【发布时间】:2019-05-16 21:40:42
【问题描述】:
我是第一次测试 Proguard 的混淆功能。为此,我做了以下操作
- 下载了 Cordova Hello World plugin
- 通过在它发出的问候消息中添加字符串
" This is top secret"对其进行了修改 - 创建了一个简单的 Cordova Hello World 项目
cordova create ... - 添加了Cordova Proguard plugin
- 将本地来源的插件添加到该项目中
- 通过附加
proguard.config=${sdk.dir}/tools/proguard/proguard-android.txt:proguard-custom.txt修改了platforms\android\project.properties文件 - 自建apk
cordova build --release
我几乎没有修改proguard-custom.txt 文件。其内容如下所示
-keepclassmembers class * {@android.webkit.JavascriptInterface <methods>;}
#AddedThis
-adaptresourcefilenames **.json,**.gif,**.jpg
-adaptresourcefilecontents **.json,META-INF/MANIFEST.MF
-keep class com.android.vending.licensing.ILicensingService
-keepattributes *Annotation*
-keepclassmembers enum * {
public static **[] values();
public static ** valueOf(java.lang.String);
}
-keepattributes InnerClasses
-keep class **.R
-keep class **.R$* {<fields>;}
-renamesourcefileattribute SourceFile
-keepattributes SourceFile,LineNumberTable
-keep class org.apache.cordova.** { *; }
-keep public class * extends org.apache.cordova.CordovaPlugin
-keep class org.apache.cordova.CordovaBridge
{org.apache.cordova.PluginManager pluginManager; }
-keep class org.apache.cordova.CordovaInterfaceImpl
{org.apache.cordova.PluginManager pluginManager; }
-keep class org.apache.cordova.CordovaResourceApi
{org.apache.cordova.PluginManager pluginManager; }
-keep class org.apache.cordova.CordovaWebViewImpl
{org.apache.cordova.PluginManager pluginManager; }
-keep class org.apache.cordova.ResumeCallback
{org.apache.cordova.PluginManager pluginManager; }
-keep class org.apache.cordova.engine.SystemWebViewEngine
{org.apache.cordova.PluginManager pluginManager; }
-keep class com.google.gson.internal.UnsafeAllocator { ** theUnsafe; }
-dontnote org.apache.harmony.xnet.provider.jsse.NativeCrypto
-dontnote sun.misc.Unsafe
-keep class com.worklight.androidgap.push.** { *; }
-keep class com.worklight.wlclient.push.** { *; }
-keep class com.google.** { *; }
-dontwarn com.google.common.**
-dontwarn com.google.ads.**
-optimizations
!class/merging/vertical*,!class/merging/horizontal*,
!code/simplification/arithmetic,!field/*,!code/allocation/variable
-keep class net.sqlcipher.** { *; }
-dontwarn net.sqlcipher.**
-keep class org.codehaus.** { *; }
-keepattributes *Annotation*,EnclosingMethod
-keepclassmembers enum * {
public static **[] values();
public static ** valueOf(java.lang.String);
}
-assumenosideeffects class android.util.Log {
public static *** d(...);
}
-dontwarn com.worklight.common.internal.WLTrusteerInternal*
-dontwarn com.worklight.jsonstore.**
-dontwarn org.codehaus.jackson.map.ext.*
-dontwarn com.worklight.androidgap.push.GCMIntentService
-dontwarn com.worklight.androidgap.plugin.WLInitializationPlugin
-dontwarn android.support.v4.**
-dontwarn android.net.SSLCertificateSocketFactory
-dontwarn android.net.http.*
Proguard 按预期完成所有动作。例如,我看到了
Obfuscating...
Printing mapping to
[buildpath\outputs\mapping\release\mapping.txt]...
Preverifying...
Writing output...
Preparing output jar
[buildpath\intermediates\transforms\proguard\release\0.jar]
Copying resources from program jar
[buildpath\intermediates\transforms\desugar\release\0.jar]
(filtered)
Copying resources from program directory
[buildpath\intermediates\transforms\desugar\release\1]
(filtered)
Copying resources from program jar
[buildpath\intermediates\transforms\mergeJavaRes\release\0.jar]
(filtered)
然后按预期生成 APK。我通过Java decompiler 运行了这个 APK 并下载了输出。浏览该下载中的Hello.java,我找到了完整的原始源代码
package com.example.plugin;
import org.apache.cordova.CallbackContext;
import org.apache.cordova.CordovaPlugin;
import org.json.JSONArray;
public class Hello extends CordovaPlugin
{
public boolean execute(String str,JSONArray jSONArray,
CallbackContext callbackContext)
{
if (!str.equals("greet")) return false;
callbackContext.success("Hello, " + jSONArray.getString(0) +
" This is a secret!");
return true;
}
}
就好像 Proguard 经历了所有的动作,但什么都没有。我显然错过了这里的一个关键步骤,但我不清楚那可能是什么。我将非常感谢任何能够让我走上正轨的人。
【问题讨论】:
-
ProGuard 不加密字符串常量
标签: android cordova proguard obfuscation cordova-plugin-proguard