#Use
5
step of optimization
#-optimizationpasses
5
#When not preverifing in a
case
-insensitive filing system, such as Windows. This tool will unpack your processed jars,(
if
using windows you should then use):
-dontusemixedcaseclassnames
#Specifies not to ignore non-
public
library classes. As of version
4.5
,
this
is the
default
setting
-dontwarn
#添加第三方包
-libraryjars libs/android-support-v4.jar
-dontskipnonpubliclibraryclasses
-dontskipnonpubliclibraryclassmembers
-verbose
-ignorewarnings
# Optimization is turned off by
default
. Dex does not like code run
# through the ProGuard optimize and preverify steps (and performs some
# of these optimizations on its own).
-dontoptimize
-dontpreverify
# 对第三方报进行忽略处理
-dontwarn android.support.v4.**
-keep
class
android.support.v4.**{*;}
#Specifies to write out some more information during processing. If the program terminates with an exception,
this
option will print out the entire stack trace, instead of just the exception message.
-verbose
#The -optimizations option disables some arithmetic simplifications that Dalvik
1.0
and
1.5
can
't handle. Note that the Dalvik VM also can'
t handle aggressive overloading (of
static
fields).
#To understand or change
this
check http:
//proguard.sourceforge.net/index.html#/manual/optimizations.html
#-optimizations !code/simplification/arithmetic,!field/*,!
class
/merging/*
# Note that
if
you want to enable optimization, you cannot just
# include optimization flags in your own project configuration file;
# instead you will need to point to the
#
"proguard-android-optimize.txt"
file instead of
this
one from your
# project.properties file.
#To repackage classes on a single
package
#-repackageclasses
''
#Uncomment
if
using annotations to keep them.
-keepattributes Signature
#-keepattributes *Annotation*
#Keep classes that are referenced on the AndroidManifest
-keep
public
class
*
extends
android.app.Activity
-keep
public
class
*
extends
android.app.Application
-keep
public
class
*
extends
android.app.Service
-keep
public
class
*
extends
android.content.BroadcastReceiver
-keep
public
class
*
extends
android.content.ContentProvider
-keep
public
class
*
extends
android.app.backup.BackupAgentHelper
-keep
public
class
*
extends
android.preference.Preference
-keep
public
class
com.google.vending.licensing.ILicensingService
-keep
public
class
com.android.vending.licensing.ILicensingService
#Compatibility library
-keep
public
class
*
extends
android.support.v4.app.Fragment
-keep
public
class
*
extends
android.app.Fragment
#To maintain custom components names that are used on layouts XML.
#Uncomment
if
having any problem with the approach below
#-keep
public
class
custom.components.
package
.and.name.**
# keep setters in Views so that animations can still work.
# see http:
//proguard.sourceforge.net/manual/examples.html#beans
-keepclassmembers
public
class
*
extends
android.view.View {
void
set*(***);
*** get*();
}
#To remove debug logs:
-assumenosideeffects
class
android.util.Log {
public
static
*** d(...);
public
static
*** v(...);
public
static
*** w(...);
}
# 对实体类进行忽略处理,防止发生空指针错误
-keep
public
class
*
implements
java.io.Serializable{
public
protected
private
*;}
#To avoid changing names of methods invoked on layout's onClick.
