Reference article:

Android often confuses configurations

Android confuses the transition from beginner to master

Android Code confusion

Stadio Mapping android stadio Mapping android Stadio Mapping

Introduce a,

What is code obfuscation

Use meaningless short variables to rename classes, variables, and methods so that code is not easily cracked and leaked.

Functions and Disadvantages

1. Protect core functions from leakage
2. Apk thin body

Disadvantages:

1. It may confuse code that cannot be confused, causing a crash

Two, Android use code confusion

Open the confusion

Android Studio’s own Java integrated ProGuard is a compression, optimization, and obfuscation tool that works well with Gradle build tools.

Simply set minifyEnabled to true in the gradle file in the project application directory and add obfuscation rules to the proGuard-rules.pro file.

buildTypes {
    debug {
        minifyEnabled false / / confusion
        zipAlignEnabled true / / the Zipalign optimization
        shrinkResources true // Remove useless resource files
        proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.pro' // Load the default obfuscation configuration file
        signingConfig signingConfigs.debug / / signature
    }
    release {
        minifyEnabled true / / confusion
        zipAlignEnabled true / / the Zipalign optimization
        shrinkResources true // Remove useless resource files
        proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.pro' // Load the default obfuscation configuration file
        signingConfig signingConfigs.relealse / / signature}}Copy the code

ProGuard role

Shrinking: Enabled by default to reduce application size, remove unused classes and members, and perform again after the optimization action (which might expose unused classes and members again).

-dontshrink turns off compressionCopy the code

Optimization: Enabled by default, optimizations are performed at the bytecode level to make applications run faster.

- Dontoptimize - OptimizationPasses n Specifies the number of times proGuard has iteratively optimized the code5
Copy the code

Obfuscation: This is enabled by default to make decomcompiling difficult. Classes and class members are named randomly, unless protected by Keep.

- Dontobfuscate closes obfuscateCopy the code

In confusion after the default project directory app/build/outputs/mapping/release generated under a mapping. TXT file, which is a mapping file, you can read the obfuscated code according to this document back to the source code.

In principle, the more chaotic the code, the better, but there are some areas to avoid confusion, otherwise the program will run wrong, so you need to use obfuscation rules.

Confuse the rules

1. Basic commands

Removal refers to whether to be removed when Shrinking.

2. The basic grammar

• Class: Fully qualified names are required;
• * : wildcard, arbitrary string, without package name delimiter (.) ;
• ** : Wildcard, arbitrary string, including package name delimiter (.) ;
• Extends: extends a class;
• Implement: a class that implements an interface.
• $: inner class;
• : all constructors;
• : All member variables;
• : all methods;
• … : Arbitrary parameter;
• Modifier: public private protected

Example:

-keep class cn.hadcn.test. * * -keep class cn.hadcn.test. *Copy the code

* indicates that only the class names under this package are kept, while the class names under subpackages are confused.

** indicates that the class names under this package and its subpackages are kept.

If you want to keep the class name and the contents of the class from being confused, you need to use the following methods:

-keep class cn.hadcn.test.* {*; }

It also supports the use of basic Java rules to protect specific classes from being confused, such as extend, Implement, etc., to prevent all objects that inherit a class or interface from being confused:

-keep public class * extends android.app.Activity

To keep the inner classes of a class from being obfuscated, use the $symbol. The following example shows that all public contents of the JavaScriptInterface class inside a ScriptFragment are not obfuscated.

-keepclassmembers class cc.ninty.chat.ui.fragment.ScriptFragment$JavaScriptInterface {
    public *;
}
Copy the code

All public methods under class One are not confused. You can also add arguments, such as the constructor that uses JSONObject as an input parameter

-keep class cn.hadcn.test.One {
    public <init>(org.json.JSONObject);
}
Copy the code

3. Other commands

#Set the compression ratio of confusion to 0 to 7- OptimizationPasses 5 # Do not use case mix when obturating, Obfuscated class called lowercase - dontusemixedcaseclassnames # specified not to ignore the public library classes - dontskipnonpubliclibraryclasses # specified not to ignore the members of the public library - no do preverification dontskipnonpubliclibraryclassmembers # confusion - no logging dontpreverify # confusion - verbose # # ignore the warning - ignorewarning code optimization - Dontshrink # do not optimize input class files -dontoptimize # Keep annotations without obfuscating - KeepAttributes *Annotation*,InnerClasses # Avoid obfuscating generics - keepAttributes Signature # reservation code line number, convenient exception information tracking - keepattributes SourceFile, LineNumberTable # confuse the algorithm - optimizations. code/simplification/cast,! field/*,! class/merging/*#The dump. TXT file lists the internal structure of all classes in the APK package
-dump class_files.txt
#The seeds.txt file lists the unmixed classes and members
-printseeds seeds.txt
#The usage.txt file lists the code removed from APK
-printusage unused.txt
#The mapping. TXT file lists the mappings before and after the confusion
-printmapping mapping.txt
Copy the code

Four, notes

1. The JNI method should not be confused because it needs to be consistent with the native method.
2. The classes used by reflection are not confused (otherwise reflection may have problems);
3. Enumeration classes are not confused
4. Classes in AndroidMainfest are not confused, so the four major components and subclasses of Application and all classes under the Framework are not confused by default. Custom views are also not confused by default; So there’s no need to add rules like the ones posted online to exclude custom views, or the confusion of the four components;
5. When interacting with the server, when using frameworks such as GSON and FastJSON to parse the server data, the JSON object classes written are not confused; otherwise, JSON cannot be parsed into corresponding objects.
6. When using third-party open source libraries or referencing SDK packages of other third parties, add corresponding obfuscation rules to the obfuscation file if there are special requirements.
7. JS calls to WebView also need to ensure that the interface method written is not confused, this method needs to be consistent with the JS call method;
8. Parcelable subclasses and Creator of a static member variables don’t confuse,. Otherwise it will produce the Android OS. BadParcelableException exception;

5. Mapping file

The mapping file is used to view before and after code obfuscation. It is usually used to check online bugs.

Mapping_ ****_. TXT in the package is the mapping file generated by this compilation

Format for:

Original name -> Name after confusion

The Slardar platform supports uploading a mapping file to remap stack information

The Android SDK comes with the Android-SDK-tools-proguard-bin-ProGuardGUI tool, which can map the confused stack information to the original stack information.