apk decompilation and AS basic confusion rules

Posted by robtbs on Fri, 01 May 2020 08:04:28 +0200

1, Decompilation

  1. Decompress apk with compressed package management software (such as WinRAR, WinZIP, etc.) to get the classes.dex file, and put the file in the dex2jar folder.
  2. Use the dex2 jar tool software to get the corresponding jar files.
    (1) Open the command line interface.
    (2) Navigate to the directory where dex2jar.bat is located.
    (3) Enter the command dex2jar.bat classes.dex to generate the jar file (classes · dex2jar. Jar).

  1. Open the jar file with the JD GUI tool software to view the source code.

2, Basic confusion rules

as has greatly improved the security of the code after adding the obfuscation rule. First, you need to allow obfuscation during packaging. Modify the following code in build.gradle:

buildTypes {
        release {
            // Do you want to mix up when packing? The default isfalse
            minifyEnabled true
            proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.pro'
        }
    }

After allowing obfuscation, we need to add our obfuscation rules. Just add them to the proguard-rules.pro file. Note: the dependency library does not need to open obfuscation.

# Code obfuscation compression ratio, between 0 and 7, default to 5, generally not modified
-optimizationpasses 5

# Do not use case mixing when mixing. The mixed class name is lowercase
-dontusemixedcaseclassnames

# Specifies that classes that do not ignore non-public Libraries
-dontskipnonpubliclibraryclasses

# This sentence can confuse our project and generate a mapping file
# Include the mapping relationship of class name after class name - > obfuscation
-verbose

# Specifies not to ignore class members of non-public Libraries
-dontskipnonpubliclibraryclassmembers

# Preverify is one of the four steps of proguard without pre verification. Android does not need preverify. Removing this step can speed up confusion.
-dontpreverify

# Keep annotations unambiguous
-keepattributes *Annotation*,InnerClasses

# Avoid confusing generics
-keepattributes Signature

# Keep line number when throwing exception
-keepattributes SourceFile,LineNumberTable

# Specify that obfuscation is the algorithm used, followed by a filter
# This filter is an algorithm recommended by Google, which is usually unchanged
-optimizations !code/simplification/cast,!field/*,!class/merging/*

#############################################
#
# Some common parts in Android development that need to be preserved
#
#############################################

# Keep the four major components we use, custom Application and so on, and these classes will not be confused
# Because these subclasses may be called externally
-keep public class * extends android.app.Activity
-keep public class * extends android.app.Appliction
-keep public class * extends android.app.Service
-keep public class * extends android.content.BroadcastReceiver
-keep public class * extends android.content.ContentProvider
-keep public class * extends android.app.backup.BackupAgentHelper
-keep public class * extends android.preference.Preference
-keep public class * extends android.view.View
-keep public class com.android.vending.licensing.ILicensingService


# Keep all classes and their inner classes under support
-keep class android.support.** {*;}

# Keep inherited
-keep public class * extends android.support.v4.**
-keep public class * extends android.support.v7.**
-keep public class * extends android.support.annotation.**

# Keep resources under R
-keep class **.R$* {*;}

# Keep native methods in place
-keepclasseswithmembernames class * {
    native <methods>;
}

# The method parameter retained in Activity is the view method,
# In this way, the onClick we wrote in the layout will not be affected
-keepclassmembers class * extends android.app.Activity{
    public void *(android.view.View);
}

# Keep enumeration classes from being confused
-keepclassmembers enum * {
    public static **[] values();
    public static ** valueOf(java.lang.String);
}

# Keep our custom controls (inherited from View) unambiguous
-keep public class * extends android.view.View{
    *** get*();
    void set*(***);
    public <init>(android.content.Context);
    public <init>(android.content.Context, android.util.AttributeSet);
    public <init>(android.content.Context, android.util.AttributeSet, int);
}

# Keep the Parcelable serialization class from being confused
-keep class * implements android.os.Parcelable {
    public static final android.os.Parcelable$Creator *;
}

# Keep Serializable serialized classes unambiguous
-keepclassmembers class * implements java.io.Serializable {
    static final long serialVersionUID;
    private static final java.io.ObjectStreamField[] serialPersistentFields;
    !static !transient <fields>;
    !private <fields>;
    !private <methods>;
    private void writeObject(java.io.ObjectOutputStream);
    private void readObject(java.io.ObjectInputStream);
    java.lang.Object writeReplace();
    java.lang.Object readResolve();
}

# For onxevent, * * On*Listener with callback function, it cannot be confused
-keepclassmembers class * {
    void *(**On*Event);
    void *(**On*Listener);
}

# webView processing, webView ignore is not used in the project
-keepclassmembers class fqcn.of.javascript.interface.for.webview {
    public *;
}
-keepclassmembers class * extends android.webkit.webViewClient {
    public void *(android.webkit.WebView, java.lang.String, android.graphics.Bitmap);
    public boolean *(android.webkit.WebView, java.lang.String);
}
-keepclassmembers class * extends android.webkit.webViewClient {
    public void *(android.webkit.webView, jav.lang.String);
}

-ignorewarnings

-keep class * {
    public private *;
}

These are some basic confusion rules. If a third-party framework is used in the project, you can go to the official website to check the confusion rules and copy them. The method of decompilation is used for reference Original hydrogen CSDN blog . Welcome to me Personal blog built by github+jekyll Learn together.

Topics: Android Java Gradle Google