最近做的项目代码混淆,在网上查了好多资料都失败了,原因是我使用了个非常高端的布局根据命名规则自动匹配加载的算法。换成了手动加载布局后就成功了,之后又遇到了gson的转换异常,跟进发现是泛型在转换过程中被擦除了。现在记录代码混淆的一一步骤。
准备工作
Gradle 配置, 为了在开发期间发现是否混淆成功,所以如下配置:
buildTypes {
release {
minifyEnabled true
zipAlignEnabled true
proguardFiles getDefaultProguardFile('proguard-android-optimize.txt'), 'proguard-rules.pro'
}
debug {
minifyEnabled true
zipAlignEnabled true
proguardFiles getDefaultProguardFile('proguard-android-optimize.txt'), 'proguard-rules.pro'
}
}
开始过滤
proguard-android-optimize.txt文件自身带有过滤配制:
# This is a configuration file for ProGuard.
# http://proguard.sourceforge.net/index.html#manual/usage.html
# Optimizations: If you don't want to optimize, use the
# proguard-android.txt configuration file instead of this one, which
# turns off the optimization flags. Adding optimization introduces
# certain risks, since for example not all optimizations performed by
# ProGuard works on all versions of Dalvik. The following flags turn
# off various optimizations known to have issues, but the list may not
# be complete or up to date. (The "arithmetic" optimization can be
# used if you are only targeting Android 2.0 or later.) Make sure you
# test thoroughly if you go this route.
# 指定混淆时采用的算法
-optimizations !code/simplification/arithmetic,!code/simplification/cast,!field/*,!class/merging/*
# 代码混淆压缩比例, 在 0 - 7 之间,默认 5
-optimizationpasses 5
-allowaccessmodification
# 不做预校验
-dontpreverify
# The remainder of this file is identical to the non-optimized version
# of the Proguard configuration file (except that the other file has
# flags to turn off optimization).
# 混淆时不允许大小写混合,混淆后类名都会小写
-dontusemixedcaseclassnames
# 不忽略非公共的库的类
-dontskipnonpubliclibraryclasses
# * 不忽略非公共的库的类的成员
-dontskipnonpubliclibraryclassmembers
# 混淆后会生成映射文件,包含类名和混淆后类名的映射关系, 使用 printmapping 可以指定映射的名称
-verbose
# *
-printmapping proguardMapping.txt
# 保护 Annotation 不被混淆,否则,使用 Gson 转 json 的时候会报错
-keepattributes *Annotation*
# * 保护泛型, 否则使用 Gson 或 fastJson 的时候会报错
-keepattributes Signature
# * 抛出异常时保留代码行号
-keepattributes SourceFile, LineNumberTable
-keep public class com.google.vending.licensing.ILicensingService
-keep public class com.android.vending.licensing.ILicensingService
# For native methods, see http://proguard.sourceforge.net/manual/examples.html#native
# 保留所有的本地 native 方法不被混淆
-keepclasseswithmembernames class * {
native <methods>;
}
# keep setters in Views so that animations can still work.
# see http://proguard.sourceforge.net/manual/examples.html#beans
-keepclassmembers public class * extends android.view.View {
void set*(***);
*** get*();
}
# We want to keep methods in Activity that could be used in the XML attribute onClick
# 保留 Activity 中方法参数是 view 的方法, 在 layout 布局中 写 onClick 时间就不会被影响
-keepclassmembers class * extends android.app.Activity {
public void *(android.view.View);
}
# For enumeration classes, see http://proguard.sourceforge.net/manual/examples.html#enumerations
# 枚举类不能被混淆
-keepclassmembers enum * {
public static **[] values();
public static ** valueOf(java.lang.String);
}
# 保留 Parcelable 序列化的类不被混淆
-keepclassmembers class * implements android.os.Parcelable {
public static final android.os.Parcelable$Creator CREATOR;
}
-keepclassmembers class **.R$* {
public static <fields>;
}
# The support library contains references to newer platform versions.
# Don't warn about those in case this app is linking against an older
# platform version. We know about them, and they are safe.
-dontwarn android.support.**
# Understand the @Keep support annotation.
-keep class android.support.annotation.Keep
-keep @android.support.annotation.Keep class * {*;}
-keepclasseswithmembers class * {
@android.support.annotation.Keep <methods>;
}
-keepclasseswithmembers class * {
@android.support.annotation.Keep <fields>;
}
-keepclasseswithmembers class * {
@android.support.annotation.Keep <init>(...);
