Of Stack

Summary of Writing Methods of Android Code Confusion

  • 2021-08-21 21:37:40
  • OfStack

The Apk file is decompiled to get the code inside. In this case, we can confuse the project code and randomly generate difficult class names and method names, which makes the code difficult to read and increases the difficulty of stealing functions. Obfuscation can compress Apk, obfuscate files, pre-check and optimize.

1. Use mode. Set minifyEnabled to true in gradle file to start confusion 


buildTypes {
    release {
      minifyEnabled ture // Whether to turn on code obfuscation 
      proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.pro'
    }
  }

Confusion is written in the proguard-android. txt file.

2. Confuse setting parameters

-optimizationpasses 4 code obfuscation compression ratio with a value between 0 and 7

-dontusemixedcaseclassnames all types are lowercase after confusion

-dontskipnonpubliclibraryclasses does not ignore non-public library classes

-dontoptimize does not optimize input class files

-dontpreverify does not perform pre-verification operation

-ignorewarnings Ignore Warning

-verbose log when obfuscated

-keepattributes Annotation Protection Notes

-printmapping proguardMapping. txt Mapping file for generating original and obfuscated class names

-optimizations! code/simplification/cast,! field/,! class/merging/Specifies the algorithm used for obfuscation

3. Keep your settings unobscured

Keep Entity Classes Unconfused

-keep class the package where your entity classes are located. ** {*;}

Keep the four major components, Application and Fragment not confused 


-keep public class * extends android.app.Application
-keep public class * extends android.app.Activity
-keep public class * extends android.app.Fragment
-keep public class * extends android.support.v4.app.Fragment
-keep public class * extends android.app.Fragment
-keep public class * extends android.app.Service
-keep public class * extends android.content.BroadcastReceiver
-keep public class * extends android.content.ContentProvider
-keep public class * extends android.preference.Preference

Keep the native method unconfused 


-keepclasseswithmembernames class * { 
  native <methods>;
}

Keep the enumeration enum class unconfused 


-keepclassmembers enum * { 
  public static **[] values();
  public static ** valueOf(java.lang.String);
}

Keep Parcelable unconfused 


-keep class * implements android.os.Parcelable {  
  public static final android.os.Parcelable$Creator *;
}

Keep the third party package not confused. For example, WeChat and Alipay are used here to pay the third party 


# Alipay confusion 
-keep class com.alipay.android.app.IAlixPay{*;}
-keep class com.alipay.android.app.IAlixPay$Stub{*;}
-keep class com.alipay.android.app.IRemoteServiceCallback{*;}
-keep class com.alipay.android.app.IRemoteServiceCallback$Stub{*;}
-keep class com.alipay.sdk.app.PayTask{ public *;}
-keep class com.alipay.sdk.app.AuthTask{ public *;}

# WeChat payment confusion 
-keep class com.tencent.mm.opensdk.** {*;}
-keep class com.tencent.wxop.** {*;}
-keep class com.tencent.mm.sdk.** {*;}

4. Complete example of confusion: 


# Specify the compression level of the code 
-optimizationpasses 5

# Package name does not mix case 
-dontusemixedcaseclassnames

# Do not ignore non-public library classes 
-dontskipnonpubliclibraryclasses

 # Optimization   Class files that are not optimized for input 
-dontoptimize

 # Pre-check 
-dontpreverify

 # Whether to log when confused 
-verbose

# Ignore warnings 
-ignorewarning

# Protection annotation 
-keepattributes *Annotation*

-keep public class * extends android.app.Application
-keep public class * extends android.app.Activity
-keep public class * extends android.app.Fragment
-keep public class * extends android.support.v4.app.Fragment
-keep public class * extends android.app.Fragment
-keep public class * extends android.app.Service
-keep public class * extends android.content.BroadcastReceiver
-keep public class * extends android.content.ContentProvider
-keep public class * extends android.preference.Preference

-keepclasseswithmembernames class * {
  native <methods>;
}
-keepclassmembers class * extends android.app.Activity {
  public void *(android.view.View);
}
-keepclassmembers enum * {
  public static **[] values();
  public static ** valueOf(java.lang.String);
}
-keep class * implements android.os.Parcelable {
 public static final android.os.Parcelable$Creator *;
}
-keepclassmembers class **.R$* {
  *;
}
-keep class * extends android.view.View{*;}
-keep class * extends android.app.Dialog{*;}
-keep class * implements java.io.Serializable{*;}

#butterknife
-keep class butterknife.** { *; }
-dontwarn butterknife.internal.**
-keep class **$$ViewBinder { *; }

#volley
-dontwarn com.android.volley.**
-keep class com.android.volley.**{*;}

#fastjson
-dontwarn com.alibaba.fastjson.**
-keep class com.alibaba.fastjson.**{*;}

#happy-dns
-dontwarn com.qiniu.android.dns.**
-keep class com.qiniu.android.dns.**{*;}

#okhttp
-dontwarn com.squareup.okhttp.**
-keep class com.squareup.okhttp.**{*;}

-keep class okio.**{*;}

-keep class android.net.**{*;}
-keep class com.android.internal.http.multipart.**{*;}
-keep class org.apache.**{*;}

-keep class com.qiniu.android.**{*;}

-keep class android.support.annotation.**{*;}

-keep class com.squareup.wire.**{*;}

-keep class com.ant.liao.**{*;}

# Tencent 
-keep class com.tencent.**{*;}

-keep class u.aly.**{*;}

#ImageLoader
-keep class com.nostra13.universalimageloader.**{*;}

# Friendship League 
-dontwarn com.umeng.**
-keep class com.umeng.**{*;}

#pulltorefresh
-keep class com.handmark.pulltorefresh.** { *; }
-keep class android.support.v4.** { *;}
-keep public class * extends android.support.v4.**{
 public protected *;}
-keep class android.support.v7.** {*;}

Try to add confusion with a simple project, and try the effect with a package.

Related articles: