ProGuard

  The ProGuard tool shrinks, optimizes, and obfuscates your code by removing unused code and renaming classes, fields, and methods with semantically obscure names. The result is a smaller sized .apkfile that is more difficult to reverse engineer. Because ProGuard makes your application harder to reverse engineer, it is important that you use it when your application utilizes features that are sensitive to security like when you are Licensing Your Applications.

ProGuard工具可以对代码进行 优化,压缩,混淆 从而加大反编译的难度。

  ProGuard is integrated into the Android build system, so you do not have to invoke it manually. ProGuard runs only when you build your application in release mode, so you do not have to deal with obfuscated code when you build your application in debug mode. Having ProGuard run is completely optional, but highly recommended.

ProGuard工具只在release版本有效,并且已经被整合进android构建apk系统,不需要程序员手动操作。

  This document describes how to enable and configure ProGuard as well as use the retrace tool to decode obfuscated stack traces.

Enabling ProGuard (Gradle Builds)


  When you create a project in Android Studio or with the Gradle build system, the minifyEnabled property in the build.gradle file enables and disables ProGuard for release builds. The minifyEnabled property is part of the buildTypes release block that controls the settings applied to release builds. Set the minifyEnabled property totrue to enable ProGuard, as shown in this example.

在android studio下开启ProGuard 示例
 android {
    ...

     buildTypes {
         release {
             minifyEnabled true
             proguardFiles getDefaultProguardFile('proguard-android.txt'),
             'proguard-rules.pro'
         }
     }
 }

  The getDefaultProguardFile('proguard-android.txt') method obtains the default ProGuard settings from the Android SDK tools/proguard/ folder. The proguard-android-optimize.txt file is also available in this Android SDK folder with the same rules but with optimizations enabled. ProGuard optimizations perform analysis at the bytecode level, inside and across methods to help make your app smaller and run faster. Android Studio adds the proguard-rules.pro file at the root of the module, so you can also easily add custom ProGuard rules specific to the current module.

proguard的默认设置 母体 在  SDK tools/proguard/ 下

  You can also add ProGuard files to the getDefaultProguardFile directive for all release builds or as part of the productFlavor settings in the build.gradle file to customize the settings applied to build variants. This example adds the proguard-rules-new.pro to the proguardFiles directive and the other-rules.pro file to the flavor2 product flavor.

 android {
    ...

     buildTypes {
         release {
             minifyEnabled true
             proguardFiles getDefaultProguardFile('proguard-android.txt'),
             'proguard-rules.pro', 'proguard-rules-new.pro'
         }
     }

    productFlavors {
         flavor1 {
         }
         flavor2 {
             proguardFile 'other-rules.pro'
         }
     }
 }

Configuring ProGuard


  For some situations, the default configurations in the ProGuard configuration file will suffice. However, many situations are hard for ProGuard to analyze correctly and it might remove code that it thinks is not used, but your application actually needs. Some examples include:

通常情况下,默认的proguard 配置就够用。但下面3种情况下,proguard工具不能直接准确分析,可能会删掉它认为不用的代码。
  • a class that is referenced only in the AndroidManifest.xml file
  • a method called from JNI
  • dynamically referenced fields and methods

  The default ProGuard configuration file tries to cover general cases, but you might encounter exceptions such as ClassNotFoundException, which happens when ProGuard strips away an entire class that your application calls.

  You can fix errors when ProGuard strips away your code by adding a -keep line in the ProGuard configuration file. For example:

有时会遇到ClassNotFoundException错误,可用下面方法解决。
-keep public class <MyClass>

  There are many options and considerations when using the -keep option, so it is highly recommended that you read the ProGuard Manual for more information about customizing your configuration file. The Overview of Keep options and Examples sections are particularly helpful. The Troubleshootingsection of the ProGuard Manual outlines other common problems you might encounter when your code gets stripped away.

优化示例

  https://stuff.mit.edu/afs/sipb/project/android/sdk/android-sdk-linux/tools/proguard/docs/index.html#manual/examples.html

Decoding Obfuscated Stack Traces(解码被puguard混淆的代码)


  When your obfuscated code outputs a stack trace, the method names are obfuscated, which makes debugging hard, if not impossible. Fortunately, whenever ProGuard runs, it outputs a mapping.txt file, which shows you the original class, method, and field names mapped to their obfuscated names.

使用ProGuard工具优化时,会在目录下生成一个mapping.txt文件,它记录了类,方法,属性 混淆前后的对应名。

  The retrace.bat script on Windows or the retrace.sh script on Linux or Mac OS X can convert an obfuscated stack trace to a readable one. It is located in the <sdk_root>/tools/proguard/ directory. The syntax for executing theretrace tool is:

  <sdk_root>/tools/proguard/retrace.sh 命令可以利用mapping.txt还原一个已混淆的类,方法,属性等。
  retrace.bat|retrace.sh [-verbose] mapping.txt [<stacktrace_file>]

For example:

  解混淆示例
  retrace.bat -verbose mapping.txt obfuscated_trace.txt

If you do not specify a value for <stacktrace_file>, the retrace tool reads from standard input.

Debugging considerations for published applications

  Save the mapping.txt file for every release that you publish to your users. By retaining a copy of the mapping.txt file for each release build, you ensure that you can debug a problem if a user encounters a bug and submits an obfuscated stack trace. A project's mapping.txt file is overwritten every time you do a release build, so you must be careful about saving the versions that you need. The file is stored in the app build/outs/ folder.

