Android apk 混淆代码(遇到的各种坑和解决方案)

     以前做的手机项目,并没有要求混淆,一直没时间去看,等到做了平板,有混淆的需求才要硬着头皮去看混淆到底是如何工作的,以及如何混淆验证成功,参考一篇博客,讲的非常详细,而且每一步都写的非常好,再次感谢作者的辛勤劳作:参考链接如下: 日积月累：Proguard进行源代码混淆和崩溃日志反混淆  ,关键是要先准备好两个工具,细节这篇博客讲到了,我说下我遇到的坑和问题:

    1.dex2jar工具（下载地址：http://code.google.com/p/dex2jar/）,开源的反编译的项目,可以将apk文件转成一个jar包

     2.jd-gui工具（下载地址：http://jd-gui.softpedia.com/）。 这个工具挺厉害的,可以将jar包反编译成具体的java代码

=================分割线========================正式混淆工作有可能遇到的问题如下======================================

     一.准备好了这些工作,就可以开始进行混淆的工作了,第一步,当然是找到你的android工程,按照上面的连接,给工程添加混淆的设置,如下图:

      这一步有可能你在project.properties文件如何添加混淆的文件,一共有两种方式,一种是新建一个proguard.cfg这种方式我没试过,不过高版本的sdk,建议还是使用proguard-project.txt每个工程默认都会有一个.   需要注意的是你需要在环境变量里面添加sdk的工程目录,如下图:

                        

    二.上述前期工作准备好后,就要在proguard-project.txt文件里面新建混淆的规则了,一般的原则是在libs的第三方jar需要保留,不进行混淆,默认的一些谷歌官方建议保留的activity也是需要保留的,这些文档都有,如下图我的工程里面的jar包,第一次进行签名打包时候,就遇到下面这么多错误:

[2016-08-17 18:33:40 - VerBank-APadClientStation] Proguard returned with error code 1. See console[2016-08-17 18:33:40 - VerBank-APadClientStation] Note: there were 1637 duplicate class definitions.[2016-08-17 18:33:40 - VerBank-APadClientStation] Warning: allone.MTP.VerBank01.Ctrl.comm.ipop.CtrlServerIPFather: can't find superclass or interface allone.MTP.VerBank01.comm.IPOP.IPFather[2016-08-17 18:33:40 - VerBank-APadClientStation] Warning: allone.MTP.VerBank01.Ctrl.comm.ipop.CtrlServerOPFather: can't find superclass or interface allone.MTP.VerBank01.comm.IPOP.OPFather[2016-08-17 18:33:40 - VerBank-APadClientStation] Warning: allone.MTP.VerBank01.Ctrl.comm.ipop.csts.CtrlCSTSIPFather: can't find superclass or interface allone.MTP.VerBank01.comm.IPOP.IPFather[2016-08-17 18:33:40 - VerBank-APadClientStation] Warning: allone.MTP.VerBank01.Ctrl.comm.ipop.csts.CtrlCSTSIPFather: can't find referenced class allone.MTP.VerBank01.comm.IPOP.IPFather[2016-08-17 18:33:40 - VerBank-APadClientStation] Warning: allone.MTP.VerBank01.Ctrl.comm.ipop.csts.CtrlCSTSIPFather: can't find referenced class allone.MTP.VerBank01.comm.IPOP.IPFather[2016-08-17 18:33:40 - VerBank-APadClientStation] Warning: allone.crypto.RSA.RSACrypt: can't find referenced class sun.security.rsa.RSAPublicKeyImpl[2016-08-17 18:33:40 - VerBank-APadClientStation] Warning: allone.crypto.RSA.RSACrypt: can't find referenced class sun.security.rsa.RSAPublicKeyImpl[2016-08-17 18:33:40 - VerBank-APadClientStation] Warning: allone.crypto.RSA.RSACrypt: can't find referenced class sun.security.rsa.RSAPublicKeyImpl[2016-08-17 18:33:40 - VerBank-APadClientStation] Warning: com.google.android.gcm.server.Sender: can't find referenced class org.json.simple.JSONValue[2016-08-17 18:33:40 - VerBank-APadClientStation] Warning: com.google.android.gcm.server.Sender: can't find referenced class org.json.simple.parser.JSONParser[2016-08-17 18:33:40 - VerBank-APadClientStation] Warning: com.sun.mail.imap.protocol.IMAPSaslAuthenticator: can't find referenced class javax.security.sasl.Sasl[2016-08-17 18:33:40 - VerBank-APadClientStation] Warning: com.sun.mail.imap.protocol.IMAPSaslAuthenticator: can't find referenced class javax.security.sasl.SaslException[2016-08-17 18:33:40 - VerBank-APadClientStation] Warning: com.sun.mail.imap.protocol.IMAPSaslAuthenticator: can't find referenced class javax.security.sasl.SaslClient[2016-08-17 1

