Android apk 混淆代码(遇到的各种坑和解决方案)
来源:互联网 发布:淘宝网店怎么管理库存 编辑:程序博客网 时间:2024/05/17 13:14
以前做的手机项目,并没有要求混淆,一直没时间去看,等到做了平板,有混淆的需求才要硬着头皮去看混淆到底是如何工作的,以及如何混淆验证成功,参考一篇博客,讲的非常详细,而且每一步都写的非常好,再次感谢作者的辛勤劳作:参考链接如下: 日积月累:Proguard进行源代码混淆和崩溃日志反混淆 ,关键是要先准备好两个工具,细节这篇博客讲到了,我说下我遇到的坑和问题:
1.dex2jar工具(下载地址:http://code.google.com/p/dex2jar/),开源的反编译的项目,可以将apk文件转成一个jar包
2.jd-gui工具(下载地址:http://jd-gui.softpedia.com/)。 这个工具挺厉害的,可以将jar包反编译成具体的java代码
=================分割线========================正式混淆工作有可能遇到的问题如下======================================
一.准备好了这些工作,就可以开始进行混淆的工作了,第一步,当然是找到你的android工程,按照上面的连接,给工程添加混淆的设置,如下图:
这一步有可能你在project.properties文件如何添加混淆的文件,一共有两种方式,一种是新建一个proguard.cfg这种方式我没试过,不过高版本的sdk,建议还是使用proguard-project.txt每个工程默认都会有一个. 需要注意的是你需要在环境变量里面添加sdk的工程目录,如下图:
二.上述前期工作准备好后,就要在proguard-project.txt文件里面新建混淆的规则了,一般的原则是在libs的第三方jar需要保留,不进行混淆,默认的一些谷歌官方建议保留的activity也是需要保留的,这些文档都有,如下图我的工程里面的jar包,第一次进行签名打包时候,就遇到下面这么多错误:
[2016-08-17 18:33:40 - VerBank-APadClientStation] Proguard returned with error code 1. See console[2016-08-17 18:33:40 - VerBank-APadClientStation] Note: there were 1637 duplicate class definitions.[2016-08-17 18:33:40 - VerBank-APadClientStation] Warning: allone.MTP.VerBank01.Ctrl.comm.ipop.CtrlServerIPFather: can't find superclass or interface allone.MTP.VerBank01.comm.IPOP.IPFather[2016-08-17 18:33:40 - VerBank-APadClientStation] Warning: allone.MTP.VerBank01.Ctrl.comm.ipop.CtrlServerOPFather: can't find superclass or interface allone.MTP.VerBank01.comm.IPOP.OPFather[2016-08-17 18:33:40 - VerBank-APadClientStation] Warning: allone.MTP.VerBank01.Ctrl.comm.ipop.csts.CtrlCSTSIPFather: can't find superclass or interface allone.MTP.VerBank01.comm.IPOP.IPFather[2016-08-17 18:33:40 - VerBank-APadClientStation] Warning: allone.MTP.VerBank01.Ctrl.comm.ipop.csts.CtrlCSTSIPFather: can't find referenced class allone.MTP.VerBank01.comm.IPOP.IPFather[2016-08-17 18:33:40 - VerBank-APadClientStation] Warning: allone.MTP.VerBank01.Ctrl.comm.ipop.csts.CtrlCSTSIPFather: can't find referenced class allone.MTP.VerBank01.comm.IPOP.IPFather[2016-08-17 18:33:40 - VerBank-APadClientStation] Warning: allone.crypto.RSA.RSACrypt: can't find referenced class sun.security.rsa.RSAPublicKeyImpl[2016-08-17 18:33:40 - VerBank-APadClientStation] Warning: allone.crypto.RSA.RSACrypt: can't find referenced class sun.security.rsa.RSAPublicKeyImpl[2016-08-17 18:33:40 - VerBank-APadClientStation] Warning: allone.crypto.RSA.RSACrypt: can't find referenced class sun.security.rsa.RSAPublicKeyImpl[2016-08-17 18:33:40 - VerBank-APadClientStation] Warning: com.google.android.gcm.server.Sender: can't find referenced class org.json.simple.JSONValue[2016-08-17 18:33:40 - VerBank-APadClientStation] Warning: