如何利用dex2jar反编译APK及代码混淆

版权声明:本文为博主原创文章,未经博主允许不得转载。 https://blog.csdn.net/qq_25815655/article/details/51510185


(一)反编译参考文章:http://jingyan.baidu.com/article/ae97a646ce78c2bbfd461df0.html

1,下载dex2jar和JD-GUI(此处提供工具的下载链接,具体方法和指示图看参考链接)

de2jar下载地址:http://pan.baidu.com/s/1pLb57SZ

JD-GUI下载地址:http://pan.baidu.com/s/1boGVrY3


这里还有增加一个反编译工具:逆向助手,

下载链接:

http://pan.baidu.com/s/1c2KEO6W

秘钥:

 ufb9 
用法:二个文件下载解压,放到同一个文件夹下,打开exe,执行逆向,找到你的apk就好了


(二)代码混淆参考文章:http://jingyan.baidu.com/article/495ba8410b595138b3

注意:代码混淆配文件写好后,直接在eclipse里面生成apk是不能被混淆的,必须手动导出

(三)如何手动用Eclipse默认的keystore导出安卓应用参考文章:

http://jingyan.baidu.com/article/3a2f7c2e61395d26afd61193.html




2,找到我们准备测试用的apk,并将 后缀.apk改为.zip

例:test.apk改为test.zip


3,将test.zip解压,并查看目录,找到classes.dex


4,并将classes.dex拷至dex2jar工具存放目录


5,打开控制台,使用cd指令进入到dex2jar工具存放的目录下


6,进入到dex2jar目录下后,输入“dex2jar.bat    classes.dex”指令运行

     执行完毕,查看dex2jar目录,会发现生成了classes.dex.dex2jar.jar文件


7,上一步中生成的classes.dex.dex2jar.jar文件,可以通过JD-GUI工具直接打开查看jar文件中的代码


----------------------------------------------------------------------------------------------------------------------------------

上面说了反编译的方法,现在说代码混淆:

1、修改混淆配置文件:找到项目根目录下的proguard-project.txt文件,修改其中代码,在末尾添加proguard.config=./proguard-android.txt

,这表示用当前目录下的配置文件,这部分是最关键;

2,proguard-android.txt文件编写:

注意:我的方法是,

1)找到sdk的路径C:\Program Files (x86)\Android\android-sdk\tools\proguard\proguard-android.txt

2)把proguard-android.txt文件拷贝到项目里面,如这个文件是默认的混淆文件,下图所示



3)我用了第三方jar 只是在末尾添加了这四个jar的混淆(

-dontwarn okio.**

-dontwarn okhttp.**
    -dontwarn okhttputils.**
    -dontwarn gson.**


整混淆文件如下:

# This is a configuration file for ProGuard.
# http://proguard.sourceforge.net/index.html#manual/usage.html
-dontusemixedcaseclassnames
-dontskipnonpubliclibraryclasses
-verbose

# Optimization is turned off by default. Dex does not like code run
# through the ProGuard optimize and preverify steps (and performs some
# of these optimizations on its own).
-dontoptimize
-dontpreverify
# Note that if you want to enable optimization, you cannot just
# include optimization flags in your own project configuration file;
# instead you will need to point to the
# "proguard-android-optimize.txt" file instead of this one from your
# project.properties file.

-keepattributes *Annotation*
-keep public class com.google.vending.licensing.ILicensingService
-keep public class com.android.vending.licensing.ILicensingService

# For native methods, see http://proguard.sourceforge.net/manual/examples.html#native
-keepclasseswithmembernames class * {
    native <methods>;
}

# keep setters in Views so that animations can still work.
# see http://proguard.sourceforge.net/manual/examples.html#beans
-keepclassmembers public class * extends android.view.View {
   void set*(***);
   *** get*();
}

# We want to keep methods in Activity that could be used in the XML attribute onClick
-keepclassmembers class * extends android.app.Activity {
   public void *(android.view.View);
}

# For enumeration classes, see http://proguard.sourceforge.net/manual/examples.html#enumerations
-keepclassmembers enum * {
    public static **[] values();
    public static ** valueOf(java.lang.String);
}

-keep class * implements android.os.Parcelable {
  public static final android.os.Parcelable$Creator *;
}

-keepclassmembers class **.R$* {
    public static <fields>;
}

# The support library contains references to newer platform versions.
# Don't warn about those in case this app is linking against an older
# platform version.  We know about them, and they are safe.
-dontwarn android.support.**
-dontwarn okio.**
-dontwarn okhttp.**
-dontwarn okhttputils.**
-dontwarn gson.**

4)直接运行的方式是不能应用proguard的。正确的方式是使用Eclipse的导出功能。在工程上右键->"Export..."->“Export Android Application”,导出apk包。可以使用Eclipse默认的keystore,具体的使用方法请参考小编前面一个文档http://jingyan.baidu.com/article/3a2f7c2e61395d26afd61193.html。

5)用dex2jar反编译导出的proguard_demo.apk,然后用jd-jui打开就看到代码呗混淆了



以上只是反编译和混淆的基础,混淆方面,我用的系统默认的混淆文件,然后添加了自己用的混淆的jar


阅读更多
想对作者说点什么?

博主推荐

换一批

没有更多推荐了,返回首页