studio代码混淆配置,Java应用代码混淆介绍

时间:2019-09-18 15:50来源: 操作系统
android studio代码混淆文本编写 混淆相关 -* 在build.gradle里面开启minifyEnabled true** debug { minifyEnabled true proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-project.pro' } /*注:proguard-projec

android studio代码混淆文本编写

图片 1混淆相关

-*在build.gradle里面开启minifyEnabled true**

 debug { minifyEnabled true proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-project.pro' } /*注:proguard-project.pro为混淆文本名称

-配备如下

#---------------------------------基本指令区----------------------------------#指定代码的压缩级别-optimizationpasses 5 #预校验-dontpreverify-printmapping proguardMapping.txt# 指定混淆时采用的算法,后面的参数是一个过滤器-optimizations !code/simplification/cast,!field/*,!class/merging/*#保护注解-keepattributes *Annotation*,InnerClasses-keep class * extends java.lang.annotation.Annotation { *; }#避免混淆泛型-keepattributes Signature-keepattributes SourceFile,LineNumberTable-ignorewarnings #忽略警告 #混淆时是否记录日志-verbose#包明不混合大小写-dontusemixedcaseclassnames#优化 不优化输入的类文件-dontoptimize#---------------------------------默认保留区---------------------------------#继承activity,application,service,broadcastReceiver,contentprovider....不进行混淆#-keep public class * extends android.app.Activity-keep public class * extends android.app.Application-keep public class * extends android.support.multidex.MultiDexApplication-keep public class * extends android.app.Service-keep public class * extends android.content.BroadcastReceiver-keep public class * extends android.content.ContentProvider-keep public class * extends android.app.backup.BackupAgentHelper-keep public class * extends android.preference.Preference-keep public class * extends android.view.View-keep public class com.android.vending.licensing.ILicensingService-keep class android.support.** {*;}-keep public class * extends android.view.View{ *** get*(); void set*; public <init>(android.content.Context); public <init>(android.content.Context, android.util.AttributeSet); public <init>(android.content.Context, android.util.AttributeSet, int);}-keepclasseswithmembers class * { public <init>(android.content.Context, android.util.AttributeSet); public <init>(android.content.Context, android.util.AttributeSet, int);}#这个主要是在layout 中写的onclick方法android:onclick="onClick",不进行混淆-keepclassmembers class * extends android.app.Activity { public void *(android.view.View);}#-----------实体类---------#修改成你对应的包名-keep public class 当前包名.**{*;}#保持 Serializable 不被混淆-keepnames class * implements java.io.Serializable#保持 Serializable 不被混淆并且enum 类也不被混淆-keepclassmembers class * implements java.io.Serializable { static final long serialVersionUID; private static final java.io.ObjectStreamField[] serialPersistentFields; !static !transient <fields>; !private <fields>; !private <methods>; private void writeObject(java.io.ObjectOutputStream); private void readObject(java.io.ObjectInputStream); java.lang.Object writeReplace(); java.lang.Object readResolve();}#保持枚举 enum 类不被混淆-keepclassmembers enum * { public static **[] values(); public static ** valueOf(java.lang.String);}-keepclassmembers class * { public void *ButtonClicked(android.view.View);}#保持 Parcelable 不被混淆-keep class * implements android.os.Parcelable { public static final android.os.Parcelable$Creator *;}#Parcelable实现类除了不能混淆本身之外,为了确保类成员也能够被访问,类成员也不能被混淆-keepclassmembers class * implements android.os.Parcelable { public <fields>; private <fields>;}#不混淆资源类-keep class **.R$* { *;}-keepclassmembers class * { void *;}#// natvie 方法不混淆-keepclasseswithmembernames class * { native <methods>;}#---------------------------------webview-------------------------------------keepclassmembers class fqcn.of.javascript.interface.for.Webview { public *;}-keepclassmembers class * extends android.webkit.WebViewClient { public void *(android.webkit.WebView, java.lang.String, android.graphics.Bitmap); public boolean *(android.webkit.WebView, java.lang.String);}-keepclassmembers class * extends android.webkit.WebViewClient { public void *(android.webkit.WebView, jav.lang.String);}# support-v4#https://stackoverflow.com/questions/18978706/obfuscate-android-support-v7-widget-gridlayout-issue-dontwarn android.support.v4.**-keep class android.support.v4.app.** { *; }-keep interface android.support.v4.app.** { *; }-keep class android.support.v4.** { *; }#---------------------------------第三方jar包--------------------------------keepclasseswithmembernames class com.xiaomi.**{*;}-keep public class * extends com.xiaomi.mipush.sdk.PushMessageReceiver-dontwarn com.xiaomi.push.service.b-keep class org.apache.http.**-keep interface org.apache.http.**-dontwarn org.apache.**-dontwarn android.support.**#不去忽略非公共的库类-dontskipnonpubliclibraryclassmembers-dontskipnonpubliclibraryclasses#--------------------阿里Hotfix----------------------keep class * extends java.lang.annotation.Annotation-keepclasseswithmembernames class * { native <methods>;}-keep class com.alipay.euler.andfix.**{ *;}-keep class com.taobao.hotfix.aidl.**{*;}-keep class com.ta.utdid2.device.**{*;}-keep class com.taobao.hotfix.HotFixManager{ public *;}#---fastjson----keep class com.alibaba.fastjson.** {*;}-dontwarn com.alibaba.fastjson.**-keepclassmembers class * {public <methods>;}#------gson-------dontwarn com.google.gson.**-keep class com.google.gson.** {*;}-keep class com.google.**{*;}-keep class sun.misc.Unsafe { *; }-keep class com.google.gson.stream.** { *; }-keep class com.google.gson.examples.android.model.** { *; }#dom4j-dontwarn org.dom4j.**-keep class org.dom4j.** {*;}#-libraryjars libs/httpcore-4.3.2.jar-dontwarn org.apache.http.** -keep class org.apache.http.** { *; } #----------以下内容可根据情况开启混淆日志记录-------##记录生成的日志数据,gradle build时在本项目根目录输出###apk 包内所有 class 的内部结构-dump proguard/class_files.txt#未混淆的类和成员-printseeds proguard/seeds.txt#列出从 apk 中删除的代码-printusage proguard/unused.txt#混淆前后的映射-printmapping proguard/mapping.txt#移除Log类打印各个等级日志的代码,打正式包的时候可以做为禁log使用,这里可以作为禁止log打印的功能使用,另外的一种实现方案是通过BuildConfig.DEBUG的变量来控制#-assumenosideeffects class android.util.Log {# public static *** v;# public static *** i;# public static *** d;# public static *** w;# public static *** e;#}

