Shulou(Shulou.com)06/03 Report--

This article mainly explains "how to configure confusion principle and confusion command in Hongmeng code". Interested friends may wish to take a look at it. The method introduced in this paper is simple, fast and practical. Let's let the editor take you to learn how to configure the confusion principle and the confusion command in Hongmeng code.

I. Preface

The Java code is compiled into bytecode, which is easily decompiled, and once the bytecode is decompiled, the source code is leaked. In order to protect the source code well, the compiled bytecode files need to be confused. After the code is confused, the package size becomes smaller, and the source code is processed, which further ensures the security of the application. This article will first introduce the principle of obfuscation and obfuscation commands, and then teach you how to configure obfuscation in the Hongmeng project.

II. ProGuard

ProGuard is used to confuse code, mainly with the following four functions.

Shrink: detects and removes useless classes, fields, methods, and properties from the code. You can turn off compression using the following instructions

# disable compression-dontshrink

Optimize: optimizes bytecode to remove useless instructions. You can turn off optimization using the following instructions

# turn off optimization-dontoptimize-optimizationpasses n indicates the number of times proguard iterates and optimizes the code

Obfuscate: rename classes, fields, and methods using short and meaningless names such as a _. You can turn off confusion using the following instructions

# turn off obfuscation-dontobfuscate

Preveirfy: prechecks the processed code on the Java platform to ensure that the loaded bytecode file is executable.

In short, Proguard is a Java class file compressor, optimizer, obfuscator, and pre-validator. The compression process detects and removes unused classes, fields, methods, and properties. The optimization process will analyze and optimize the bytecode of the method. Confusion will use meaningless short variables to rename classes, variables, and methods. These steps make the code more concise, more efficient, and more difficult to reverse.

So the question is, how does ProGuard know that this code is not being used? A concept of Entry Point (entry point) is introduced here, and Entry Point represents a class or method that will not be processed during confusion. In the compression step, ProGuard will recursively traverse from the above Entry Point to search for which classes and members are in use. For classes and members that are not used, they will be discarded in the compression segment. In the following optimization process, those non-Entry Point classes and methods will be set to private, static or final, and unused parameters will be removed. In addition, some methods will be marked as inline, in the confusion step. ProGuard renames classes and methods that are not Entry Point.

Generally speaking, after turning on obfuscation, the more chaotic the code, the better, but some code should not be confused, otherwise the program will go wrong, so we need to be familiar with obfuscation instructions, when we turn on obfuscation, use obfuscation instructions to tell the compiler that some code cannot be confused.

Third, confusion instruction

3, 1 first look at the following command. An asterisk indicates that only the class name under the package is maintained, while the class name under the subpackage will still be confused.

-keep class com.poetry.jianjia.bean.*

3 and 2 asterisks indicate that both this package and the class names under the contained subpackages are maintained.

-keep class com.poetry.jianjia.bean.**

3. After using the above methods to keep the class, although the class name is not confused, the method and variable names in the class will still change. if you want to keep the class name and keep the contents of the class from being confused, you need to add {*;}

-keep class com.poetry.jianjia.bean.** {*;}

3. 4 on this basis, keywords such as extends and implements can also be used to protect specific classes from confusion. The following example shows that the name of the class that implements the Serializable interface is not confused.

-keep class * implements java.io.Serializable

3. 5 if you want to keep the inner class from being confused, you need to use the $symbol. In the following example, all the public content in the MainAbilitySlice inner class InnerClass is not confused.

-keepclassmembers class com.poetry.jianjia.slice.MainAbilitySlice$InnerClass {public *;}

3, 6 if you just want the specific content in the class not to be confused, you can use the

; / / match all constructors; / / match all variables; / / match all methods

3, 7 can be added to or before private, public, native, etc., to further specify the content that will not be confused. In the following example, all the common methods in the Banner class are not confused.

-keep class com.poetry.jianjia.Banner {public;}

3. 8 classes can have overloaded methods. If you want an overloaded method not to be confused, you can add method parameters. For the following example, a constructor with a string parameter is not confused.

-keep class com.poetry.jianjia.Banner {public (java.lang.String);}

3, 9 sometimes the class name can be confused, but hope that the specific methods under this class will not be confused, then you can not use keep, keep will not confuse the class name, but need to use keepclassmembers. In the following example, the name of the class that implements the Serializable interface can be confused, but the specific variables and methods in the class are not confused

-keepclassmembers class * implements java.io.Serializable {static final long serialVersionUID; private static final java.io.ObjectStreamField [] serialPersistentFields; private void writeObject (java.io.ObjectOutputStream); private void readObject (java.io.ObjectInputStream); java.lang.Object writeReplace (); java.lang.Object readResolve ();}

3, 10 some classes or class members cannot be renamed, and keepclasseswithmembernames prevents classes and members from being renamed. For the following example, the local method cannot be renamed.

-keepclasseswithmembernames class * {native;}

3. 11 keep enumerations from being confused

-keepclassmembers enum * {public static * * [] values (); public static * * valueOf (java.lang.String);}

3. 12 the classes used in reflection should not be confused.

