tencent.bugly.**{*;}
-
EventBus混淆
#Event2 -keepclassmembers class ** { public void onEvent*(***); } # Only required if you use AsyncExecutor -keepclassmembers class * extends de.greenrobot.event.util.ThrowableFailureEvent { <init>(java.lang.Throwable); } #Event3 -keepattributes *Annotation* -keepclassmembers class ** { @org.greenrobot.eventbus.Subscribe <methods>; } -keep enum org.greenrobot.eventbus.ThreadMode { *; } # Only required if you use AsyncExecutor -keepclassmembers class * extends org.greenrobot.eventbus.util.ThrowableFailureEvent { <init>(java.lang.Throwable); }
-
友盟分享 推送
#友盟分享 -dontshrink -dontoptimize -dontwarn com.google.android.maps.** -dontwarn android.webkit.WebView -dontwarn com.umeng.** -dontwarn com.tencent.weibo.sdk.** -dontwarn com.facebook.** -keep public class javax.** -keep public class android.webkit.** -dontwarn android.support.v4.** -keep enum com.facebook.** -keepattributes Exceptions,InnerClasses,Signature -keepattributes *Annotation* -keepattributes SourceFile,LineNumberTable -keep public interface com.facebook.** -keep public interface com.tencent.** -keep public interface com.umeng.socialize.** -keep public interface com.umeng.socialize.sensor.** -keep public interface com.umeng.scrshot.** -keep public class com.umeng.socialize.* {*;} -keep class com.facebook.** -keep class com.facebook.** { *; } -keep class com.umeng.scrshot.** -keep public class com.tencent.** {*;} -keep class com.umeng.socialize.sensor.** -keep class com.umeng.socialize.handler.** -keep class com.umeng.socialize.handler.* -keep class com.umeng.weixin.handler.** -keep class com.umeng.weixin.handler.* -keep class com.umeng.qq.handler.** -keep class com.umeng.qq.handler.* -keep class UMMoreHandler{*;} -keep class com.tencent.mm.sdk.modelmsg.WXMediaMessage {*;} -keep class com.tencent.mm.sdk.modelmsg.** implements com.tencent.mm.sdk.modelmsg.WXMediaMessage$IMediaObject {*;} -keep class im.yixin.sdk.api.YXMessage {*;} -keep class im.yixin.sdk.api.** implements im.yixin.sdk.api.YXMessage$YXMessageData{*;} -keep class com.tencent.mm.sdk.** { *; } -keep class com.tencent.mm.opensdk.** { *; } -keep class com.tencent.wxop.** { *; } -keep class com.tencent.mm.sdk.** { *; } -dontwarn twitter4j.** -keep class twitter4j.** { *; } -keep class com.tencent.** {*;} -dontwarn com.tencent.** -keep class com.kakao.** {*;} -dontwarn com.kakao.** -keep public class com.umeng.com.umeng.soexample.R$*{ public static final int *; } -keep public class com.linkedin.android.mobilesdk.R$*{ public static final int *; } -keepclassmembers enum * { public static **[] values(); public static ** valueOf(java.lang.String); } -keep class com.tencent.open.TDialog$* -keep class com.tencent.open.TDialog$* {*;} -keep class com.tencent.open.PKDialog -keep class com.tencent.open.PKDialog {*;} -keep class com.tencent.open.PKDialog$* -keep class com.tencent.open.PKDialog$* {*;} -keep class com.umeng.socialize.impl.ImageImpl {*;} -keep class com.sina.** {*;} -dontwarn com.sina.** -keep class com.alipay.share.sdk.** { *; } -keepnames class * implements android.os.Parcelable { public static final ** CREATOR; } -keep class com.linkedin.** { *; } -keep class com.android.dingtalk.share.ddsharemodule.** { *; } -keepattributes Signature #友盟推送 -dontwarn com.umeng.** -dontwarn com.taobao.** -dontwarn anet.channel.** -dontwarn anetwork.channel.** -dontwarn org.android.** -dontwarn org.apache.thrift.** -dontwarn com.xiaomi.** -dontwarn com.huawei.** -dontwarn com.meizu.** -keepattributes *Annotation* -keep class com.taobao.** {*;} -keep class org.android.** {*;} -keep class anet.channel.** {*;} -keep class com.umeng.** {*;} -keep class com.xiaomi.** {*;} -keep class com.huawei.** {*;} -keep class com.meizu.** {*;} -keep class org.apache.thrift.** {*;} -keep class com.alibaba.sdk.android.**{*;} -keep class com.ut.**{*;} -keep class com.ta.**{*;} -keep public class **.R$*{ public static final int *; }
5 混淆碰到的问题
java.lang.NoSuchMethodError: No interface method g()I in class Landroid/content/res/XmlResourceParser; or its super classes (declaration of 'android.content.res.XmlResourceParser' appears in /system/framework/framework.jar)
at android.support.v4.content.FileProvider.parsePathStrategy(FileProvider.java:613)
at android.support.v4.content.FileProvider.getPathStrategy(FileProvider.java:579)
at android.support.v4.content.FileProvider.attachInfo(FileProvider.java:392)
at android.app.ActivityThread.installProvider(ActivityThread.java:7750)
at android.app.ActivityThread.installContentProviders(ActivityThread.java:7291)
at android.app.ActivityThread.handleBindApplication(ActivityThread.java:7187)
at android.app.ActivityThread.access$2200(ActivityThread.java:296)
at android.app.ActivityThread$H.handleMessage(ActivityThread.java:2208)
这个是文件里面有xml 需要增加配置如下原因具体原因
-keep class org.xmlpull.** {*;}
-keep public class * extends org.xmlpull.**
-keep interface org.xmlpull.** {*;}