dingguagua 2013-03-17
大家都知道,java代码很容易被反编译,同样android也是如此,android中引入了proguard代码混淆。下面就说下怎么样在android中加入代码混淆。
Note:开发环境是Mac系统。采用maven开发
在pom中加入:
<pluginManagement> <plugins> <!--This plugin's configuration is used to store Eclipse m2e settings only. It has no influence on the Maven build itself. --> <plugin> <groupId>org.eclipse.m2e</groupId> <artifactId>lifecycle-mapping</artifactId> <version>1.0.0</version> <configuration> <lifecycleMappingMetadata> <pluginExecutions> <pluginExecution> <pluginExecutionFilter> <groupId> com.jayway.maven.plugins.android.generation2 </groupId> <artifactId> android-maven-plugin </artifactId> <versionRange> [3.1.1,) </versionRange> <goals> <goal>package</goal> <goal>proguard</goal> <goal>update-version</goal> </goals> </pluginExecutionFilter> <action> <ignore></ignore> </action> </pluginExecution> </pluginExecutions> </lifecycleMappingMetadata> </configuration> </plugin> <plugin> <groupId>org.codehaus.mojo</groupId> <artifactId>build-helper-maven-plugin</artifactId> <configuration> <artifacts> <artifact> <file>${project.build.directory}/${project.artifactId}-signed-aligned.apk</file> <type>apk</type> <classifier>signed-aligned</classifier> </artifact> <artifact> <file>${project.build.directory}/proguard/mapping.txt</file> <type>map</type> <classifier>release</classifier> </artifact> </artifacts> </configuration> <executions> <execution> <id>attach-signed-aligned</id> <phase>package</phase> <goals> <goal>attach-artifact</goal> </goals> </execution> <execution> <id>parse-version</id> <goals> <goal>parse-version</goal> </goals> </execution> </executions> </plugin> <plugin> <groupId>com.pyx4me</groupId> <artifactId>proguard-maven-plugin</artifactId> <version>2.0.4</version> <executions> <execution> <phase>package</phase> <goals> <goal>proguard</goal> </goals> </execution> </executions> <configuration> <obfuscate>true</obfuscate> <options> <option>@proguard.cfg</option> </options> <injar>${project.build.finalName}.jar</injar> <outjar>${project.build.finalName}-small.jar</outjar> <outputDirectory>${project.build.directory}</outputDirectory> <libs> <lib>${java.home}/lib/rt.jar</lib> <lib>${java.home}/lib/jsse.jar</lib> </libs> <addMavenDescriptor>false</addMavenDescriptor> </configuration> </plugin> </plugins> </pluginManagement> <plugins> ... <plugin> <groupId>com.pyx4me</groupId> <artifactId>proguard-maven-plugin</artifactId> </plugin> .... </plugins>
注意红色部分,代码混淆要用到rt.jar和jsse.jar这两个jar包。但在mac中没有这个rt.jar.运行时候回报错,说没有这个jar。原来rt.jar已经被包含在了classes.jar里面了,所以我们就做一个连接连过去。
Note:也许路径会有所不同。
sudo ln -s /System/Library/Java/JavaVirtualMachines/1.6.0.jdk/Contents/Classes/jsse.jar /System/Library/Java/JavaVirtualMachines/1.6.0.jdk/Contents/home/lib/jsse.jar sudo ln -s /System/Library/Java/JavaVirtualMachines/1.6.0.jdk/Contents/Classes/rt.jar /System/Library/Java/JavaVirtualMachines/1.6.0.jdk/Contents/home/lib/rt.jar
再次运行,刷新工程,就可以在target文件夹下多了几个文件,progard_map.txtproguard_seeds.txt...ok,代码已经被混淆了,这样被反编译的可能性就降低了。
开始时最好不要把混淆打开,因为混淆会,如果代码报错,是定位不到代码行的,显示的事混淆以后的代码,都是小字母了
如果有更好的方式,或者不对的地方,请多指正!