其三方jar包的安插优先推荐去官方网站下载sdk 会有模糊做法,当然熟悉的话完全能够团结安排。-jar包配置

正文简单介绍一下开源Java混淆编写翻译工具ProGuard的其实使用案例。大家明白一点景况下软件的撰稿人须要维护软件本身不被使用者反编写翻译,恐怕给对方反编写翻译创制一定的阻力,为了达成这些目标大家能够有成都百货上千比不上的做法,举例在编写翻译的经过中把有个别变量名替换到无意义的abcd恐怕将类名方法打垮等等,成立一些杂乱无章让反编写翻译的人很难读懂你的逻辑;还应该有一种是对java编写翻译后的class文件加密,然后用自定义的classLoader去解密并加载到JVM,这种措施有个问题,一旦对方得到您这些自定义的ClassLoader那么保密也就不设有了。相信类似的技能手腕还会有大多,用ProGuard对Spring Boot的应用做混淆管理,文末有示范代码,这里只记录主要步骤:

其三方jar有三种依赖情势

1.maven不须求注明该jar包

2.libs下地面依赖jar包要求申明

以上为混淆打包配置中央做法,有标题迎接私信留言

  1. 混淆工具正视到工程pom.xml
  2. guard.conf到Spring boot应用
  • 不包罗 hibernate模型的字段大概隐式配置的列名
  • 不包蕴 JpaRepository类的办法名
  1. 配置proguard-maven-plugin
  • 内定proguard.conf文件地点
  • 添加java runtime包
<libs> <lib>${java.home}/lib/rt.jar</lib> </libs>
  • 点名想要混淆的模块名称,proguard maven 插件会将其调换来–injar参数,举例:
<assembly> <inclusions> <inclusion> <groupId>org.alext.learning</groupId> <artifactId>bsmod</artifactId> </inclusion> </inclusions></assembly>
  1. Proguar会把具有injars合併到四个公家的混淆jar包,所以那边还索要把未混淆的jar从Spring boot的输出jar里面去掉,这里能够用spring-boot-maven-plugin来驱除上一步钦定的injars
<configuration> <excludes> <exclude> <groupId>org.alext.learning</groupId> <artifactId>bsmod</artifactId> </exclude> </excludes></configuration>
  1. 运作混淆编写翻译
mvn clean package -DskipTests=true -P obfuscation
  1. 运行jar
 java -jar uxmod/target/uxmod-1.0-SNAPSHOT.jar 

访问

图片 2mark浏览输出jar文件可以看出uxmod-1.0-SNAPSHOT.jarBOOT-INFlib不分包大家前面内定的-injars模块(bsmod.jar)。bsmod类与uxmod类合併到一道,混淆后的类在uxmod-1.0-SNAPSHOT.jarclasses

上例中的完整代码能够在github上找到请参见

编辑: 操作系统 本文来源:studio代码混淆配置,Java应用代码混淆介绍

关键词: