Android开发之常用第三方库混淆字段

时间:2021-04-23 13:17:10

在Android开发中, 经常使用别人的第三方库, 开发完成后, 我们需要对apk进行压缩, 混淆, 这样别人就很难看懂你的代码了, 就算反编译过来也看不懂(大牛除外). 下面收集一些目前我正在使用的混淆字段, 我有个项目apk是10M, 压缩混淆后只有3.4M, 很爽的哟.

开启压缩和混淆

要开启混淆, 一般只需要把minifyEnabled设置为true就好了.

buildTypes {
        release {
            minifyEnabled true
            proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.pro'
        }
    }

常用库混淆

  • agentweb
-keep class com.just.agentweb.** {     *;
}
-dontwarn com.just.agentweb.** 
-dontwarn javax.annotation.** -dontwarn javax.inject.**
  • OkHttp3
-dontwarn okhttp3.logging.** -keep class okhttp3.internal.**{*;} -dontwarn okio.**
  • Retrofit
-dontwarn retrofit2.** -keep class retrofit2.** { *; } -keepattributes Signature-keepattributes -keep class io.haobi.wallet.network.** { *; } 
  • RxJava RxAndroid
-dontwarn sun.misc.**
-keepclassmembers class rx.internal.util.unsafe.*ArrayQueue*Field* {
    long producerIndex;
    long consumerIndex;
}
-keepclassmembers class rx.internal.util.unsafe.BaseLinkedQueueProducerNodeRef {
    rx.internal.util.atomic.LinkedQueueNode producerNode;
}
-keepclassmembers class rx.internal.util.unsafe.BaseLinkedQueueConsumerNodeRef {
    rx.internal.util.atomic.LinkedQueueNode consumerNode;
}
  • Gson
-keepattributes EnclosingMethod -keep class io.haobi.wallet.beans.** { *; } -keep class sun.misc.Unsafe { *; } -keep class com.google.gson.stream.** { *; } -keep class com.google.gson.examples.android.model.** { *; } -keep class com.google.gson.** { *;}
  • EventBus
-keepattributes *Annotation*
-keepclassmembers class * {
    @org.greenrobot.eventbus.Subscribe <methods>;
}
-keep enum org.greenrobot.eventbus.ThreadMode { *; }

# Only required if you use AsyncExecutor
-keepclassmembers class * extends org.greenrobot.eventbus.util.ThrowableFailureEvent {
    <init>(java.lang.Throwable);
}
  • LRecyclerview
-dontwarn com.github.jdsjlzx.**
-keep class com.github.jdsjlzx.progressindicator.indicators.** { *; }
  • Glide
-keep public class * implements com.bumptech.glide.module.GlideModule -keep public class * extends com.bumptech.glide.module.AppGlideModule -keep public enum com.bumptech.glide.load.ImageHeaderParser$** {
  **[] $VALUES;
  public *;
}
  • bitcoinj
-keep,includedescriptorclasses class org.bitcoinj.wallet.Protos$** { *; }
-keepclassmembers class org.bitcoinj.wallet.Protos { com.google.protobuf.Descriptors$FileDescriptor descriptor; }
-keep,includedescriptorclasses class org.bitcoin.protocols.payments.Protos$** { *; }
-keepclassmembers class org.bitcoin.protocols.payments.Protos { com.google.protobuf.Descriptors$FileDescriptor descriptor; }
-dontwarn org.bitcoinj.store.WindowsMMapHack
-dontwarn org.bitcoinj.store.LevelDBBlockStore
-dontnote org.bitcoinj.crypto.DRMWorkaround
-dontnote org.bitcoinj.crypto.TrustStoreLoader$DefaultTrustStoreLoader
-dontnote com.subgraph.orchid.crypto.PRNGFixes
-dontwarn okio.DeflaterSink
-dontwarn okio.Okio
-dontnote com.squareup.okhttp.internal.Platform
-dontwarn org.bitcoinj.store.LevelDBFullPrunedBlockStore**
  • Spongycastle
-dontwarn org.spongycastle.**
  • jackson
-keepnames class com.fasterxml.jackson.** {
*;
}
-keepnames interface com.fasterxml.jackson.** {
    *;
}
-dontwarn com.fasterxml.jackson.databind.**
  • slf4j
-keep class org.slf4j.** { *; } -dontwarn org.slf4j.**
  • android-support
-dontwarn android.support.**
-dontnote android.support.**
-keep class android.support.v7.widget.RoundRectDrawable { *; }

-keepclassmembers class **.R$* {
    public static <fields>;
}

-keepclassmembers class * implements android.os.Parcelable {
    public static final android.os.Parcelable$Creator CREATOR;
}

-keepclassmembers enum * {
    public static **[] values();
    public static ** valueOf(java.lang.String);
}

-keepclasseswithmembernames,includedescriptorclasses class * {
    native <methods>;
}

-keepclassmembers,includedescriptorclasses public class * extends android.view.View {
    void set*(***);
    *** get*();
}

-keepclassmembers class * extends android.app.Activity {
    public void *(android.view.View);
}

-keepclassmembers class * implements java.io.Serializable {
    private static final java.io.ObjectStreamField[] serialPersistentFields;
    private void writeObject(java.io.ObjectOutputStream);
    private void readObject(java.io.ObjectInputStream);
    java.lang.Object writeReplace();
    java.lang.Object readResolve();
}

神混淆-自定义字典

通常我们反编译的混淆后java代码, 会依稀看清楚某些代码构成, 这对于代码保护不利, 那么应该怎么办呢? 还有种神混淆, 那么就是自定义混淆字典.我们先来看一下他们的区别

  • 自定义字典前

Android开发之常用第三方库混淆字段

  • 自定义字典后

Android开发之常用第三方库混淆字段

感觉如何? 是不是很让人头大, 那么应该如何实现这种效果呢? 这个时候就需要一个自定义混淆字典了. 只需要在混淆文件里面加入以下代码

-obfuscationdictionary dic.txt -classobfuscationdictionary dic.txt -packageobfuscationdictionary dic.txt

dic.txt的位置在项目根目录/app/dic.txt, 是不是很简单啦? 自定义字典下载地址:dic.txt