com.google.android.gcm.server.Sender: can't find referenced class org.json.simple.parser.JSONParser[2016-08-17 18:33:40 - VerBank-APadClientStation] Warning: com.sun.mail.imap.protocol.IMAPSaslAuthenticator: can't find referenced class javax.security.sasl.Sasl[2016-08-17 18:33:40 - VerBank-APadClientStation] Warning: com.sun.mail.imap.protocol.IMAPSaslAuthenticator: can't find referenced class javax.security.sasl.SaslException[2016-08-17 18:33:40 - VerBank-APadClientStation] Warning: com.sun.mail.imap.protocol.IMAPSaslAuthenticator: can't find referenced class javax.security.sasl.SaslClient[2016-08-17 1
我只列出了一部分,总共有1400行,看到这些你是不是下了一大跳,警告也是无法顺利导出jar包,所以还得硬着头皮解决,其实吧,没那么恐怖,看到上面的总说找不到的警告,你可以将这些类告诉混淆工具不要进行警告,这样就能避免很多的错误,如下我的解决方式,(注:其实就是警告什么,就告诉它不要警告,写出来具体的路径和类名)
-libraryjars libs/activation.jar-libraryjars libs/armeabi/libtwcajniV10100U20150115.so-libraryjars libs/additionnal.jar-libraryjars libs/commons-codec-1.3.jar-libraryjars libs/gcm-server.jar-libraryjars libs/gcm.jar-libraryjars libs/javax.mail.jar-libraryjars libs/nineoldandroids-2.4.0.jar-libraryjars libs/TWCAcMobileAPI.jar<span style="color:#ff0000;">-libraryjars libs/VerBank-CSTSv3-ClientAPI.jar-dontwarn allone.**-dontnote allone.**-keep class allone.**{*;}-dontwarn jedi.**-dontnote jedi.**-keep class jedi.**{*;}-dontwarn debug.**-dontnote debug.**-keep class debug.**{*;}</span>-dontwarn org.apache.log4j.lf5.viewer.**-dontnote org.apache.log4j.lf5.viewer.**-dontwarn com.sun.mail.**-dontnote com.sun.mail.**-dontwarn com.google.android.gcm.**-dontnote com.google.android.gcm.**-dontwarn sun.security.rsa.RSAPublicKeyImpl-dontnote sun.security.rsa.RSAPublicKeyImpl-dontwarn sun.misc.Unsafe-dontwarn com.google.common.collect.MinMaxPriorityQueue-dontwarn javax.swing.**-dontwarn java.awt.**-dontwarn org.jasypt.encryption.pbe.**-dontwarn java.beans.**-dontwarn org.joda.time.**-dontwarn com.google.android.gms.**-dontwarn org.w3c.dom.bootstrap.**-dontwarn com.ibm.icu.text.**-dontwarn demo.**
注注注:重要的事情说三遍,你也许将很多警告去掉了,但签名打包完成,以为可以顺利运行了,没想到一旦使用到第三方的jar包,程序就奔溃,我分析就是混淆工具将我的第三方的一些类也进行混淆了,导致无法识别,所以呢,我们需要将第三方路径上的class都保留,不要进行混淆如下:
-libraryjars libs/VerBank-CSTSv3-ClientAPI.jar //这里这样写虽然说是不混淆,但我测试发现,有些类还是混淆了,所以才会写下面的保持类不混淆的写法-dontwarn allone.**-dontnote allone.** //注意**和**{*;}的区别, -keep class allone.**这样只能保留一层文件夹,如果下面有好多文件夹需要保留,需要携程**{*;}这是我实验出来,由于缺少必要的资料,这个坑试了好久才发现.-keep class allone.**{*;}-dontwarn jedi.**-dontnote jedi.**-keep class jedi.**{*;}-dontwarn debug.**-dontnote debug.**-keep class debug.**{*;}
这里有一个很大的坑就是:使用-libraryjars libs/第三方jar包,在运行的时候,使用这个第三方类还是会报错,我只能使用keep 写上具体出错的类,然后解决了这个问题:
注意**和**{*;}的区别, -keep class allone.**这样只能保留一层文件夹,如果下面有好多文件夹需要保留,需要携程**{*;}这是我实验出来,由于缺少必要的资料,这个坑试了好久才发现.
