反编译:
一般的apk程序使用反编译工具(如dex2jar)可进行反编译,并且反编译后的代码可以进行修改重新打包签名
反编译过程:把 class.dex 拷贝到 dex2jar.bat 所在目录,直接拖动 class.dex 到 dex2jar.bat,生成 classes.dex.dex2jar.jar。
反编译后的代码可以用工具jd-gui查看:
因此在进行android打包的时候需要对项目进行混淆处理,以防止被反编译而导致代码泄露。
混淆处理方法:
Android SDK自2.3版本后内置混淆处理工具proguard
在2.3后新建的android工程中,会多出一个 proguard.cfg 文件。在default.properties中加入proguard.config=proguard.cfg
在4.+(具体版不清楚)后属性文件变为了project.properties和proguard-project.txt
如果需要混淆,只需要进行一步操作:
将project.properties文件中的“# proguard.config=${sdk.dir}/tools/proguard/proguard-android.txt:proguard-project.txt”中的“#”去掉就可以了。
我的项目中用的的proguard-project.txt代码如下:
# To enable ProGuard in your project, edit project.properties
# to define the proguard.config property as described in that file.
#
# Add project specific ProGuard rules here.
# By default, the flags in this file are appended to flags specified
# in ${sdk.dir}/tools/proguard/proguard-android.txt
# You can edit the include path and order by changing the ProGuard
# include property in project.properties.
#
# For more details, see
# http://developer.android.com/guide/developing/tools/proguard.html
# Add any project specific keep options here:
# If your project uses WebView with JS, uncomment the following
# and specify the fully qualified class name to the JavaScript interface
# class:
#-keepclassmembers class fqcn.of.javascript.interface.for.webview {
# public *;
#}
-optimizationpasses 5
-dontusemixedcaseclassnames
-dontskipnonpubliclibraryclasses
-dontpreverify
-verbose
-optimizations !code/simplification/arithmetic,!field/*,!class/merging/*
-libraryjars ./libs/whty-core-new.jar
-libraryjars ./libs/sun.misc.BASE64Decoder.jar
-libraryjars ./libs/commons-io-2.0.1.jar
-dontwarn com.whty.wicity.core.**
-keep class com.whty.wicity.core.** { *;}
-dontwarn Decoder.**
-keep class Decoder.** { *;}
-dontwarn org.apache.commons.io.**
-keep class org.apache.commons.io.** { *;}
-dontwarn net.soureceforge.pinyin4j.**
-dontwarn demo.**
-keep class net.sourceforge.pinyin4j.** { *;}
-keep class demo.** { *;}
-ignorewarnings
-keep class org.kobjects.** { *; }
-keep class org.ksoap2.** { *; }
-keep class org.kxml2.** { *; }
-keep class org.xmlpull.** { *; }
#LocatCat不打印日志,加入下面两句
-renamesourcefileattribute SourceFile
-keepattributes SourceFile,LineNumberTable
##---------------Gson混淆配置 ----------
# Gson uses generic type information stored in a class file when working with fields. Proguard
# removes such information by default, so configure it to keep all of it.
-keepattributes Signature
-keep class sun.misc.Unsafe { *; }
#-keep class com.google.gson.stream.** { *; }
# Application classes that will be serialized/deserialized over Gson
-keep class com.google.gson.examples.android.model.** { *; }
##--------------------------------------
##微博
-dontwarn android.net.http.**
-keep public class android.webkit.WebView {*;}
-keep public class android.webkit.WebViewClient {*;}
-keep class com.weibo.net.** {*;}
##---保持所有第三方包,一般不用处理,但为了防止不必要错误,加入---------
-dontwarn android.support.v4.**
-keep class android.support.v4.** { *;}
-dontwarn com.whty.wicity.core.**
-keep class com.whty.wicity.core.** { *;}
-dontwarn com.google.zxing.**
-keep class com.google.zxing.** { *;}
-dontwarn com.baidu.location.**
-keep class com.baidu.location.** { *;}
-dontwarn com.iflytek.speech.**
-keep class com.iflytek.speech.** { *;}
-dontwarn com.tencent.mm.**
-keep class com.tencent.mm.** { *;}
-dontwarn demo.Pinyin4jAppletDemo.**
-keep class demo.Pinyin4jAppletDemo.** { *;}
-dontwarn android.net.http.**
-keep class android.net.http.** { *;}
-dontwarn com.google.gson.**
-keep class com.google.gson.** { *;}
-dontwarn com.mapabc.minimap.map.vmap.**
-keep class com.mapabc.minimap.map.vmap.** { *;}
-dontwarn Decoder.**
-keep class Decoder.** { *;}
-dontwarn com.tencent.**
-keep class com.tencent.** { *;}
-dontwarn org.**
-keep class org.** { *;}
-dontwarn org.apache.commons.io.**
-keep class org.apache.commons.io.** { *;}
-dontwarn com.chinaMobile.**
-keep class com.chinaMobile.** { *;}
##---------------------------------------------------------
-keep public class * extends android.app.Activity
-keep public class * extends android.app.Application
-keep public class * extends android.app.Service
-keep public class * extends android.content.BroadcastReceiver
-keep public class * extends android.content.ContentProvider
-keep public class * extends android.app.backup.BackupAgentHelper
-keep public class * extends android.preference.Preference
-keep public class com.android.vending.licensing.ILicensingService
-keepclasseswithmembernames class * {
native <methods>;
}
-keepclasseswithmembers class * {
public <init>(android.content.Context, android.util.AttributeSet);
}
-keepclasseswithmembers class * {
public <init>(android.content.Context, android.util.AttributeSet, int);
}
-keepclassmembers class * extends android.app.Activity {
public void *(android.view.View);
}
-keepclassmembers enum * {
public static **[] values();
public static ** valueOf(java.lang.String);
}
-keep class * implements android.os.Parcelable {
public static final android.os.Parcelable$Creator *;
}
#保持 Serializable 不被混淆
-keepnames class * implements java.io.Serializable
-keep public class * implements java.io.Serializable { *;}
# Explicitly preserve all serialization members. The Serializable interface
# is only a marker interface, so it wouldn’t save them.
-keepclassmembers class * implements java.io.Serializable {
static final long serialVersionUID;
private static final java.io.ObjectStreamField[] serialPersistentFields;
private void writeObject(java.io.ObjectOutputStream);
private void readObject(java.io.ObjectInputStream);
java.lang.Object writeReplace();
java.lang.Object readResolve();
}
以上代码仅作参考,实际项目跟进添加的lib包不同则混淆脚本也不同,需做适当修改。
如果部分代码报错,且不影响代码暴露可以对此类代码进行非混淆处理,参照如下代码:
-keep class org.apache.commons.io.** { *;}
另外:如果项目涉及到多个工程,以lib工程的形式引用需要注意,如果按照普通的方式引入lib工程,即工程右键—>属性——>Android——>Add形式引入,如下图:
此方法引入lib工程,混淆打包后,通常会出现错误。需要同时以
Projects>Required projects on the build path形式引入工程,猜想此方法应该是使lib工程一同参与到主工程的编译过程中来。
记得勾选Buil class path order an exported entries中加入的上面的工程。
参照:http://my.oschina.net/aibenben/blog/371889
http://www.cnblogs.com/lesliefang/p/3819259.html
扫一扫
591
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