# Uncomment and add specific method names
if
using onClick on layouts
#-keepclassmembers
class
* {
#
public
void
onClickButton(android.view.View);
#}
#Maintain java
native
methods
-keepclasseswithmembernames
class
* {
native
<methods>;
}
#To maintain custom components names that are used on layouts XML:
-keep
public
class
*
extends
android.view.View {
public
<init>(android.content.Context);
}
-keep
public
class
*
extends
android.view.View {
public
<init>(android.content.Context, android.util.AttributeSet);
}
-keep
public
class
*
extends
android.view.View {
public
<init>(android.content.Context, android.util.AttributeSet,
int
);
}
#Maintain enums
-keepclassmembers
enum
* {
public
static
**[] values();
public
static
** valueOf(java.lang.String);
}
#To keep parcelable classes (to serialize - deserialize objects to sent through Intents)
-keep
class
*
implements
android.os.Parcelable {
public
static
final
android.os.Parcelable$Creator *;
}
#Keep the R
-keepclassmembers
class
**.R$* {
public
static
<fields>;
}
###### ADDITIONAL OPTIONS NOT USED NORMALLY
#To keep callback calls. Uncomment
if
using any
#http:
//proguard.sourceforge.net/index.html#/manual/examples.html#callback
#-keep
class
mypackage.MyCallbackClass {
#
void
myCallbackMethod(java.lang.String);
#}
#Uncomment
if
using Serializable
#-keepclassmembers
class
*
implements
java.io.Serializable {
#
private
static
final
java.io.ObjectStreamField[] serialPersistentFields;
#
private
void
writeObject(java.io.ObjectOutputStream);
#
private
void
readObject(java.io.ObjectInputStream);
# java.lang.Object writeReplace();
# java.lang.Object readResolve();
#}
#Use 5 step of optimization |
#-optimizationpasses 5 |
#When not preverifing in a case -insensitive filing system, such as Windows. This tool will unpack your processed jars,( if using windows you should then use): |
-dontusemixedcaseclassnames |
#Specifies not to ignore non- public library classes. As of version 4.5 , this is the default setting |
-dontwarn |
#添加第三方包 |
-libraryjars libs/android-support-v4.jar |
-dontskipnonpubliclibraryclasses |
-dontskipnonpubliclibraryclassmembers |
-verbose |
-ignorewarnings |
# Optimization is turned off by default . Dex does not like code run |
# through the ProGuard optimize and preverify steps (and performs some |
# of these optimizations on its own). |
-dontoptimize |
-dontpreverify |
# 对第三方报进行忽略处理 |
-dontwarn android.support.v4.** |
-keep class android.support.v4.**{*;} |
#Specifies to write out some more information during processing. If the program terminates with an exception, this option will print out the entire stack trace, instead of just the exception message. |
-verbose |
#The -optimizations option disables some arithmetic simplifications that Dalvik 1.0 and 1.5 can 't handle. Note that the Dalvik VM also can' t handle aggressive overloading (of static fields). |
#To understand or change this check http: //proguard.sourceforge.net/index.html#/manual/optimizations.html |
#-optimizations !code/simplification/arithmetic,!field/*,! class /merging/* |
# Note that if you want to enable optimization, you cannot just |
# include optimization flags in your own project configuration file; |
# instead you will need to point to the |
# "proguard-android-optimize.txt" file instead of this one from your |
# project.properties file. |
#To repackage classes on a single package |
#-repackageclasses '' |
#Uncomment if using annotations to keep them. |
-keepattributes Signature |
#-keepattributes *Annotation* |
#Keep classes that are referenced on the AndroidManifest |
-keep public class * extends android.app.Activity |
-keep public class * extends android.app.Application |
-keep public class * extends android.app.Service |
-keep public class * extends android.content.BroadcastReceiver |
-keep public class * extends android.content.ContentProvider |
-keep public class * extends android.app.backup.BackupAgentHelper |
-keep public class * extends android.preference.Preference |
-keep public class com.google.vending.licensing.ILicensingService |
-keep public class com.android.vending.licensing.ILicensingService |
#Compatibility library |
-keep public class * extends android.support.v4.app.Fragment |
-keep public class * extends android.app.Fragment |
#To maintain custom components names that are used on layouts XML. |
#Uncomment if having any problem with the approach below |
#-keep public class custom.components. package .and.name.** |
# keep setters in Views so that animations can still work. |
# see http: //proguard.sourceforge.net/manual/examples.html#beans |
-keepclassmembers public class * extends android.view.View { |
void set*(***); |
*** get*(); |
} |
#To remove debug logs: |
-assumenosideeffects class android.util.Log { |
public static *** d(...); |
