android 代码proguard

dingguagua 2013-03-17

大家都知道,java代码很容易被反编译,同样android也是如此,android中引入了proguard代码混淆。下面就说下怎么样在android中加入代码混淆。

Note:开发环境是Mac系统。采用maven开发

在pom中加入:

<pluginManagement>
			<plugins>
				<!--This plugin's configuration is used to store Eclipse m2e settings 
					only. It has no influence on the Maven build itself. -->
				<plugin>
					<groupId>org.eclipse.m2e</groupId>
					<artifactId>lifecycle-mapping</artifactId>
					<version>1.0.0</version>
					<configuration>
						<lifecycleMappingMetadata>
							<pluginExecutions>
								<pluginExecution>
									<pluginExecutionFilter>
										<groupId>
											com.jayway.maven.plugins.android.generation2
										</groupId>
										<artifactId>
											android-maven-plugin
										</artifactId>
										<versionRange>
											[3.1.1,)
										</versionRange>
										<goals>
										<goal>package</goal>
											<goal>proguard</goal>
											<goal>update-version</goal>
										</goals>
									</pluginExecutionFilter>
									<action>
										<ignore></ignore>
									</action>
								</pluginExecution>
							</pluginExecutions>
						</lifecycleMappingMetadata>
					</configuration>
				</plugin>
				<plugin>
					<groupId>org.codehaus.mojo</groupId>
					<artifactId>build-helper-maven-plugin</artifactId>
					<configuration>
						<artifacts>
							<artifact>
								<file>${project.build.directory}/${project.artifactId}-signed-aligned.apk</file>
								<type>apk</type>
								<classifier>signed-aligned</classifier>
							</artifact>
							<artifact>
								<file>${project.build.directory}/proguard/mapping.txt</file>
								<type>map</type>
								<classifier>release</classifier>
							</artifact>
						</artifacts>
					</configuration>
					<executions>
						<execution>
							<id>attach-signed-aligned</id>
							<phase>package</phase>
							<goals>
								<goal>attach-artifact</goal>
							</goals>
						</execution>
						<execution>
					      	<id>parse-version</id>
					      	<goals>
					        	<goal>parse-version</goal>
					      	</goals>
					    </execution>
					</executions>
				</plugin>
				<plugin>
					<groupId>com.pyx4me</groupId>
					<artifactId>proguard-maven-plugin</artifactId>
					<version>2.0.4</version>
					<executions>
						<execution>
							<phase>package</phase>
							<goals>
								<goal>proguard</goal>
							</goals>
						</execution>
					</executions>
					<configuration>
						<obfuscate>true</obfuscate>
						<options>
							<option>@proguard.cfg</option>
						</options>
						<injar>${project.build.finalName}.jar</injar>
						<outjar>${project.build.finalName}-small.jar</outjar>
						<outputDirectory>${project.build.directory}</outputDirectory>
						<libs>
							<lib>${java.home}/lib/rt.jar</lib>
							<lib>${java.home}/lib/jsse.jar</lib>
						</libs>
						<addMavenDescriptor>false</addMavenDescriptor>
					</configuration>
				</plugin>
			</plugins>
		</pluginManagement>
        <plugins>
...
<plugin>
		        <groupId>com.pyx4me</groupId>
		        <artifactId>proguard-maven-plugin</artifactId>
		    </plugin>
....
        </plugins>

注意红色部分,代码混淆要用到rt.jar和jsse.jar这两个jar包。但在mac中没有这个rt.jar.运行时候回报错,说没有这个jar。原来rt.jar已经被包含在了classes.jar里面了,所以我们就做一个连接连过去。

Note:也许路径会有所不同。

sudo ln -s /System/Library/Java/JavaVirtualMachines/1.6.0.jdk/Contents/Classes/jsse.jar /System/Library/Java/JavaVirtualMachines/1.6.0.jdk/Contents/home/lib/jsse.jar 

sudo ln -s /System/Library/Java/JavaVirtualMachines/1.6.0.jdk/Contents/Classes/rt.jar /System/Library/Java/JavaVirtualMachines/1.6.0.jdk/Contents/home/lib/rt.jar

再次运行,刷新工程,就可以在target文件夹下多了几个文件,progard_map.txtproguard_seeds.txt...ok,代码已经被混淆了,这样被反编译的可能性就降低了。

开始时最好不要把混淆打开,因为混淆会,如果代码报错,是定位不到代码行的,显示的事混淆以后的代码,都是小字母了

如果有更好的方式,或者不对的地方,请多指正!

相关推荐