Android 混淆配置

前言

为什么要混淆呢? Android最大的乐趣就是可以反编译看代码,一边用一边骂对方代码写的low.本人为了防止被骂,所以总结一下混淆的基本配置.废话不说直接上配置

1 .在app的build,gradle 文加下开启混淆

     release {                      minifyEnabled true // 混淆            zipAlignEnabled true // Zipalign优化          shrinkResources true  // 移除无用的resource文件           proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.pro'  // 加载默认混淆配置文件signingConfig signingConfigs.relealse  // 签名}

2 混淆的规则

四大组件不能混淆,activity service 等
自定义View不能混淆,因为在xml里面引用需要根据View的名字去找
menu不能混淆
native方法不能混淆
js调用java方法不能混淆
反射类不能混淆
实体类不能混淆
序列化类不能混淆
注解不能混淆

…

3 配置模板

基本配置

#基本配置
# 设置混淆的压缩比率 0 ~ 7
-optimizationpasses 5
# 混淆时不使用大小写混合，混淆后的类名为小写
-dontusemixedcaseclassnames
# 指定不去忽略非公共库的类
-dontskipnonpubliclibraryclasses
# 指定不去忽略非公共库的成员
-dontskipnonpubliclibraryclassmembers
# 混淆时不做预校验
-dontpreverify
# 混淆时不记录日志
-verbose
# 忽略警告
-ignorewarning
# 代码优化
-dontshrink
# 不优化输入的类文件
-dontoptimize
# 保留注解不混淆
-keepattributes *Annotation*,InnerClasses
# 避免混淆泛型
-keepattributes Signature
# 保留代码行号，方便异常信息的追踪
-keepattributes SourceFile,LineNumberTable
# 混淆采用的算法
-optimizations !code/simplification/cast,!field/*,!class/merging/*# dump.txt文件列出apk包内所有class的内部结构
-dump class_files.txt
# seeds.txt文件列出未混淆的类和成员
-printseeds seeds.txt
# usage.txt文件列出从apk中删除的代码
-printusage unused.txt
# mapping.txt文件列出混淆前后的映射
-printmapping mapping.txt

2 不需要混淆的Android类

-keep public class * extends android.app.Fragment
-keep public class * extends android.app.Activity
-keep public class * extends android.app.Application
-keep public class * extends android.app.Service
-keep public class * extends android.content.BroadcastReceiver
-keep public class * extends android.preference.Preference
-keep public class * extends android.content.ContentProvider
-keep public class * extends android.app.backup.BackupAgentHelper
-keep public class * extends android.preference.Preference
-keep public class * extends android.view.View
-keep public class com.android.vending.licensing.ILicensingService

3 support下的所有类以及内部类,以及

#support
-keep class android.support.** {*;}
-dontwarn android.support.**
-keep interface android.support.** { *; }#adnroidX
-keep class androidx.** {*;}
-keep interface androidx.** {*;}
-keep public class * extends androidx.**
-dontwarn androidx.**

4 suppor V4和V7库

-keep public class * extends android.support.v4.**
-keep public class * extends android.support.v7.**
-keep public class * extends android.support.annotation.**

5 support design库

#support
-dontwarn android.support.design.**
-keep class android.support.design.** { *; }
-keep interface android.support.design.** { *; }
-keep public class android.support.design.R$* { *; }
#adnroidX
-keep class com.google.android.material.** {*;}
-dontwarn com.google.android.material.**
-dontnote com.google.android.material.**

6 避免混淆自定义控件的set和get方法

-keep public class * extends android.view.View{*** get*();void set*(***);public <init>(android.content.Context);public <init>(android.content.Context, android.util.AttributeSet);public <init>(android.content.Context, android.util.AttributeSet, int);
}

7 关闭log日志,这个是实际测试无法取消掉所有的log打印,一般我们都是自定义log类,这样就是你的包名+你自定义的log方法.这个还要注意 dontoptimize不要配置，不然将会关闭优化，导致日志语句不会被优化掉。

-assumenosideeffects class android.util.Log {public static boolean isLoggable(java.lang.String, int);public static int v(...);public static int i(...);public static int w(...);public static int d(...);public static int e(...);
}
-assumenosideeffects class 包名.LogUtils{public static *** d(...);public static *** v(...);public static *** i(...);public static *** e(...);public static *** w(...);}

