Android的混淆为code以及资源 [英] Android Obfuscation for code as well as resources

问题描述

谷歌建议和包在ProGuard的为code混淆。然而，它自带的默认配置似乎很小，可以逆向工程在一定程度上。大多数人希望反向工程是不是真的要找细节code，但可能是提取的逻辑。是否有任何指引，从而更有效地配置ProGuard的？（有什么要JavaScript是最小化将是很好的程度。）

Google recommends and packs in ProGuard for code obfuscation. However the default configuration that it comes with seems minimal and one can reverse engineer to certain extent. Most people looking to reverse engineer are not really looking for detail code, but may be extract the logic. Are there any guidelines so as to configure ProGuard more efficiently ?(Something to the extent Javascript is minimized would be good.)

其次，有喜欢apktool工具，使提取清单以及资源文件。并且有混淆在他们没有水平。这些当然可以揭示一些事情。有什么方法来避免这种情况的发生？

Secondly, there are tools like apktool that enable extracting the Manifest as well as the resource files. And there is no level of obfuscation in them. These can certainly reveal few things. Are there any ways to avoid this from happening ?

推荐答案

在第一部分，我建议你检查这个问题：的 Android的游戏不断遭到黑客攻击。它并不直接处理ProGuard的，但它确实给你如何来减少盗版的一些想法。

For the first part, I suggest you to check this question: Android Game Keeps Getting Hacked . It does not address directly ProGuard, but it does give you some ideas on how to reduce pirating.

有关的第二部分，我怕不，这不是真的有可能，因为这些都是纯XML文件。你可以做的就是为减少使用资源，并直接在Java 创建的逻辑。这将减少你的code曝光的方法有三种：

For the second part, I'm afraid no, it's not really possible, since those are plain xml files. What you can do is to reduce the use of resources and create the logic directly in java. That will reduce the exposure of your code in three ways:

（1）明显的，它显示出较低易于读取XML code

(1) the obvious, it shows less easy-to-read xml code

（2）它创建更长smali文件，这是不容易遵循开始与：考虑在smali文件中的变量没有名称，但号码，并重复使用多次，从而使它们更难了解。 V1可以是一个TextView，然后再一个int，然后一个私人静态方法。

(2) it creates much longer smali files, which are not easy to follow to begin with: consider that the variables in the smali file do not have names, but numbers, and are reused several times, thus making them even harder to understand. V1 can be a TextView first, and then an int, and then a private static method.

（3）它降低了使用十六进制的ID是非常容易使用的表从public.xml的smali文件搜索的。

(3) it reduces the use of hex IDs that are very easily searchable on the smali file using the table from public.xml.

当我被移植了TouchWiz框架，一些自定义光盘，我还送了一个小的Java应用程序来自动完成身份识别（在XDA开发后期是的here ），这样你就可以IMAGIN多么容易的跟着他们。

When I was porting the TouchWiz framework to some custom ROMs, I even made a small java app to automate the ID recognition (the xda-developers post is here), so you can imagin how easy is to follow them.

这篇关于Android的混淆为code以及资源的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！