Android Proguard安全加固教你如何让自己的应用程序或SDK更难被反编译--library打包成jar并且混淆

Posted Engineer-Jsp

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了Android Proguard安全加固教你如何让自己的应用程序或SDK更难被反编译--library打包成jar并且混淆相关的知识,希望对你有一定的参考价值。

android 应用层开发的时候咱们技术人员都或多或少都会接触一些SDK比如so、jar等,这些都是数据类公司提供给互联网开发公司的关于技术核心类

方便的东西,因为是核心所以加密加固是必不可少的工作,本博今天就向大家介绍jar的封装打包以及混淆,完成自己的SDK!在此之前需要给大家说

说so,so是由C/C++语言编译而来,其反编译难度更大,因为反编译之后就是汇编语言,需要懂汇编才能看懂,更重要的是即使懂汇编把其复原也是相

当大的工程,尤其是一些大公司的SDK,那就更别说了,而jar呢反编译的难度就相比so要小很多,所以这也是很多包名和key的验证都放在so的原因!

jar加密加固无外乎就是混淆了,只要你在这个行业做了一段时间就会知道个大概了,混淆就是把 keep 命令之外的变量名、类名、函数名、

attributes、parameter name等全部混淆成一些小写字母之类的,这样这个SDK看起来就会异常的紊乱,但是先前提到过,只要在这个行业做过一段时

间,即使混淆了部分,但大部分的语法还是可以寻到其根源的,所以比较好的方式就是推荐so+jar


①通过library打包自己的SDK

这是笔者自己写的一个SDK,里面主要是用来管理wifi、ap、服务端的文件快传、摄像监控的rtsp推流框架、asyntask管理、网络编程、相机管理,硬加速、局域网组播、二维码

生成和解析等,是用于一个大项目的核心代码,主要是用来降低架构与UI的耦合性,其次就是为了安全,废话不多说先开始介绍library的封装,打包成jar 的SDK最后介绍jar SDK

的混淆加固

首先看看library的构成,如下图:




AndroidManifest.xml 清单文件的配置,如下代码:

<manifest xmlns:android="http://schemas.android.com/apk/res/android"
    package="jsp.rtsp.server.camera" >

    <application
        android:allowBackup="true"
        android:label="@string/app_name"
        android:supportsRtl="true" >
    </application>

</manifest>


我们可以理解为这是一个新建的android application project,因为这本身就是一个ndroid application project,只是特殊的而已,新建一个ndroid application project

然后修改AndroidManifest.xml清单文件去掉不必要的xml节点,完成这一步之后,进行如下图步骤:



接下来弹出如下提示框,进行如下步骤:




这样一个library的建立就完成了!

下面介绍library的编译与依赖的编译

编译的话直接clean就可以编译library,简单粗暴,接着说依赖编译,还是上图描述比较深刻

还是单机选择一个非library的android项目,如下




选择properties项后,弹出如下提示框:




点击OK确认后,进行如下步骤:




执行完该步骤之后,项目会生成一个新的东西,如下图:




下面继续说上面的依赖编译,在完成上面的步骤之后,可以开始依赖编译,就是对library项目进行clean,但再此之前需要执行一下步骤,方便清除上一次的library

缓存,如下图步骤操作,在对library进行clean:




这就是依赖编译,这么做的好处就是可以不用每次更新编译生成新library的时候将jar copy到项目中,非常方便!

好了,关于library的jar SDK封装就完成了,下面开始讲library SDK的混淆与加密加固了!

②通过Proguard 混淆 library打包的jar SDK

Proguard 的使用,Proguard在你的android SDK 路径下的 tools目录下,比如笔者的如下图:




双击打开,下面介绍 Proguard 使用




点击next之后,可以新增自己需要被混淆的jar以及混淆后的jar输出路径,如下图:




备注:其中的android.jar依赖需要根据自己的SDK版本对应,比如你选择的是6.0,那对应选择SDK目录下的platforms的android-23下的android.jar

然后选择next进行下一步




继续 next 执行下一步




下面介绍怎么样配置混淆,以及混淆的具体操作:

1.关于类的混淆:




添加不想被混淆的类:




添加不想被混淆的方法:




添加不想被混淆的变量:




关于内部类和内部接口的混淆,其中内部enum也类似



关于函数和变量方面,笔者怕大家理解不清楚,就随便演示一下,如下图:

1.不混淆方法演示图:

首先看实际代码:

	/**
	 * @author Engineer-Jsp
	 * @param android.content.Context context
	 * @param jsp.rtsp.server.ap.WiFiApManager.ResponseCallBack call
	 * @return jsp.rtsp.server.ap.WiFiApManager
	 */
	public static WiFiApManager getInstance(Context context, ResponseCallBack call) {
		if (mWiFiApManager == null) {
			mWiFiApManager = new WiFiApManager(context, call);
		}
		return mWiFiApManager;
	}

再看混淆的配置:



argument type 看不清吗?没关系,我把它贴出来:

android.content.Context,jsp.rtsp.server.ap.WiFiApManager$ResponseCallBack

你们肯定在想,为什么是WiFiApManager$ResponseCallBack而不是WiFiApManager.ResponseCallBack,这个等下会细说给大家,下面继续演示变量的混淆配置

2. 不混淆变量演示:

首先看一个内部类代码:

public class CameraManager {

	private static CameraManager mCameraManager = null;
	private MediaStream mMediaStream;

	public static interface CameraCallBack {
		void onSuccess(int code, String msg);

		void onCameraStop();

		void onError(int errcode, String errmsg);
	}

	/**
	 * 
	 * @author Engineer-Jsp
	 * 内部类的演示
	 *
	 */
	public static class CameraParameters {
		public int width;
		public int height;
	}


配置不混淆的变量:




好了,到此关于混淆的具体配置都已经讲得差不多了,下面还要给大家说说关于内部类、内部接口等的调用为什么有时候用"$"有时用".",其实这是跟具体配置和

代码的写法有关的,还记得在配置混淆的时候的那具体的提示框吗?没错这就是引起调用的关键



假如上图红色框的2个复选框被勾选了,那么混淆配置以及混淆之后的内部调用是不用带"$"符号的,采用"."符号,比如:WiFiApManager.ResponseCallBack

假如上图红色框的2个复选框没有被勾选,那么混淆配置以及混淆之后的内部调用是带"$"符号的,比如:WiFiApManager$ResponseCallBack,在import 导包的时候也是用"$"而不能用点符号,即使是 new 创建新实例对象的时候,如果他是内部类,就必须要带$符号,如下导包和创建新的实例:

import jsp.rtsp.server.ap.WiFiApManager$ResponseCallBack;

CameraManager$CameraParameters cameraParameters = CameraManager.getSupportResolution(this);

所以在不勾选的情况下,建议大家刻意的去使用内部类和内部接口,除非它们不需要暴露给开发者调用,否则最好不要这样写!这样不规范!

在配置完混淆的具体配置以后,继续next,后面的大概都不用去修改了,一直到 process 选项,选择 process 按钮,就会开始混淆jar

在该 process 界面下,有以下按钮需要注意,如下图:



混淆后使用jd-gui看效果:





编译通过后导入项目与依赖该SDK的项目一起编译




安装效果图:



其中本项目又涉及了很多so库,所以在jni方面最好是不要混淆native的方法,而且C/C++调用java层的方法最好也不要混淆!

关于本篇文章的介绍就这么多,谢谢观博!

附上pro文件:

-injars 'D:\\Android\\Android-6.0-23.06-Build\\workspace\\jsp.jar'
-outjars 'D:\\Android\\Android-6.0-23.06-Build\\workspace\\jsp-rtsp-server.jar'

-libraryjars 'D:\\Java\\jre7\\lib\\rt.jar'
-libraryjars 'D:\\Android\\Android-6.0-23.06-Build\\workspace\\jsp-rtsp-server\\libs\\zxing.jar'
-libraryjars 'D:\\Android\\Android-6.0-23.06-Build\\android-6.0-sdk\\platforms\\android-23\\android.jar'

-dontshrink
-keeppackagenames


-keep,allowshrinking class jsp.rtsp.server.ap.WiFiApManager {
    *** closeWifiAp(...);
    public static jsp.rtsp.server.ap.WiFiApManager getInstance(android.content.Context,jsp.rtsp.server.ap.WiFiApManager$ResponseCallBack);
    *** getWiFiApAddress(...);
    *** openWifiAp(...);
    *** onDestroy(...);
}

-keep,allowshrinking interface  jsp.rtsp.server.ap.WiFiApManager$ResponseCallBack {
    void onWiFiApQrcodeBitmapCall(android.graphics.Bitmap);
}