public static *** v(...); |
public static *** w(...); |
} |
# 对实体类进行忽略处理,防止发生空指针错误 |
-keep public class * implements java.io.Serializable{ public protected private *;} |
#To avoid changing names of methods invoked on layout's onClick. |
# Uncomment and add specific method names if using onClick on layouts |
#-keepclassmembers class * { |
# public void onClickButton(android.view.View); |
#} |
#Maintain java native methods |
-keepclasseswithmembernames class * { |
native <methods>; |
} |
#To maintain custom components names that are used on layouts XML: |
-keep public class * extends android.view.View { |
public <init>(android.content.Context); |
} |
-keep public class * extends android.view.View { |
public <init>(android.content.Context, android.util.AttributeSet); |
} |
-keep public class * extends android.view.View { |
public <init>(android.content.Context, android.util.AttributeSet, int ); |
} |
#Maintain enums |
-keepclassmembers enum * { |
public static **[] values(); |
public static ** valueOf(java.lang.String); |
} |
#To keep parcelable classes (to serialize - deserialize objects to sent through Intents) |
-keep class * implements android.os.Parcelable { |
public static final android.os.Parcelable$Creator *; |
} |
#Keep the R |
-keepclassmembers class **.R$* { |
public static <fields>; |
} |
###### ADDITIONAL OPTIONS NOT USED NORMALLY |
#To keep callback calls. Uncomment if using any |
#http: //proguard.sourceforge.net/index.html#/manual/examples.html#callback |
#-keep class mypackage.MyCallbackClass { |
# void myCallbackMethod(java.lang.String); |
#} |
#Uncomment if using Serializable |
#-keepclassmembers class * implements java.io.Serializable { |
# private static final java.io.ObjectStreamField[] serialPersistentFields; |
# private void writeObject(java.io.ObjectOutputStream); |
# private void readObject(java.io.ObjectInputStream); |
# java.lang.Object writeReplace(); |
# java.lang.Object readResolve(); |
#} |
# To enable ProGuard to shrink and obfuscate your code, uncomment this (available properties: sdk.dir, user.home):#proguard.config=${sdk.dir}/tools/proguard/proguard-android.txt:proguard-project.txt# Project target.target=android-10
proguard.config=${sdk.dir}/tools/proguard/proguard-android.txt:proguard-project.txt
以下则个是我们项目 混淆的个性化配置文件 proguard-project.txt# This is a configuration file for ProGuard. # http://proguard.sourceforge.net/index.html#manual/usage.html -dontusemixedcaseclassnames -dontskipnonpubliclibraryclasses -verbose # Optimization is turned off by default. Dex does not like code run # through the ProGuard optimize and preverify steps (and performs some # of these optimizations on its own). -dontoptimize -dontpreverify # Note that if you want to enable optimization, you cannot just # include optimization flags in your own project configuration file; # instead you will need to point to the # "proguard-android-optimize.txt" file instead of this one from your # project.properties file. -keepattributes *Annotation* -keep public class com.google.vending.licensing.ILicensingService -keep public class com.android.vending.licensing.ILicensingService # For native methods, see http://proguard.sourceforge.net/manual/examples.html#native -keepclasseswithmembernames class * { native <methods>; } # keep setters in Views so that animations can still work. # see http://proguard.sourceforge.net/manual/examples.html#beans -keepclassmembers public class * extends android.view.View { void set*(***); *** get*(); } # We want to keep methods in Activity that could be used in the XML attribute onClick -keepclassmembers class * extends android.app.Activity { public void *(android.view.View); } # For enumeration classes, see http://proguard.sourceforge.net/manual/examples.html#enumerations -keepclassmembers enum * { public static **[] values(); public static ** valueOf(java.lang.String); } -keep class * implements android.os.Parcelable { public static final android.os.Parcelable$Creator *; } -keepclassmembers class **.R$* { public static <fields>; } # The support library contains references to newer platform versions. # Don't warn about those in case this app is linking against an older # platform version. We know about them, and they are safe. -dontwarn android.support.**
注:由于牵扯到保密的问题,一些关于项目的东西换成了edu.edut或edu.edut.robin# To enable ProGuard in your project, edit project.properties # to define the proguard.config property as described in that file. # # Add project specific ProGuard rules here. # By default, the flags in this file are appended to flags specified # in ${sdk.dir}/tools/proguard/proguard-android.txt # You can edit the include path and order by changing the ProGuard # include property in project.properties. # # For more details, see # http://developer.android.com/guide/developing/tools/proguard.html # Add any project specific keep options here: # If your project uses WebView with JS, uncomment the following # and specify the fully qualified class name to the JavaScript interface # class: #-keepclassmembers class fqcn.of.javascript.interface.for.webview { # public *; #}