}
注:以上问件带 * 号的都是原文件没有的,需要自己加。
项目混淆完整事例
# Add project specific ProGuard rules here.
# By default, the flags in this file are appended to flags specified
# in F:\AndroidStudioSDK\sdk/tools/proguard/proguard-android.txt
# You can edit the include path and order by changing the proguardFiles
# directive in build.gradle.
#
# For more details, see
# http://developer.android.com/guide/developing/tools/proguard.html
# Add any project specific keep options here:
# If your project uses WebView with JS, uncomment the following
# and specify the fully qualified class name to the JavaScript interface
# class:
# 混淆后会生成映射文件,包含类名和混淆后类名的映射关系, 使用 printmapping 可以指定映射的名称
-verbose
-printmapping proguardMapping.txt
# * 不忽略非公共的库的类的成员
-dontskipnonpubliclibraryclassmembers
# * 抛出异常时保留代码行号
-keepattributes SourceFile, LineNumberTable
# keep 所有的 javabean ==========================需要替换包名========================
-keep class com.afra55.apimodule.bean.**
-keep class com.afra55.apimodule.bean.**{*;}
# 最好不要有内嵌类,非要有 用示例 MainActivity$*{*;} 来避免混淆这个类的内嵌类, $ 是用来分割内嵌类的标志
# WebView 相关, 还有要确保 js 调用的原生android 方法不被混淆 <methods>;
-keepclassmembers class fqcn.of.javascript.interface.for.webview {
public *;
}
-keepclassmembernames class * extends android.webkit.WebViewClient {
public void * (android.webkit.WebView, java.lang.String, android.graphics.Bitmap);
public boolean * (android.webkit.WebView, java.lang.String);
}
-keepclassmembernames class * extends android.webkit.WebViewClient {
public void * (android.webkit.WebView, java.lang.String);
}
# 对于反射,例如 Class.forName("XXXX"), 一定要确保 XXXX类名不被混淆, 以及要反射的方法和属性
# 混淆泛型
-keepattributes Signature
-dontwarn javax.annotation.Nullable
-dontwarn com.google.**
-keep class javax.annotation.** { *; }
-dontwarn javax.annotation.**
# The support library contains references to newer platform versions.
# Don't warn about those in case this app is linking against an older
# platform version. We know about them, and they are safe.
-dontwarn android.support.**
### keep options
#system default, from android example
-keep public class * extends android.app.Activity
-keep public class * extends android.support.v4.app.Fragment
-keep public class * extends android.app.Application
-keep public class * extends android.app.Service
-keep public class * extends android.content.BroadcastReceiver
-keep public class * extends android.content.ContentProvider
-keep public class * extends android.app.backup.BackupAgentHelper
-keep public class * extends android.preference.Preference
-keep public class * extends android.view.View
-keep public class com.google.vending.licensing.ILicensingService
-keep public class com.android.vending.licensing.ILicensingService
-keepclasseswithmembernames class * {
native <methods>;
}
-keepclasseswithmembers class * {
public <init>(android.content.Context, android.util.AttributeSet);
public <init>(android.content.Context, android.util.AttributeSet, int);
}
-keepclassmembers enum * {
public static **[] values();
public static ** valueOf(java.lang.String);
}
-keep class * implements android.os.Parcelable {
public static final android.os.Parcelable$Creator *;
}
# 保留 Serializable 序列化的类不被混淆
-keepclassmembers class * implements java.io.Serializable {
static final long serialVersionUID;
private static final java.io.ObjectStreamField[] serialPersistentFields;
private void writeObject(java.io.ObjectOutputStream);
private void readObject(java.io.ObjectInputStream);
java.lang.Object writeReplace();
java.lang.Object readResolve();
}
# 不混淆 R 资源下的所有类及方法
-keep class **.R$* {
*;
}
# 对带有回调函数 onXXEvent, 不混淆该方法
-keepclassmembers class * {
void *(**On*Event);
}
# 保留自定义控件不被混淆, 凡是在 XML 中配置的 自定义 View 都要保持名字不被混淆, 这个要自行添加
-keep public class * extends android.view.View {
*** get*();
void set*(***);
public <init>(android.content.Context);
public <init>(android.content.Context, android.util.AttributeSet);
public <init>(android.content.Context, android.util.AttributeSet, int);
}
# V4 包示例
-dontwarn android.support.v4.**
-keep class android.support.v4.** {*;}
-keep interface android.support.v4.app.** {*;}
-keep public class * extends android.support.v4.**
-keep public class * extends android.app.Fragment
# OKHTTP
-dontwarn com.squareup.okhttp.**
-keep class com.squareup.okhttp.** { *;}
-dontwarn okio.**
# Fresco
-keep,allowobfuscation @interface com.facebook.common.internal.DoNotStrip
-keep @com.facebook.common.internal.DoNotStrip class *
-keepclassmembers class * {
@com.facebook.common.internal.DoNotStrip *;
}
-dontwarn okio.**
-dontwarn com.android.volley.toolbox.**
# retrofit2
-dontwarn retrofit2.**
-keep class retrofit2.** { *; }
-keepattributes Signature
-keepattributes Exceptions
# rxjava
-dontwarn sun.misc.**
-keepclassmembers class rx.internal.util.unsafe.*ArrayQueue*Field* {
long producerIndex;
long consumerIndex;
}
-keepclassmembers class rx.internal.util.unsafe.BaseLinkedQueueProducerNodeRef {
rx.internal.util.atomic.LinkedQueueNode producerNode;
}
-keepclassmembers class rx.internal.util.unsafe.BaseLinkedQueueConsumerNodeRef {
rx.internal.util.atomic.LinkedQueueNode consumerNode;
}
一些其他的过滤
过滤第三方包(用到的都过滤,举例,由于现在的 Android studio 会自动混淆引入的包,故不必再过滤 jar 包):
# 高德地图
-dontwarn com.amap.api.**
-dontwarn com.a.a.**
-dontwarn com.autonavi.**
-keep class com.amap.api.** {*;}
-keep class com.autonavi.** {*;}
-keep class com.a.a.** {*;}
# android-async-http
-keep class com.loopj.android.http.**
-keep class com.loopj.android.http.** {*;}
有关gson的一些过滤
# Application classes that will be serialized/deserialized over Gson
-keep class com.google.gson.examples.android.model.** { *; }
-keep class com.google.gson.**{*;}
-keep class com.google.gson.annotations.**{*;}
-keep class com.google.gson.internal.**{*;}
-keep class com.google.gson.internal.bind.**{*;}
-keep class com.google.gson.reflect.**{*;}
-keep class com.google.gson.stream.**{*;}
-keep class com.google.android.gms.** { *; }
-keep class org.apache.commons.net.** { *; }
-dontwarn android.webkit.WebView
-keep public class javax.**
-keep public class android.webkit.**
