java混淆一下

素颜马尾好姑娘i 2022-01-12 01:11 149阅读 0赞

前言

最近在项目中碰到个一个场景,我们需要把自己的java项目jar包部署到一个第三方的服务器上,虽然双方互相信任,但是综合考虑,避免别人拿到jar包后可以很快的编译出源码,我们决定给代码加一层混淆,虽然此方法不能从根源上解决问题,但是做了一层混淆,也可以增加阅读源码的难度,总结了一下,写下这篇文章。

如何反编译java代码

我用的是mac电脑,从官网:java-decompiler.github.io/#jd-gui-dow…下载JD-GUI,官网有很多版本,下载后安装打开即可,导入你想反编译的jar,我这里随便找了个jar包做演示

何为java混淆

细心的小伙伴肯定发现了,上面的截图有的包名是a,b,c这样命名的,但凡有点节操的程序员都不会这样命名的,这就是被混淆后的代码,让人不会一眼看出来代码里面的逻辑,效果会像下面这样

可以看到类名,包名都被修改了

进行java混淆

我们以之前springboot项目为例,进行service层的代码的混淆,呼啸前效果如下:

接下来我们只需要在pom里面加入如下插件

  1. <plugin>
  2. <groupId>org.apache.maven.plugins</groupId>
  3. <artifactId>maven-compiler-plugin</artifactId>
  4. <version>3.1</version>
  5. <configuration>
  6. <source>1.7</source>
  7. <target>1.7</target>
  8. <encoding>UTF-8</encoding>
  9. </configuration>
  10. </plugin>
  11. <plugin>
  12. <groupId>com.github.wvengen</groupId>
  13. <artifactId>proguard-maven-plugin</artifactId>
  14. <version>2.0.14</version>
  15. <executions>
  16. <execution>
  17. <phase>package</phase>
  18. <goals>
  19. <goal>proguard</goal>
  20. </goals>
  21. </execution>
  22. </executions>
  23. <configuration>
  24. <proguardVersion>6.1.0beta2</proguardVersion>
  25. <injar>${project.build.finalName}.jar</injar>
  26. <outjar>${project.build.finalName}.jar</outjar>
  27. <obfuscate>true</obfuscate>
  28. <options>
  29. <option>-dontshrink</option>
  30. <option>-dontoptimize</option>
  31. <!-- This option will replace all strings in reflections method invocations with new class names. For example, invokes Class.forName('className')-->
  32. <option>-adaptclassstrings</option>
  33. <option>-keepdirectories</option>
  34. <!-- This option will save all original annotations and etc. Otherwise all we be removed from files.-->
  35. <option>-keepattributes
  36. Exceptions,
  37. InnerClasses,
  38. Signature,
  39. Deprecated,
  40. SourceFile,
  41. LineNumberTable,
  42. *Annotation*,
  43. EnclosingMethod
  44. </option>
  45. <!-- This option will save all original names in interfaces (without obfuscate).-->
  46. <option>-keepnames interface **</option>
  47. <!-- This option will save all original methods parameters in files defined in -keep sections, otherwise all parameter names will be obfuscate.-->
  48. <option>-keepparameternames</option>
  49. <!--不使用大小写字母进行混淆,保持类唯一性-->
  50. <option>-dontusemixedcaseclassnames</option>
  51. <!-- This option will save all original class files (without obfuscate) but obfuscate all in domain and service packages.-->
  52. <option>-keep
  53. class com.stone.zplxjj.Application {
  54. public static void main(java.lang.String[]);
  55. }
  56. </option>
  57. <!-- 指明哪些类可以不被混淆-->
  58. <option>-keep class com.stone.zplxjj.autoconfiguration.** { *; }</option>
  59. <option>-keep class com.stone.zplxjj.config.** { *; }</option>
  60. <option>-keep class com.stone.zplxjj.controller.** { *; }</option>
  61. <option>-keep class com.stone.zplxjj.dao.** { *; }</option>
  62. <option>-keep class com.stone.zplxjj.entity.** { *; }</option>
  63. <option>-keep class com.stone.zplxjj.event.** { *; }</option>
  64. <option>-keep class com.stone.zplxjj.interceptor.** { *; }</option>
  65. <option>-keep class com.stone.zplxjj.listener.** { *; }</option>
  66. <option>-keep class com.stone.zplxjj.properties.** { *; }</option>
  67. <option>-keep class com.stone.zplxjj.filter.** { *; }</option>
  68. <!-- This option ignore warnings such as duplicate class definitions and classes in incorrectly named files-->
  69. <option>-ignorewarnings</option>
  70. <!-- This option will save all original class files (without obfuscate) in service package-->
  71. <!--<option>-keep class com.slm.proguard.example.spring.boot.service { *; }</option>-->
  72. <!-- This option will save all original interfaces files (without obfuscate) in all packages.-->
  73. <option>-keep interface * extends * { *; }</option>
  74. <!-- This option will save all original defined annotations in all class in all packages.-->
  75. <option>-keepclassmembers class * {
  76. @org.springframework.beans.factory.annotation.Autowired *;
  77. @org.springframework.beans.factory.annotation.Value *;
  78. }
  79. </option>
  80. </options>
  81. <injarNotExistsSkip>true</injarNotExistsSkip>
  82. <libs>
  83. <!--Put here your libraries if required-->
  84. <lib>${java.home}/lib/rt.jar</lib>
  85. </libs>
  86. </configuration>
  87. <dependencies>
  88. <dependency>
  89. <groupId>net.sf.proguard</groupId>
  90. <artifactId>proguard-base</artifactId>
  91. <version>6.1.0beta2</version>
  92. </dependency>
  93. </dependencies>
  94. </plugin>
  95. <plugin>
  96. <groupId>org.springframework.boot</groupId>
  97. <artifactId>spring-boot-maven-plugin</artifactId>
  98. </plugin>
  99. 复制代码

执行打包命令:mvn package,会看到生成如下

我们看到了生成了不只一个jar包,还有一些别的文件,这个我们放后面介绍,我们先看下划红线的jar反编译后的效果

可以看到我们针对service包下面的类混淆成功了

注意点

  1. zplxjj_proguard_base.jar是没有经过混淆的jar
  2. 两个.txt文件说明了混淆前和混淆后的对应关系
  3. 如果项目中引入了spring框架,类的注入id要保持唯一性,否则就要重写生成bean的id规则的方法
  4. 更多pom文件细节可以参考:www.guardsquare.com/en/products…

更多文章欢迎关注个人博客:www.zplxjj.com和公众号

转载于:https://juejin.im/post/5d00e7c05188255bda35d3aa

发表评论

表情:
评论列表 (有 0 条评论,149人围观)

还没有评论,来说两句吧...

相关阅读