8 避免R文件混淆

-keep class **.R$* {*;}

9 避免layout文件里面给设置的onclick属性

-keepclassmembers class * extends android.app.Activity{public void *(android.view.View);
}

10 避免回调函数 onxxevent方法混淆

-keepclassmembers class * {void *(*Event);
}

11 避免混淆枚举

-keepclassmembers enum * {public static **[] values();public static ** valueOf(java.lang.String);
}

12 Native方法混淆

-keepclasseswithmembernames class * {native <methods>;
}

13 避免parcelable混淆和避免Serializable接口的子类中指定的某些成员变量和方法混淆

-keep class * implements android.os.Parcelable {public static final android.os.Parcelable$Creator *;
}
-keepclassmembers class * implements java.io.Serializable {static final long serialVersionUID;private static final java.io.ObjectStreamField[] serialPersistentFields;!static !transient <fields>;private void writeObject(java.io.ObjectOutputStream);private void readObject(java.io.ObjectInputStream);java.lang.Object writeReplace();java.lang.Object readResolve();
}

14 避免webView混淆

-keepclassmembers class fqcn.of.javascript.interface.for.webview {public *;
}
-keepclassmembers class * extends android.webkit.webViewClient {public void *(android.webkit.WebView, java.lang.String, android.graphics.Bitmap);public boolean *(android.webkit.WebView, java.lang.String);
}
-keepclassmembers class * extends android.webkit.webViewClient {public void *(android.webkit.webView, jav.lang.String);
}
-keep public class [包名.类名]$[内部类]{public *;
}
-keepattributes JavascriptInterface

4 常用第三方库混淆配置,这个要根据你使用给的版本去官网找

butterKnife混淆

-keep class butterknife.** { *; }
-dontwarn butterknife.internal.**
-keep class **$$ViewBinder { *; }
-keepclasseswithmembernames class * {@butterknife.* <fields>;
}
-keepclasseswithmembernames class * {@butterknife.* <methods>;
}

Okhttp3

-dontwarn com.squareup.okhttp3.**
-keep class com.squareup.okhttp3.** { *;}
-dontwarn okio.**

Retrofit2混淆

-dontwarn retrofit2.**
-keep class retrofit2.** { *; }
-keepattributes Signature
-keepattributes Exceptions

Rxjava,RxAndroid混淆

-dontwarn sun.misc.**
-keepclassmembers class rx.internal.util.unsafe.*ArrayQueue*Field* {long producerIndex;long consumerIndex;
}
-keepclassmembers class rx.internal.util.unsafe.BaseLinkedQueueProducerNodeRef {rx.internal.util.atomic.LinkedQueueNode producerNode;
}
-keepclassmembers class rx.internal.util.unsafe.BaseLinkedQueueConsumerNodeRef {rx.internal.util.atomic.LinkedQueueNode consumerNode;
}

Glide混淆

#Glide 3
-keep public class * implements com.bumptech.glide.module.GlideModule
-keep public enum com.bumptech.glide.load.resource.bitmap.ImageHeaderParser$** {**[] $VALUES;public *;
}
#Glide 4
-keep public class * implements com.bumptech.glide.module.AppGlideModule
-keep public class * implements com.bumptech.glide.module.LibraryGlideModule
-keep public enum com.bumptech.glide.load.ImageHeaderParser$** {**[] $VALUES;public *;
}

json混淆

# fastjson
-dontwarn com.alibaba.fastjson.**
-keep class com.alibaba.fastjson.**{*; }
#Gson
-keep class com.google.gson.** {*;}
-keep class com.google.**{*;}
-keep class sun.misc.Unsafe { *; }
-keep class com.google.gson.stream.** { *; }
-keep class com.google.gson.examples.android.model.** { *; }