-renamesourcefileattribute SourceFile -keepattributes SourceFile,LineNumberTable -dontwarn android.** -dontwarn edu.edut.lsf.payment.link.** -libraryjars ..\Download_Install\lib\classes.jar -keep class org.jboss.netty.util.internal.AtomicFieldUpdaterUtil -keep class org.jboss.netty.util.internal.AtomicFieldUpdaterUtil$Node -keep class org.jboss.netty.util.internal.LinkedTransferQueue$Node -keep class edu.edut.robin.activities.LeWebJsActivity$AppStoreInterface -keepclasseswithmembers class * { public static void main(java.lang.String[]); } -keepclasseswithmembers class org.jboss.netty.util.internal.AtomicFieldUpdaterUtil$Node { *; } -keepclasseswithmembers class edu.edut.robin.activities.LeWebActionActivity$AppstoreWebInterface { *; } -keepclasseswithmembers class edu.edut.robin.utils.SilentInstallAssistant$* { *; } -keepclasseswithmembers class edu.edut.robin.silentinstaller.utils.SilentInstallAssistant$* { *; } -keepclasseswithmembers class edu.edut.robin.utils.Pm$* { *; } -keepclasseswithmembers class org.jboss.netty.util.internal.LinkedTransferQueue { volatile transient org.jboss.netty.util.internal.LinkedTransferQueue$Node head; volatile transient org.jboss.netty.util.internal.LinkedTransferQueue$Node tail; volatile transient int sweepVotes; } -keepclasseswithmembers class org.jboss.netty.util.internal.LinkedTransferQueue$Node { *; } -keepclasseswithmembers class edu.edut.robin.activities.LeWebJsActivity$AppStoreInterface { *; } -keepclasseswithmembers class * extends edu.edut.lsf.payment.WebSubmitInterface { *; } -keepclasseswithmembers class edu.edut.lsf.payment.WebSubmitInterface { *; } -keep public class com.unionpay.** {*; } -keep public class edu.edut.lsf.** {*; }
android中ProGuard已经被整合到开发工具中,官方强烈建议使用。对于调试模式,该工具不会被启用。
2、ProGuard 的使用
当你创建项目时,在项目的根目录下会自动生成proguard.cfg文件,该文件就是ProGuard的配置文件,使用方法也比较简单:在project.properties文件中添加"proguard.config=proguard.cfg "即可。默认生成的ProGuard文件只是用与一般的情况(仅仅覆盖了Android中几个比较重要的类)。所以大部分情况下我们需要自己定制该配置文件。
当然,上述情况是proguard.cfg文件位于项目的根目录下,如果你愿意你也可以挪动到别的地方,不过properties文件中需指明路径。
项目发布时会自动调用ProGuard工具混淆,从而在项目文件夹下面会生成
dump.txt: 描述.apk文件中所有类文件间的内部结构
mapping.txt :列出了原始的类,方法和字段名与混淆后代码间的映射。这个文件很重要,当你从release版本中收到一个bug报告时,可以用它来翻译被混淆的代码。
seeds.txt:列出了未被混淆的类和成员
usage.txt:列出了从.apk中删除的代码
这几个文件主要描述了整个混淆的过程包括名称替换部分的详细描述。由于混淆后的代码输出的调试信息有可能因为混淆也变得难以识别,这时你就需要借助这几个文件来查询原始信息了。
3、ProGuard的配置
一般情况下ProGuard会正常工作,但是别忘了它也有犯浑的时候。有时间他会把项目中实际有用的代码移除,然后向您报告ClassNotFoundException!!例如:
- 仅仅被AndroidManifest.xml文件引用的类
- 由JNI调用的方法
- 动态引用的属性和方法
proguard.cfg配置文件中添加 -keep public class 即可。
当然就代码安全性而言,SDK中还给出了以下的建议以保护敏感代码:
- 多使用方法嵌套调用
- 少使用字符串常量,尽量动态构造
- 使用反射进行方法调用
相信大家都能看明白,${sdk.dir}/tools/proguard/proguard-android.txt文件引用的是默认配置(即所有项目通用的),proguard-project.txt是项目下面针对该项目的配置,最终配置由这两部分组成。
======================= 我是分割线====================================
(以下内容摘自互联网)
===================================================================
-include {filename}
-basedirectory {directoryname}
-injars {class_path}
-outjars {class_path}
-libraryjars {classpath}
-dontskipnonpubliclibrary
-dontskipnonpubliclibrary
保留选项
-keep {Modifier} {class_specification}
-keepclassmembers {modifier} {class_specification}
-keepclasseswithmembers {class_specification}
-keepnames {class_specification}
-keepclassmembernames {class_specification}
-keepclasseswithmembernam
-printseeds {filename}
压缩
-dontshrink
-printusage {filename}
-whyareyoukeeping {class_specification}
优化
-dontoptimize
-assumenosideeffects {class_specification}
-allowaccessmodification
混淆
-dontobfuscate
-printmapping {filename}
-applymapping {filename}
-obfuscationdictionary {filename}
-overloadaggressively
-useuniqueclassmembername
-flattenpackagehierarchy {package_name}
-repackageclass {package_name}
-dontusemixedcaseclassnam
-keepattributes {attribute_name,...}
-renamesourcefileattribut
===========================The end===========================================
===============以下内容为对ProGuard官方文档的翻译及总结=================================
ProGuard的工作原理:
ProGuard 读取jars(包括wars, ears, zips, or directories)。input这一部分可以是源文件,源文件的类名称与混淆后类名称一一对应。
凡是正常编译所需的jar文件都需要添加到 Input jars中。jar文件一般不会被处理,但是你仍需将它们添加到classpath中。
应用程序入口
为了识别项目中哪些类需要保留,那些需要被移除,你需要定义程序的入口,如main函数的类,activity等。
shrinking :这一步中,ProGuard会从入口处递归查询,那些没有被用到的类和方法将会被移除。
optimization :这一步中,ProGuard会进一步优化程序,非公开的类和方法将会有可能被 private, static, or final化,没有用的参数将会被移除,有一些函数将会被内联。
obfuscation:这一步中:对于非入口的类与方法,ProGuard将会对类和其中的方法属性进行重命名,
preverification :该步仅适用于入口程序无关紧要的项目。
对于动态加载的类或方法,最好也要将其作为入口点。
ProGuard的使用
java -jar proguard.jar options ...