-keep,allowshrinking class jsp.rtsp.server.camera.CameraManager {
    public static jsp.rtsp.server.camera.CameraManager getInstance(android.content.Context,android.view.SurfaceView,jsp.rtsp.server.camera.CameraManager$CameraCallBack);
    *** updateResolution(...);
    *** setDgree(...);
    *** startStream(...);
    *** getRtspAddress(...);
    *** stopStream(...);
    android.hardware.Camera getCamera(...);
    *** setRtspAddress(...);
    *** createCamera(...);
    *** startPreview(...);
    *** stopPreview(...);
    *** destroyCamera(...);
    *** switchCamera(...);
    *** reStartStream(...);
    public static void setSupportResolution(android.content.Context);
    public static jsp.rtsp.server.camera.CameraManager$CameraParameters getSupportResolution(android.content.Context);
}

-keep,allowshrinking interface  jsp.rtsp.server.camera.CameraManager$CameraCallBack {
    void onSuccess(int,java.lang.String);
    void onCameraStop(...);
    void onError(int,java.lang.String);
}

-keep,allowshrinking public class jsp.rtsp.server.camera.CameraManager$CameraParameters {
    public int width;
    public int height;
}

-keep,allowshrinking class org.easydarwin.easyipcamera.camera.EasyIPCamera {
    public static void onIPCameraCallBack(int,int,byte[],int);
}

# Keep - Applications. Keep all application classes, along with their 'main'
# methods.
-keepclasseswithmembers public class * {
    public static void main(java.lang.String[]);
}

# Also keep - Enumerations. Keep the special static methods that are required in
# enumeration classes.
-keepclassmembers enum  * {
    public static **[] values();
    public static ** valueOf(java.lang.String);
}

# Also keep - Database drivers. Keep all implementations of java.sql.Driver.
-keep class * extends java.sql.Driver

# Also keep - Swing UI L&F. Keep all extensions of javax.swing.plaf.ComponentUI,
# along with the special 'createUI' method.
-keep class * extends javax.swing.plaf.ComponentUI {
    public static javax.swing.plaf.ComponentUI createUI(javax.swing.JComponent);
}

# Keep names - Native method names. Keep all native class/method names.
-keepclasseswithmembers,allowshrinking class * {
    native <methods>;
}

# Remove - System method calls. Remove all invocations of System
# methods without side effects whose return values are not used.
-assumenosideeffects public class java.lang.System {
    public static long currentTimeMillis();
    static java.lang.Class getCallerClass();
    public static int identityHashCode(java.lang.Object);
    public static java.lang.SecurityManager getSecurityManager();
    public static java.util.Properties getProperties();
    public static java.lang.String getProperty(java.lang.String);
    public static java.lang.String getenv(java.lang.String);
    public static java.lang.String mapLibraryName(java.lang.String);
    public static java.lang.String getProperty(java.lang.String,java.lang.String);
}

# Remove - Math method calls. Remove all invocations of Math
# methods without side effects whose return values are not used.
-assumenosideeffects public class java.lang.Math {
    public static double sin(double);
    public static double cos(double);
    public static double tan(double);
    public static double asin(double);
    public static double acos(double);
    public static double atan(double);
    public static double toRadians(double);
    public static double toDegrees(double);
    public static double exp(double);
    public static double log(double);
    public static double log10(double);
    public static double sqrt(double);
    public static double cbrt(double);
    public static double IEEEremainder(double,double);
    public static double ceil(double);
    public static double floor(double);
    public static double rint(double);
    public static double atan2(double,double);
    public static double pow(double,double);
    public static int round(float);
    public static long round(double);
    public static double random();
    public static int abs(int);
    public static long abs(long);
    public static float abs(float);
    public static double abs(double);
    public static int max(int,int);
    public static long max(long,long);
    public static float max(float,float);
    public static double max(double,double);
    public static int min(int,int);
    public static long min(long,long);
    public static float min(float,float);
    public static double min(double,double);
    public static double ulp(double);
    public static float ulp(float);
    public static double signum(double);
    public static float signum(float);
    public static double sinh(double);
    public static double cosh(double);
    public static double tanh(double);
    public static double hypot(double,double);
    public static double expm1(double);
    public static double log1p(double);
}