picasso fresco 混淆

# picasso
-keep class com.parse.*{ *; }
-dontwarn com.parse.**
-dontwarn com.squareup.picasso.**
-keepclasseswithmembernames class * {native <methods>;
}
#fresco
# Keep our interfaces so they can be used by other ProGuard rules.
# See http://sourceforge.net/p/proguard/bugs/466/
-keep,allowobfuscation @interface com.facebook.common.internal.DoNotStrip
-keep,allowobfuscation @interface com.facebook.soloader.DoNotOptimize# Do not strip any method/class that is annotated with @DoNotStrip
-keep @com.facebook.common.internal.DoNotStrip class *
-keepclassmembers class * {@com.facebook.common.internal.DoNotStrip *;
}# Do not strip any method/class that is annotated with @DoNotOptimize
-keep @com.facebook.soloader.DoNotOptimize class *
-keepclassmembers class * {@com.facebook.soloader.DoNotOptimize *;
}# Keep native methods
-keepclassmembers class * {native <methods>;
}-dontwarn okio.**
-dontwarn com.squareup.okhttp.**
-dontwarn okhttp3.**
-dontwarn javax.annotation.**
-dontwarn com.android.volley.toolbox.**
-dontwarn com.facebook.infer.**

Banner
```
-keep class com.youth.banner.** {*;}
```

映射数据库

#GreenDao2
-keep class de.greenrobot.dao.** {*;}
-keepclassmembers class * extends de.greenrobot.dao.AbstractDao {public static Java.lang.String TABLENAME;
}
-keep class **$Properties
#GreenDao 3-keepclassmembers class * extends org.greenrobot.greendao.AbstractDao {public static java.lang.String TABLENAME;
}
-keep class **$Properties# If you do not use SQLCipher:
-dontwarn org.greenrobot.greendao.database.**
# If you do not use Rx:
-dontwarn rx.**

百度定位百度地图高德地图混淆

#百度定位
-keep class vi.com.gdi.** { *; }
-keep public class com.baidu.** {*;}
-keep public class com.mobclick.** {*;}
-dontwarn com.baidu.mapapi.utils.*
-dontwarn com.baidu.platform.comapi.b.*
-dontwarn com.baidu.platform.comapi.map.*
#百度地图
-keep class com.baidu.** {*;}
-keep class vi.com.** {*;}
-dontwarn com.baidu.**
#高德地图
-dontwarn com.amap.api.**
-dontwarn com.a.a.**
-dontwarn com.autonavi.**
-keep class com.amap.api.**  {*;}
-keep class com.autonavi.**  {*;}
-keep class com.a.a.**  {*;}

bugly混淆

-dontwarn com.tencent.bugly.**
-keep public class com.tencent.bugly.**{*;}

EventBus混淆

#Event2
-keepclassmembers class ** {public void onEvent*(***);
}# Only required if you use AsyncExecutor
-keepclassmembers class * extends de.greenrobot.event.util.ThrowableFailureEvent {<init>(java.lang.Throwable);
}
#Event3
-keepattributes *Annotation*
-keepclassmembers class ** {@org.greenrobot.eventbus.Subscribe <methods>;
}
-keep enum org.greenrobot.eventbus.ThreadMode { *; }# Only required if you use AsyncExecutor
-keepclassmembers class * extends org.greenrobot.eventbus.util.ThrowableFailureEvent {<init>(java.lang.Throwable);
}