  For example, say you publish an application and continue developing new features of the application for a new version. You then do a release build using ProGuard soon after. The build overwrites the previous mapping.txt file. A user submits a bug report containing a stack trace from the application that is currently published. You no longer have a way of debugging the user's stack trace, because the mapping.txt file associated with the version on the user's device is gone. There are other situations where your mapping.txt file can be overwritten, so ensure that you save a copy for every release that you anticipate you have to debug.

  How you save the mapping.txt files is your decision. For example, you can rename the files to include a version or build number, or you can version control them along with your source code.

为每一个发布的版本保存一个混淆对应关系的mapping.txt是个好习惯

apk反编译(6)ProGuard 工具 android studio版官方教程[作用,配置,解混淆,优化示例]的更多相关文章

  1. Android Studio 动态调试 apk 反编译出的 smali 代码

    在信安大赛的准备过程中,主要通过 Android Studio 动态调试 apk 反编译出来的 smali 代码的方式来对我们分析的执行流程进行验证.该技巧的主要流程在此记录.以下过程使用 Andro ...

  2. Android APK反编译就这么简单 详细解释(简介)

    学习Android开发过程,你会向别人学习如何应用软件的开发,那些漂亮的动画和复杂的布局可能让你爱不释手,作为开发者.你可能真的想知道的是如何实现的界面效果.然后.您将能够更改应用程序APK反编译查看 ...

  3. Android APK反编译就这么简单 具体解释

    在学习Android开发的过程你.你往往会去借鉴别人的应用是怎么开发的,那些美丽的动画和精致的布局可能会让你爱不释手,作为一个开发人员.你可能会非常想知道这些效果界面是怎么去实现的,这时,你便能够对改 ...

  4. Android: apk反编译 及 AS代码混淆防反编译

    一.工具下载: 1.apktool(资源文件获取,如提取出图片文件和布局文件) 反编译apk:apktool d file.apk –o path 回编译apk:apktool b path –o f ...

  5. 【Android 应用开发】 Android APK 反编译 混淆 反编译后重编译

    反编译工具 : 总结了一下 linux, windows, mac 上的版本, 一起放到 CSDN 上下载; -- CSDN 下载地址 : http://download.csdn.net/detai ...

  6. Android反编译,apk反编译技术总结

    1.谷歌提供的工具:android-classyshark 下载地址:https://github.com/google/android-classyshark/releases,下载下来之后是一个可 ...

  7. 【转】Android APK反编译就这么简单 详解(附图)

    转载地址:http://blog.csdn.net/vipzjyno1/article/details/21039349 在学习Android开发的过程你,你往往会去借鉴别人的应用是怎么开发的,那些漂 ...

  8. Android APK反编译详解(附图)

    转载自http://blog.csdn.net/sunboy_2050/article/details/6727581 这段时间在学Android应用开发,在想既然是用Java开发的应该很好反编译从而 ...

  9. Android APK反编译easy 详解

    在学习Android开发的过程你,你往往会去借鉴别人的应用是怎么开发的,那些漂亮的动画和精致的布局可能会让你爱不释手,作为一个开发者,你可能会很想知道这些效果界面是怎么去实现的,这时,你便可以对改应用 ...

随机推荐

  1. Linux下Hadoop的简单安装

    Hadoop 的安装极为简单,一共只有三步:   安装JDK 安装Hadoop 配置Hadoop     1,安装JDK       下载JDK,ftp传到linux或者linux中下载     切换 ...

  2. access_ok()

    access_ok() 函数是用来代替老版本的 verify_area() 函数的.它的作用也是检查用户空间指针是否可用. 函数原型: access_ok (type, addr, size); 变量 ...

  3. Linux内核分析作业一

    一.实验 通过反汇编一个简单的c语言程序来分析计算机是如何工作的 1.进入实验楼,在实验楼环境下把c语言代码转换成汇编码 汇编代码如下图: 二.汇编代码的工作过程中堆栈的变化:(手绘步骤,顺序是从左到 ...

  4. 例题-Quota 实作:

    假设这五个用户均需要进行磁盘配额限制,每个用户的配额为 2GB (hard) 以及 1.8GB (soft),该如何处理? 答: 这一题实作比较难,因为必须要包括文件系统的支持.quota 数据文件建 ...

  5. ascx aspx ashx asmx 文件的作用

    ascx aspx ashx asmx 文件的作用 ascx: Ascx 是给予Web的用户控件(UserControl),一般是用来重用的,不能直接被访问只能插入aspx页面呈现.头部文件<% ...

  6. Ubuntu 常用软件安装方法

    macubuntu 安裝方法: $wget https://github.com/downloads/ChinaLuo/Mac_Ubuntu/Mac_Ubuntu-12.04.tar.gz -O /t ...

  7. android 开发,多个线程共用一个handler

    在做项目过程中,突然发现,项目中启动了多个线程,但是只有一个handler,而不需要每一个线程单独开一个handler,记下笔记: handler = new Handler() { @Overrid ...

  8. 1304: [CQOI2009]叶子的染色 - BZOJ

    Description给一棵m个结点的无根树,你可以选择一个度数大于1的结点作为根,然后给一些结点(根.内部结点和叶子均可)着以黑色或白色.你的着色方案应该保证根结点到每个叶子的简单路径上都至少包含一 ...

  9. protocol buffer 整数序列化

    http://blog.csdn.net/csfreebird/article/details/7624807 varints用于正整数 (无符号整数) varints 是 一个很不错的技术.将一个整 ...

  10. 【转载】Spring加载resource时classpath*:与classpath:的区别

    免责声明:     本文转自网络文章,转载此文章仅为个人收藏,分享知识,如有侵权,请联系博主进行删除.     原文作者:kyfxbl     原文地址: spring配置中classpath和cla ...