3. 13 the classes in the configuration file should not be confused, the Ability declared in the configuration file will not be confused by default, and the classes declared in the configuration file do not need additional configuration confusion.

3. 14 when using gson, fastjson and other frameworks to parse server data, the written json object classes should not be confused, otherwise the json can not be parsed into corresponding objects.

3. 15 third-party open source libraries will make extensive use of annotations, reflections, generics, and when using third-party open source libraries or referencing other third-party SDK packages, if there are special requirements, you also need to add corresponding obfuscation rules in the obfuscation file.

Fourth, confusing the configuration of the Hongmeng project

4. 1 We are already familiar with the confusion instruction, so how to configure confusion for the Hongmeng project? Create a project in the latest version of the compiler, the compiler will help us create a proguard-rules.pro file, what is the proguard-rules.pro file? Hongmeng uses proguard for obfuscation. The proguard-rules.pro file is used to configure the obfuscation rules, and the code that cannot be confused is configured in the proguard-rules.pro file. Please note that the older version of the compiler does not support obfuscation, using the older version of the compiler to create a project, the compiler will not create proguard-rules.pro files.

4. 2 the compiler not only helps us create the proguard-rules.pro file, but also adds new code to the build.gradle file and opens the build.gradle file.

The compiler adds a release closure to the buildTypes closure, and release represents the official package. There is another proguardOpt closure under the release closure, and proguardOpt is used to configure confusion. ProguardEnabled indicates whether to enable obfuscation. True means obfuscation begins. False means no obfuscation is enabled. RulesFiles means to configure confusing rule files.

As you can see, by default, obfuscation is not enabled. For the sake of protecting the source code, it is necessary to enable obfuscation when we pack a formal package. In fact, we can also confuse the test package with the following code. We manually added a debug closure, debug represents the test package, do not turn on obfuscation in the test package, when you turn on obfuscation in the test package, breakpoint debugging will not see the value of the variable.

BuildTypes {/ / release indicates that the official package release {/ / configure obfuscation proguardOpt {/ / official package enables obfuscation proguardEnabled true / / obfuscation rules are configured in the proguard-rules.pro file rulesFiles' proguard-rules.pro' }} / / debug indicates that test package debug {/ / configure obfuscation proguardOpt {/ / test package does not enable obfuscation proguardEnabled false / / obfuscation rules are configured in proguard-rules.pro file rulesFiles' proguard-rules.pro '}

4. 3 if you open a project created by an older version of the compiler with the latest version of the compiler, there will be no proguard-rules.pro files in the project, and there will be no proguardOpt in the build.gradle files. At this point, we need to manually create our own proguard-rules.pro file and add the above code to the build.gradle file.

4. 4 to sum up, how to confuse the Hongmeng project? It only takes two steps, first, to set proguardEnabled to true, and second, to configure obfuscation rules with obfuscation directives in the proguard-rules.pro file.

5. Give a common obfuscation configuration # Code obfuscation compression ratio. Mixing between 0x7 and optimizationpasses 5 # does not use case mixing, and the mixed class name is lowercase-dontusemixedcaseclassnames # specifies not to ignore non-public library classes-dontskipnonpubliclibraryclasses # does not do pre-check. Preverify is one of the four steps of proguard. Removing this step can speed up confusion. -dontpreverify-verbose # to avoid confusion with generics-keepattributes Signature # google recommended algorithm-optimizations! codeUniverse simplificationpact generics recommendation algorithm-optimizations! codeUniverse simplificationpact renamesourcefileattribute SourceFile # retain comments, inner classes, generics, anonymous classes-keepattributes * generics # rename the file name when an exception is thrown-renamesourcefileattribute SourceFile # keep the code line number when an exception is thrown LineNumberTable-dontwarn javax.annotation.** # keep the local native method from being confused-keepclasseswithmembernames class * {native } # keep enumerated classes unconfused-keepclassmembers enum * {public static * * [] values (); public static * * valueOf (java.lang.String);}-keepclassmembers class * implements java.io.Serializable {static final long serialVersionUID; private static final java.io.ObjectStreamField [] serialPersistentFields; private void writeObject (java.io.ObjectOutputStream); private void readObject (java.io.ObjectInputStream); java.lang.Object writeReplace (); java.lang.Object readResolve () } # OkHttp3-dontwarn okhttp3.logging.**-keep class okhttp3.internal.** {*;}-dontwarn okio.** # gson-keep class sun.misc.Unsafe {*;}-keep class com.google.gson.stream.** {* } # in my sample code, the class under the com.poetry.jianjia.bean package implements the Serialized interface. # the class that implements the Serialized interface cannot be confused. Please replace the package name of com.poetry.jianjia.bean with your own package name-keep class com.poetry.jianjia.bean.** {* } at this point, I believe you have a deeper understanding of "how to configure the confusion principle and confusion commands in Hongmeng code". You might as well do it in practice. Here is the website, more related content can enter the relevant channels to inquire, follow us, continue to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.