Android 代碼混淆配置總結

一、前言

為何需要混淆呢？簡單的說，就是將原本正常的項目文件，對其類，方法，字段，重新命名,a,b,c,d,e,f…之類的字母，達到混淆代碼的目的，這樣反編譯出來，結構亂糟糟的，看了也頭大。

另外說明一下，本文的混淆總結基於Android Studio的IDE開發環境。

二、官方默認的混淆配置

其實在android Studio中做混淆，基本就是對Proguard-rules.pro文件的操作。混淆的過程也是有規律可循的。先看看官方的proguard-android.txt文件，位於/tools/proguard目錄下，不知道怎么寫，可以當成模板，復制一份出來到自己的工程，改成自己項目所需的混淆配置。內容如下：

# This is a configuration file for ProGuard.
# http://proguard.sourceforge.net/index.html#manual/usage.html

-dontusemixedcaseclassnames
-dontskipnonpubliclibraryclasses
-verbose

# Optimization is turned off by default. Dex does not like code run
# through the ProGuard optimize and preverify steps (and performs some
# of these optimizations on its own).
-dontoptimize
-dontpreverify
# Note that if you want to enable optimization, you cannot just
# include optimization flags in your own project configuration file;
# instead you will need to point to the
# "proguard-android-optimize.txt" file instead of this one from your
# project.properties file.

-keepattributes *Annotation*
-keep public class com.google.vending.licensing.ILicensingService
-keep public class com.android.vending.licensing.ILicensingService

# For native methods, see http://proguard.sourceforge.net/manual/examples.html#native
-keepclasseswithmembernames class * {
    native <methods>;
}

# keep setters in Views so that animations can still work.
# see http://proguard.sourceforge.net/manual/examples.html#beans
-keepclassmembers public class * extends android.view.View {
   void set*(***);
   *** get*();
}

# We want to keep methods in Activity that could be used in the XML attribute onClick
-keepclassmembers class * extends android.app.Activity {
   public void *(android.view.View);
}

# For enumeration classes, see http://proguard.sourceforge.net/manual/examples.html#enumerations
-keepclassmembers enum * {
    public static **[] values();
    public static ** valueOf(java.lang.String);
}

-keepclassmembers class * implements android.os.Parcelable {
  public static final android.os.Parcelable$Creator CREATOR;
}

-keepclassmembers class **.R$* {
    public static <fields>;
}

# The support library contains references to newer platform versions.
# Don't warn about those in case this app is linking against an older
# platform version.  We know about them, and they are safe.
-dontwarn android.support.**

# Understand the @Keep support annotation.
-keep class android.support.annotation.Keep

-keep @android.support.annotation.Keep class * {*;}

-keepclasseswithmembers class * {
    @android.support.annotation.Keep <methods>;
}

-keepclasseswithmembers class * {
    @android.support.annotation.Keep <fields>;
}

-keepclasseswithmembers class * {
    @android.support.annotation.Keep <init>(...);
}

這個混淆默認采取一些通用的規則，view，activity，Parcelable，注解，R文件，枚舉這類的東西都不會混淆，我們也不能混淆這些，否則release版本會報錯。

三、Android Studio開啟混淆配置

很簡單，只要設置minifyEnabled為true即可。

buildTypes {
        release {
            minifyEnabled true//true開啟混淆配置，false關閉
            proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.pro'
            signingConfig signingConfigs.duqian_android_keystore
        }
       debug{//省略}
}

四、Android混淆的通用規則

1. 系統混淆配置

-dontusemixedcaseclassnames          #混淆時不使用大小寫混合類名
-dontskipnonpubliclibraryclasses     #不跳過library中的非public的類
-verbose                             #打印混淆的詳細信息
-dontoptimize                        #不進行優化，建議使用此選項，
-dontpreverify                       #不進行預校驗,Android不需要,可加快混淆速度。
-ignorewarnings                      #忽略警告
#-optimizationpasses 5               #指定代碼的壓縮級別

2. 常用的一些混淆配置

-keepattributes Signature #范型
#native方法不混淆
-keepclasseswithmembernames class * {
    native <methods>;
}
#v4包不混淆
-keep class android.support.v4.app.** { *; }
-keep interface android.support.v4.app.** { *; }
#Gson混淆配置
-keep class sun.misc.Unsafe { *; }
-keep class com.idea.fifaalarmclock.entity.***
-keep class com.google.gson.** { *; }
#JavaBean
-keepclassmembers public class cn.net.duqian.bean.** {
   void set*(***);
   *** get*();
}
-keep class com.xx.duqian_cloud.JavaScriptInterface { *; }#webview js

#忽略 libiary 混淆
-keep class io.vov.vitamio.** { *; }

#butterknife不混淆
-keep class butterknife.** { *; }
-dontwarn butterknife.internal.**
-keep class **$$ViewBinder { *; }
-keepclasseswithmembernames class * {
    @butterknife.* <fields>;
}
-keepclasseswithmembernames class * {
    @butterknife.* <methods>;
}

3. 第三方框架一般不混淆（但也要看具體情況）

-keepclassmembers class * {
   public <init> (org.json.JSONObject);
}
#okhttp
-dontwarn okhttp3.**
-keep class okhttp3.**{*;}
-keep interface okhttp3.**{*;}

#okio
-dontwarn okio.**
-keep class okio.**{*;}
-keep interface okio.**{*;}

-dontwarn retrofit2.**
-keep class retrofit2.** { *; }
-keepattributes Signature
-keepattributes Exceptions

-dontwarn rx.**
-keep class rx.**{*;}

四、Android混淆的方法和通配符對照表

五、不能混淆的情況總結

• Java的反射，為什么不能混淆呢？因為代碼混淆，類名、方法名、屬性名都改變了，而反射它還是按照原來的名字去反射，結果只射出一個程序崩潰
• 注解用了反射，所以不能混淆。 不混淆任何包含native方法的類的類名以及native方法名，否則找不到本地方法。
• Activity不能混淆，因為AndroidManifest.xml文件中是完整的名字
• 自定義view也是帶了包名寫在xml布局中，不能混淆

六、混淆后使用時常見問題

當項目中出現so的native代碼找不到Java的方法的時候，可以嘗試將

-keepclasseswithmembernames class * {
    native <methods>;
}

更改為：

-keep class * {
    native <methods>;
}