# Remove - Number method calls. Remove all invocations of Number
# methods without side effects whose return values are not used.
-assumenosideeffects public class java.lang.* extends java.lang.Number {
    public static java.lang.String toString(byte);
    public static java.lang.Byte valueOf(byte);
    public static byte parseByte(java.lang.String);
    public static byte parseByte(java.lang.String,int);
    public static java.lang.Byte valueOf(java.lang.String,int);
    public static java.lang.Byte valueOf(java.lang.String);
    public static java.lang.Byte decode(java.lang.String);
    public int compareTo(java.lang.Byte);
    public static java.lang.String toString(short);
    public static short parseShort(java.lang.String);
    public static short parseShort(java.lang.String,int);
    public static java.lang.Short valueOf(java.lang.String,int);
    public static java.lang.Short valueOf(java.lang.String);
    public static java.lang.Short valueOf(short);
    public static java.lang.Short decode(java.lang.String);
    public static short reverseBytes(short);
    public int compareTo(java.lang.Short);
    public static java.lang.String toString(int,int);
    public static java.lang.String toHexString(int);
    public static java.lang.String toOctalString(int);
    public static java.lang.String toBinaryString(int);
    public static java.lang.String toString(int);
    public static int parseInt(java.lang.String,int);
    public static int parseInt(java.lang.String);
    public static java.lang.Integer valueOf(java.lang.String,int);
    public static java.lang.Integer valueOf(java.lang.String);
    public static java.lang.Integer valueOf(int);
    public static java.lang.Integer getInteger(java.lang.String);
    public static java.lang.Integer getInteger(java.lang.String,int);
    public static java.lang.Integer getInteger(java.lang.String,java.lang.Integer);
    public static java.lang.Integer decode(java.lang.String);
    public static int highestOneBit(int);
    public static int lowestOneBit(int);
    public static int numberOfLeadingZeros(int);
    public static int numberOfTrailingZeros(int);
    public static int bitCount(int);
    public static int rotateLeft(int,int);
    public static int rotateRight(int,int);
    public static int reverse(int);
    public static int signum(int);
    public static int reverseBytes(int);
    public int compareTo(java.lang.Integer);
    public static java.lang.String toString(long,int);
    public static java.lang.String toHexString(long);
    public static java.lang.String toOctalString(long);
    public static java.lang.String toBinaryString(long);
    public static java.lang.String toString(long);
    public static long parseLong(java.lang.String,int);
    public static long parseLong(java.lang.String);
    public static java.lang.Long valueOf(java.lang.String,int);
    public static java.lang.Long valueOf(java.lang.String);
    public static java.lang.Long valueOf(long);
    public static java.lang.Long decode(java.lang.String);
    public static java.lang.Long getLong(java.lang.String);
    public static java.lang.Long getLong(java.lang.String,long);
    public static java.lang.Long getLong(java.lang.String,java.lang.Long);
    public static long highestOneBit(long);
    public static long lowestOneBit(long);
    public static int numberOfLeadingZeros(long);
    public static int numberOfTrailingZeros(long);
    public static int bitCount(long);
    public static long rotateLeft(long,int);
    public static long rotateRight(long,int);
    public static long reverse(long);
    public static int signum(long);
    public static long reverseBytes(long);
    public int compareTo(java.lang.Long);
    public static java.lang.String toString(float);
    public static java.lang.String toHexString(float);
    public static java.lang.Float valueOf(java.lang.String);
    public static java.lang.Float valueOf(float);
    public static float parseFloat(java.lang.String);
    public static boolean isNaN(float);
    public static boolean isInfinite(float);
    public static int floatToIntBits(float);
    public static int floatToRawIntBits(float);
    public static float intBitsToFloat(int);
    public static int compare(float,float);
    public boolean isNaN();
    public boolean isInfinite();
    public int compareTo(java.lang.Float);
    public static java.lang.String toString(double);
    public static java.lang.String toHexString(double);
    public static java.lang.Double valueOf(java.lang.String);
    public static java.lang.Double valueOf(double);
    public static double parseDouble(java.lang.String);
    public static boolean isNaN(double);
    public static boolean isInfinite(double);
    public static long doubleToLongBits(double);
    public static long doubleToRawLongBits(double);
    public static double longBitsToDouble(long);
    public static int compare(double,double);
    public boolean isNaN();
    public boolean isInfinite();
    public int compareTo(java.lang.Double);
    public <init>(byte);
    public <init>(short);
    public <init>(int);
    public <init>(long);
    public <init>(float);
    public <init>(double);
    public <init>(java.lang.String);
    public byte byteValue();
    public short shortValue();
    public int intValue();
    public long longValue();
    public float floatValue();
    public double doubleValue();
    public int compareTo(java.lang.Object);
    public boolean equals(java.lang.Object);
    public int hashCode();
    public java.lang.String toString();
}