或者将options写入到相应的配置文件中
java -jar proguard.jar @myconfig.pro
配置文件中使用“#”作为行注释。
多余的空格将会被忽略,如果文件名中含有空格那么需要使用单引号或者双引号。
配置可以任意分组,其数量是不被限制的。
配置不分先后顺序,为了方便检索,你可以按照首字母进行排序。
input/output相关命令
-include filename 包含其他的配置文件
-basedirectory directoryname
-injars class_path 设置将要被处理的jar(or wars, ears, zips, or directories)文件。默认情况下所有非class文件将会被按原样拷贝。所以,请注意中间文件。
-outjars class_path 指定对应的输出文件,但是应避免将输出文件直接覆盖输入文件,如果不配置outjars 将不会有输出。
注:input 与 output都可以设置过滤器,可指明多个。
-libraryjars class_path 指明库文件位置这些jar文件不会被输出到output中。库文件中的类应是被继承而不仅仅是被使用的。需要注意的是ProGuard不会从基准文件夹或者ProGuard的运行文件夹中寻找库文件。
-skipnonpubliclibraryclas
-dontskipnonpubliclibrary
-dontskipnonpubliclibrary
-keepdirectories [directory_filter] 声明output中需要保留的目录,默认情况下为减小jar文件的大小,目录都将被删除。可以添加过滤器,如果不加过滤器那么所有的目录都将被保留。
-target version 设置版本号,可以为1.0, 1.1, 1.2, 1.3, 1.4, 1.5 (or just 5), 1.6 (or just 6), or 1.7 (or just 7).
-forceprocessing 强制处理。
Keep Options(保证不被移除)
-keep [,modifier,...] class_specification 声明类和类中成员作为入口点保留。例如对于普通程序,需要声明Main类及其main函数,为了处理类库你需要将里面所有的公共域都声明为入口点。
-keepclassmembers [,modifier,...] class_specification 如果类被保留那么类成员也将被保留,例如保留实现Serizable的类中所有的域。
-keepclasseswithmembers [,modifier,...] class_specification 声明含有指定域的类都被保留,而不必一一列出,如保留所有含有main的类。
-keepnames class_specification
-keepclasseswithmembernam
-printseeds [filename]
Shrinking Options
-dontshrink 声明不压缩输入文件夹,默认情况下使用压缩的。
-printusage [filename] 列出被移除的代码。
-whyareyoukeeping class_specification 列出被移除的原因
Optimization Options
-dontoptimize 不优化。默认优化。
-optimizations optimization_filter 专家级别的可选项,优化项过滤器。
-optimizationpasses n 优化几轮,默认一轮,如果优化一轮后发现没有可优化的项目了,直接就停止了。
-assumenosideeffects class_specification
-allowaccessmodification 声明处理过程中,允许扩大访问修饰符。例如将get方法内联会将相关属性的访问修饰符设为public 。如果设计为类库就应避免使用该设置项。
-mergeinterfacesaggressiv
Obfuscation Options
-dontobfuscate 不使用混淆,默认使用混淆。类及其中的域都会被命名为一个更加简洁的名称。
-printmapping [filename] 将混淆前后对应的名称输出到指定的地点。
-applymapping filename 使用以前输出的混淆前后mapping。
-obfuscationdictionary filename
-classobfuscationdictiona
-packageobfuscationdictio
-overloadaggressively 声明可以使用扩展性的重载(允许只有返回值不同)
-useuniqueclassmembername
-dontusemixedcaseclassnam
-keeppackagenames [package_filter] 声明不被混淆的包名,过滤器可以使用 * ? 及**或 !
-flattenpackagehierarchy [package_name] 将所有的包名重构,所有类放到指定的一个包中。
-keepattributes [attribute_filter] 声明应被保留的属性,可以使用通配符。
-keepparameternames 含有指定声明方法参数或者类型的被保留
-renamesourcefileattribut
-adaptclassstrings [class_filter] 声明与类名一致的字符串常量也将被混淆。
-adaptresourcefilenames [file_filter] 指明将要被重命名的源文件,
-adaptresourcefilecontent