{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 Root(大扎) 的问题《Questions about Proguard》','https://www.manongdao.com/q-1058122.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I've obfuscated my application using ProGuard 4.7. After that I unpacked my application using Dex2Jar. And I was not happy with the result of obfuscation. And I have the following questions:
1.. How to mask a string constant?
(May be using this option: a string constant is loaded from the server. I know that this will affect performance, but the defense primarily)
2.. How to rename the standard class names?
For example: after obfuscation standart class names remain unchanged. (can make copies of all standard classes and then ProGuard will rename them)
import android.content.BroadcastReceiver; import android.content.Context; import android.content.Intent; import android.media.MediaRecorder; import android.telephony.TelephonyManager;
3.. ProGuard has created many new packages, but all the working classes are in one of them. How to place them in different packages?
a.a b.a my.package.name // here all working classes of my app b.b c.c
4.. Why are some names of my classes have not changed?
Question 2. You can't have ProGuard rename those as they are part of the phone. You don't loose any obfuscation security with external classes not obfuscated. Attempting to make local copies that you include with your app will only lead you down a path of ruin, you want the versions that are on the phone.
Question 3. That is expected, and relates to question 4. Anything part of the package that contains your Activities (or other public entry points) needs to maintain that path.
So if you have packages:
Then the activities package must be fully retained because any activity classes will not be obfuscated. Also com.mycompay.myapp must be retain for any item referenced from XML so the system can correctly find your entry as defined in the manifest.
It sounds like ProGuard is working as it should be in your setup.
I can help with a couple of these.
Grabbing a string off your server is a mild defense, but then an attacker is going to see that URL and go grab the contents (or wireshark it). You've slowed the app down and tied the user to internet access for little to no gain. Proguard can't do this out of the box, if you really want to obfuscate your strings, Base64 encode them. It won't slow someone down much, but at least it's not obvious. More info: hiding strings in Obfuscated code
Dunno
Dunno
There are a number of classes and interfaces that need to have publicly visible names. Services, Activities, AIDL definitions are a few of them, but If you want a better idea, post the class/interface name and the classes it derives from/implements.