三,以下是我工程完整的proguard-project.txt,你需要结合自己使用到的工程jar包,和具体的报错信息,进行处理就可以了,总体的原则就是那里出错,就告诉他不要再警告,如果第三方达成jar包还是有错的话,就将第三方具体的类和class路径所有的类都keep,不进行混淆,这样之后就不会有问题,文件如下:
# To enable ProGuard in your project, edit project.properties# to define the proguard.config property as described in that file.## Add project specific ProGuard rules here.# By default, the flags in this file are appended to flags specified# in ${sdk.dir}/tools/proguard/proguard-android.txt# You can edit the include path and order by changing the ProGuard# include property in project.properties.## For more details, see# http://developer.android.com/guide/developing/tools/proguard.html# Add any project specific keep options here:# If your project uses WebView with JS, uncomment the following# and specify the fully qualified class name to the JavaScript interface# class:#-keepclassmembers class fqcn.of.javascript.interface.for.webview {# public *;#}-optimizationpasses 5 #混淆时不会产生形形色色的类名 -dontusemixedcaseclassnames-dontskipnonpubliclibraryclasses#//指定不去忽略非公共的类库 -dontpreverify#//不预校验 -verbose -optimizations !code/simplification/arithmetic,!field/*,!class/merging/*//优化 -libraryjars libs/activation.jar-libraryjars libs/armeabi/libtwcajniV10100U20150115.so-libraryjars libs/additionnal.jar-libraryjars libs/commons-codec-1.3.jar-libraryjars libs/gcm-server.jar-libraryjars libs/gcm.jar-libraryjars libs/javax.mail.jar-libraryjars libs/nineoldandroids-2.4.0.jar-libraryjars libs/TWCAcMobileAPI.jar-libraryjars libs/VerBank-CSTSv3-ClientAPI.jar-dontwarn allone.**-dontnote allone.**-keep class allone.**{*;}-dontwarn jedi.**-dontnote jedi.**-keep class jedi.**{*;}-dontwarn debug.**-dontnote debug.**-keep class debug.**{*;}-dontwarn org.apache.log4j.lf5.viewer.**-dontnote org.apache.log4j.lf5.viewer.**-dontwarn com.sun.mail.**-dontnote com.sun.mail.**-dontwarn com.google.android.gcm.**-dontnote com.google.android.gcm.**-dontwarn sun.security.rsa.RSAPublicKeyImpl-dontnote sun.security.rsa.RSAPublicKeyImpl-dontwarn sun.misc.Unsafe-dontwarn com.google.common.collect.MinMaxPriorityQueue-dontwarn javax.swing.**-dontwarn java.awt.**-dontwarn org.jasypt.encryption.pbe.**-dontwarn java.beans.**-dontwarn org.joda.time.**-dontwarn com.google.android.gms.**-dontwarn org.w3c.dom.bootstrap.**-dontwarn com.ibm.icu.text.**-dontwarn demo.**-libraryjars libs/Android-support-v4.jar-dontwarn android.support.v4.**-keep class android.support.**{*;}-keep interface android.support.v4.app.**{*;}-keep public class * extends android.support.v4.**-keep public class * extends android.app.Fragment #不进行混淆保持原样 -keep public class * extends android.app.Activity -keep public class * extends android.app.Application -keep public class * extends android.app.Service -keep public class * extends android.content.BroadcastReceiver -keep public class * extends android.content.ContentProvider -keep public class * extends android.app.backup.BackupAgentHelper -keep public class * extends android.preference.Preference -keep public class com.android.vending.licensing.ILicensingService -keepattributes Signature-keepattributes *Annotation*-keep class **.R$* { *; } -keepclasseswithmembernames class * {native <methods>;}-keepclasseswithmembers class * {public <init>(android.content.Context, android.util.AttributeSet);}-keepclasseswithmembers class * {public <init>(android.content.Context, android.util.AttributeSet, int);}-keepclassmembers class * extends android.app.Activity {public void *(android.view.View);}-keepclassmembers enum * {public static **[] values();public static ** valueOf(java.lang.String);}-keep class * implements android.os.Parcelable {public static final android.os.Parcelable$Creator *;}
最后的结果截图如下:
花了好长时间终于解决了,过程虽然很艰辛,但是解决了,欢迎拍砖,有问题可以问我,很高兴为你解答.
- Android apk 混淆代码(遇到的各种坑和解决方案)
- Android 代码混淆和破解apk
- Android APK反编译和代码混淆
- Android studio 代码混淆和破解apk
- Android Studio代码混淆和破解apk
- Android studio 代码混淆和破解apk
- android apk 代码混淆
- android .apk 混淆代码
- android apk 代码混淆
- Android APK代码混淆和资源文件混淆
- APK的代码混淆
- Android代码混淆------apk文件代码混淆
- android打包apk时混淆遇到的问题
- android打包apk时混淆遇到的问题
- Android混淆遇到的坑
- 混淆apk:Android中使用eclipse混淆apk和studio混淆app的不同
- Android studio 使用心得(五)---代码混淆和破解apk
- Android studio 使用---代码混淆和破解apk
- CSS--总结
- vs2010下搭建winpcap编译环境
- Java NIO系列教程(一) Java NIO 概述
- Android常用的代码块及工具类大放送
- 修改ubuntu14.10的镜像源
- Android apk 混淆代码(遇到的各种坑和解决方案)
- Hawk--Andorid安全、简单的Key-Value存储
- Unity3D直线绘制
- 关于奇偶校验的几个定义以及正确认识
- CodeForces 601A The Two Routes(最短路径)
- 收货地址选择
- Volley 源码分析
- 关于四种基本布局的那些事(笔记)
- C#Windows窗体回车键触发登录按钮