          我只列出了一部分,总共有1400行,看到这些你是不是下了一大跳,警告也是无法顺利导出jar包,所以还得硬着头皮解决,其实吧,没那么恐怖,看到上面的总说找不到的警告,你可以将这些类告诉混淆工具不要进行警告,这样就能避免很多的错误,如下我的解决方式,(注:其实就是警告什么,就告诉它不要警告,写出来具体的路径和类名)

-libraryjars libs/activation.jar-libraryjars libs/armeabi/libtwcajniV10100U20150115.so-libraryjars libs/additionnal.jar-libraryjars libs/commons-codec-1.3.jar-libraryjars libs/gcm-server.jar-libraryjars libs/gcm.jar-libraryjars libs/javax.mail.jar-libraryjars libs/nineoldandroids-2.4.0.jar-libraryjars libs/TWCAcMobileAPI.jar<span style="color:#ff0000;">-libraryjars libs/VerBank-CSTSv3-ClientAPI.jar-dontwarn  allone.**-dontnote  allone.**-keep class allone.**{*;}-dontwarn  jedi.**-dontnote  jedi.**-keep class jedi.**{*;}-dontwarn  debug.**-dontnote  debug.**-keep class debug.**{*;}</span>-dontwarn org.apache.log4j.lf5.viewer.**-dontnote org.apache.log4j.lf5.viewer.**-dontwarn com.sun.mail.**-dontnote com.sun.mail.**-dontwarn  com.google.android.gcm.**-dontnote  com.google.android.gcm.**-dontwarn  sun.security.rsa.RSAPublicKeyImpl-dontnote  sun.security.rsa.RSAPublicKeyImpl-dontwarn sun.misc.Unsafe-dontwarn com.google.common.collect.MinMaxPriorityQueue-dontwarn javax.swing.**-dontwarn java.awt.**-dontwarn org.jasypt.encryption.pbe.**-dontwarn java.beans.**-dontwarn org.joda.time.**-dontwarn com.google.android.gms.**-dontwarn org.w3c.dom.bootstrap.**-dontwarn com.ibm.icu.text.**-dontwarn demo.**

        注注注:重要的事情说三遍,你也许将很多警告去掉了,但签名打包完成,以为可以顺利运行了,没想到一旦使用到第三方的jar包,程序就奔溃,我分析就是混淆工具将我的第三方的一些类也进行混淆了,导致无法识别,所以呢,我们需要将第三方路径上的class都保留,不要进行混淆如下:

-libraryjars libs/VerBank-CSTSv3-ClientAPI.jar   //这里这样写虽然说是不混淆,但我测试发现,有些类还是混淆了,所以才会写下面的保持类不混淆的写法-dontwarn  allone.**-dontnote  allone.**  //注意**和**{*;}的区别, -keep class allone.**这样只能保留一层文件夹,如果下面有好多文件夹需要保留,需要携程**{*;}这是我实验出来,由于缺少必要的资料,这个坑试了好久才发现.-keep class allone.**{*;}-dontwarn  jedi.**-dontnote  jedi.**-keep class jedi.**{*;}-dontwarn  debug.**-dontnote  debug.**-keep class debug.**{*;}

     这里有一个很大的坑就是:使用-libraryjars libs/第三方jar包,在运行的时候,使用这个第三方类还是会报错,我只能使用keep 写上具体出错的类,然后解决了这个问题:

注意**和**{*;}的区别, -keep class allone.**这样只能保留一层文件夹,如果下面有好多文件夹需要保留,需要携程**{*;}这是我实验出来,由于缺少必要的资料,这个坑试了好久才发现.