友盟分享推送

#友盟分享
-dontshrink
-dontoptimize
-dontwarn com.google.android.maps.**
-dontwarn android.webkit.WebView
-dontwarn com.umeng.**
-dontwarn com.tencent.weibo.sdk.**
-dontwarn com.facebook.**
-keep public class javax.**
-keep public class android.webkit.**
-dontwarn android.support.v4.**
-keep enum com.facebook.**
-keepattributes Exceptions,InnerClasses,Signature
-keepattributes *Annotation*
-keepattributes SourceFile,LineNumberTable-keep public interface com.facebook.**
-keep public interface com.tencent.**
-keep public interface com.umeng.socialize.**
-keep public interface com.umeng.socialize.sensor.**
-keep public interface com.umeng.scrshot.**-keep public class com.umeng.socialize.* {*;}-keep class com.facebook.**
-keep class com.facebook.** { *; }
-keep class com.umeng.scrshot.**
-keep public class com.tencent.** {*;}
-keep class com.umeng.socialize.sensor.**
-keep class com.umeng.socialize.handler.**
-keep class com.umeng.socialize.handler.*
-keep class com.umeng.weixin.handler.**
-keep class com.umeng.weixin.handler.*
-keep class com.umeng.qq.handler.**
-keep class com.umeng.qq.handler.*
-keep class UMMoreHandler{*;}
-keep class com.tencent.mm.sdk.modelmsg.WXMediaMessage {*;}
-keep class com.tencent.mm.sdk.modelmsg.** implements com.tencent.mm.sdk.modelmsg.WXMediaMessage$IMediaObject {*;}
-keep class im.yixin.sdk.api.YXMessage {*;}
-keep class im.yixin.sdk.api.** implements im.yixin.sdk.api.YXMessage$YXMessageData{*;}
-keep class com.tencent.mm.sdk.** {*;
}
-keep class com.tencent.mm.opensdk.** {*;
}
-keep class com.tencent.wxop.** {*;
}
-keep class com.tencent.mm.sdk.** {*;
}
-dontwarn twitter4j.**
-keep class twitter4j.** { *; }-keep class com.tencent.** {*;}
-dontwarn com.tencent.**
-keep class com.kakao.** {*;}
-dontwarn com.kakao.**
-keep public class com.umeng.com.umeng.soexample.R$*{public static final int *;
}
-keep public class com.linkedin.android.mobilesdk.R$*{public static final int *;
}
-keepclassmembers enum * {public static **[] values();public static ** valueOf(java.lang.String);
}-keep class com.tencent.open.TDialog$*
-keep class com.tencent.open.TDialog$* {*;}
-keep class com.tencent.open.PKDialog
-keep class com.tencent.open.PKDialog {*;}
-keep class com.tencent.open.PKDialog$*
-keep class com.tencent.open.PKDialog$* {*;}
-keep class com.umeng.socialize.impl.ImageImpl {*;}
-keep class com.sina.** {*;}
-dontwarn com.sina.**
-keep class  com.alipay.share.sdk.** {*;
}-keepnames class * implements android.os.Parcelable {public static final ** CREATOR;
}-keep class com.linkedin.** { *; }
-keep class com.android.dingtalk.share.ddsharemodule.** { *; }
-keepattributes Signature
#友盟推送
-dontwarn com.umeng.**
-dontwarn com.taobao.**
-dontwarn anet.channel.**
-dontwarn anetwork.channel.**
-dontwarn org.android.**
-dontwarn org.apache.thrift.**
-dontwarn com.xiaomi.**
-dontwarn com.huawei.**
-dontwarn com.meizu.**-keepattributes *Annotation*-keep class com.taobao.** {*;}
-keep class org.android.** {*;}
-keep class anet.channel.** {*;}
-keep class com.umeng.** {*;}
-keep class com.xiaomi.** {*;}
-keep class com.huawei.** {*;}
-keep class com.meizu.** {*;}
-keep class org.apache.thrift.** {*;}-keep class com.alibaba.sdk.android.**{*;}
-keep class com.ut.**{*;}
-keep class com.ta.**{*;}-keep public class **.R$*{public static final int *;
}

5 混淆碰到的问题

    java.lang.NoSuchMethodError: No interface method g()I in class Landroid/content/res/XmlResourceParser; or its super classes (declaration of 'android.content.res.XmlResourceParser' appears in /system/framework/framework.jar)at android.support.v4.content.FileProvider.parsePathStrategy(FileProvider.java:613)at android.support.v4.content.FileProvider.getPathStrategy(FileProvider.java:579)at android.support.v4.content.FileProvider.attachInfo(FileProvider.java:392)at android.app.ActivityThread.installProvider(ActivityThread.java:7750)at android.app.ActivityThread.installContentProviders(ActivityThread.java:7291)at android.app.ActivityThread.handleBindApplication(ActivityThread.java:7187)at android.app.ActivityThread.access$2200(ActivityThread.java:296)at android.app.ActivityThread$H.handleMessage(ActivityThread.java:2208)

这个是文件里面有xml 需要增加配置如下原因具体原因

   -keep class org.xmlpull.** {*;}-keep public class * extends org.xmlpull.**-keep interface org.xmlpull.** {*;}

参考博客

参考文档