# Remove - String method calls. Remove all invocations of String
# methods without side effects whose return values are not used.
-assumenosideeffects public class java.lang.String {
    public <init>();
    public <init>(byte[]);
    public <init>(byte[],int);
    public <init>(byte[],int,int);
    public <init>(byte[],int,int,int);
    public <init>(byte[],int,int,java.lang.String);
    public <init>(byte[],java.lang.String);
    public <init>(char[]);
    public <init>(char[],int,int);
    public <init>(java.lang.String);
    public <init>(java.lang.StringBuffer);
    public static java.lang.String copyValueOf(char[]);
    public static java.lang.String copyValueOf(char[],int,int);
    public static java.lang.String valueOf(boolean);
    public static java.lang.String valueOf(char);
    public static java.lang.String valueOf(char[]);
    public static java.lang.String valueOf(char[],int,int);
    public static java.lang.String valueOf(double);
    public static java.lang.String valueOf(float);
    public static java.lang.String valueOf(int);
    public static java.lang.String valueOf(java.lang.Object);
    public static java.lang.String valueOf(long);
    public boolean contentEquals(java.lang.StringBuffer);
    public boolean endsWith(java.lang.String);
    public boolean equalsIgnoreCase(java.lang.String);
    public boolean equals(java.lang.Object);
    public boolean matches(java.lang.String);
    public boolean regionMatches(boolean,int,java.lang.String,int,int);
    public boolean regionMatches(int,java.lang.String,int,int);
    public boolean startsWith(java.lang.String);
    public boolean startsWith(java.lang.String,int);
    public byte[] getBytes();
    public byte[] getBytes(java.lang.String);
    public char charAt(int);
    public char[] toCharArray();
    public int compareToIgnoreCase(java.lang.String);
    public int compareTo(java.lang.Object);
    public int compareTo(java.lang.String);
    public int hashCode();
    public int indexOf(int);
    public int indexOf(int,int);
    public int indexOf(java.lang.String);
    public int indexOf(java.lang.String,int);
    public int lastIndexOf(int);
    public int lastIndexOf(int,int);
    public int lastIndexOf(java.lang.String);
    public int lastIndexOf(java.lang.String,int);
    public int length();
    public java.lang.CharSequence subSequence(int,int);
    public java.lang.String concat(java.lang.String);
    public java.lang.String replaceAll(java.lang.String,java.lang.String);
    public java.lang.String replace(char,char);
    public java.lang.String replaceFirst(java.lang.String,java.lang.String);
    public java.lang.String[] split(java.lang.String);
    public java.lang.String[] split(java.lang.String,int);
    public java.lang.String substring(int);
    public java.lang.String substring(int,int);
    public java.lang.String toLowerCase();
    public java.lang.String toLowerCase(java.util.Locale);
    public java.lang.String toString();
    public java.lang.String toUpperCase();
    public java.lang.String toUpperCase(java.util.Locale);
    public java.lang.String trim();
}

# Remove - StringBuffer method calls. Remove all invocations of StringBuffer
# methods without side effects whose return values are not used.
-assumenosideeffects public class java.lang.StringBuffer {
    public <init>();
    public <init>(int);
    public <init>(java.lang.String);
    public <init>(java.lang.CharSequence);
    public java.lang.String toString();
    public char charAt(int);
    public int capacity();
    public int codePointAt(int);
    public int codePointBefore(int);
    public int indexOf(java.lang.String,int);
    public int lastIndexOf(java.lang.String);
    public int lastIndexOf(java.lang.String,int);
    public int length();
    public java.lang.String substring(int);
    public java.lang.String substring(int,int);
}

# Remove - StringBuilder method calls. Remove all invocations of StringBuilder
# methods without side effects whose return values are not used.
-assumenosideeffects public class java.lang.StringBuilder {
    public <init>();
    public <init>(int);
    public <init>(java.lang.String);
    public <init>(java.lang.CharSequence);
    public java.lang.String toString();
    public char charAt(int);
    public int capacity();
    public int codePointAt(int);
    public int codePointBefore(int);
    public int indexOf(java.lang.String,int);
    public int lastIndexOf(java.lang.String);
    public int lastIndexOf(java.lang.String,int);
    public int length();
    public java.lang.String substring(int);
    public java.lang.String substring(int,int);
}


以上是关于Android Proguard安全加固教你如何让自己的应用程序或SDK更难被反编译--library打包成jar并且混淆的主要内容,如果未能解决你的问题,请参考以下文章

Android apk如何加固防止被破解(防止逆向编译)

Android apk如何加固防止被破解(防止逆向编译)

Android安全专项-Apk加固

android - 如何让 enum 远离 proguard

如何让 R8 + proguard-android-optimize.txt + Google Drive API 无缝运行?

Android 安全深思数盾 Virbox 加固应用 ( 购买加固服务 | 下载加固软件 | 启动加固软件 | 函数 VMP 壳设置 | 加密选项 | 资源加密 | SO 保护 )