       三,以下是我工程完整的proguard-project.txt,你需要结合自己使用到的工程jar包,和具体的报错信息,进行处理就可以了,总体的原则就是那里出错,就告诉他不要再警告,如果第三方达成jar包还是有错的话,就将第三方具体的类和class路径所有的类都keep,不进行混淆,这样之后就不会有问题,文件如下:

# To enable ProGuard in your project, edit project.properties# to define the proguard.config property as described in that file.## Add project specific ProGuard rules here.# By default, the flags in this file are appended to flags specified# in ${sdk.dir}/tools/proguard/proguard-android.txt# You can edit the include path and order by changing the ProGuard# include property in project.properties.## For more details, see#   http://developer.android.com/guide/developing/tools/proguard.html# Add any project specific keep options here:# If your project uses WebView with JS, uncomment the following# and specify the fully qualified class name to the JavaScript interface# class:#-keepclassmembers class fqcn.of.javascript.interface.for.webview {#   public *;#}-optimizationpasses 5   #混淆时不会产生形形色色的类名   -dontusemixedcaseclassnames-dontskipnonpubliclibraryclasses#//指定不去忽略非公共的类库   -dontpreverify#//不预校验   -verbose   -optimizations !code/simplification/arithmetic,!field/*,!class/merging/*//优化   -libraryjars libs/activation.jar-libraryjars libs/armeabi/libtwcajniV10100U20150115.so-libraryjars libs/additionnal.jar-libraryjars libs/commons-codec-1.3.jar-libraryjars libs/gcm-server.jar-libraryjars libs/gcm.jar-libraryjars libs/javax.mail.jar-libraryjars libs/nineoldandroids-2.4.0.jar-libraryjars libs/TWCAcMobileAPI.jar-libraryjars libs/VerBank-CSTSv3-ClientAPI.jar-dontwarn  allone.**-dontnote  allone.**-keep class allone.**{*;}-dontwarn  jedi.**-dontnote  jedi.**-keep class jedi.**{*;}-dontwarn  debug.**-dontnote  debug.**-keep class debug.**{*;}-dontwarn org.apache.log4j.lf5.viewer.**-dontnote org.apache.log4j.lf5.viewer.**-dontwarn com.sun.mail.**-dontnote com.sun.mail.**-dontwarn  com.google.android.gcm.**-dontnote  com.google.android.gcm.**-dontwarn  sun.security.rsa.RSAPublicKeyImpl-dontnote  sun.security.rsa.RSAPublicKeyImpl-dontwarn sun.misc.Unsafe-dontwarn com.google.common.collect.MinMaxPriorityQueue-dontwarn javax.swing.**-dontwarn java.awt.**-dontwarn org.jasypt.encryption.pbe.**-dontwarn java.beans.**-dontwarn org.joda.time.**-dontwarn com.google.android.gms.**-dontwarn org.w3c.dom.bootstrap.**-dontwarn com.ibm.icu.text.**-dontwarn demo.**-libraryjars libs/Android-support-v4.jar-dontwarn android.support.v4.**-keep class android.support.**{*;}-keep interface android.support.v4.app.**{*;}-keep public class * extends android.support.v4.**-keep public class * extends android.app.Fragment   #不进行混淆保持原样      -keep public class * extends android.app.Activity -keep public class * extends android.app.Application -keep public class * extends android.app.Service -keep public class * extends android.content.BroadcastReceiver -keep public class * extends android.content.ContentProvider -keep public class * extends android.app.backup.BackupAgentHelper -keep public class * extends android.preference.Preference -keep public class com.android.vending.licensing.ILicensingService -keepattributes Signature-keepattributes *Annotation*-keep class **.R$* { *; } -keepclasseswithmembernames class * {native <methods>;}-keepclasseswithmembers class * {public <init>(android.content.Context, android.util.AttributeSet);}-keepclasseswithmembers class * {public <init>(android.content.Context, android.util.AttributeSet, int);}-keepclassmembers class * extends android.app.Activity {public void *(android.view.View);}-keepclassmembers enum * {public static **[] values();public static ** valueOf(java.lang.String);}-keep class * implements android.os.Parcelable {public static final android.os.Parcelable$Creator *;}

       最后的结果截图如下: 

    花了好长时间终于解决了,过程虽然很艰辛,但是解决了,欢迎拍砖,有问题可以问我,很高兴为你解答.