專注Java教育14年
全國咨詢/投訴熱線:400-8080-105
更新時間:2022-12-28 13:15:24 來源:動力節(jié)點 瀏覽2400次
Proguard 是一個用純 Java 編寫的混淆工具,有兩種使用 JAR 客戶端的方法。可以將程序打包成JAR,然后用工具進行混淆,或者導入PROGUARD插件進行代碼混淆。在這種情況下,代碼對于普通的 JavaWeb 項目來說是混淆的。Maven配置插件如下:
<! - Proguard Confused Plug ->
<plugin>
<groupId>com.github.wvengen</groupId>
<artifactId>proguard-maven-plugin</artifactId>
<version>2.0.11</version>
<executions>
<execution>
<! - Confused moments, here is confusing when packaging ->
<phase>package</phase>
<goals>
<! - What is the function of using a plugin, of course confused ->
<goal>proguard</goal>
</goals>
</execution>
</executions>
<configuration>
<! - Whether to install the generated PG file ->
<attach>true</attach>
<! - Confusion ->
<obfuscate>true</obfuscate>
<! - Specify the generated file classification ->
<attachArtifactClassifier>pg</attachArtifactClassifier>
<options>
<! - JDK Target Version 1.8 ->
<option>-target 1.8</option>
<! - Do not contraction (delete comments, not referenced code) ->
<option>-dontshrink</option>
<! - Not optimization (change code implementation logic) ->
<option>-dontoptimize</option>
<! - Do not pass the non-public class files and members ->
<option>-dontskipnonpubliclibraryclasses</option>
<option>-dontskipnonpubliclibraryclassmembers</option>
<! - No casement of hybrid class mechanism ->
<option>-dontusemixedcaseclassnames</option>
<! - Allow access to and modify the members of the modifier and class members ->
<option>-allowaccessmodification</option>
<! - Determine a unified confusing member name to increase confusion ->
<option>-useuniqueclassmembernames</option>
<! - Not confused all the package name ->
<!--<option>-keeppackagenames</option>-->
<! - Requires the properties: unusual, annotation, etc. ->
<option>-keepattributes Exceptions,InnerClasses,Signature,Deprecated,SourceFile,LocalVariable*Table,*Annotation*,Synthetic,EnclosingMethod</option>
<! - Uncommixed SET / GET Method ->
<!--<option>-keepclassmembers public class * {void set*(***);*** get*();}</option>-->
<! - Unconducted all kinds of names under the package, and the method in the class is not confusing ->
<option>-keep class com.xxx.xxx.bboss.SystemConfig { <methods>; }</option>
<option>-keep class com.xxx.xxx.framework.** { *; }</option>
<option>-keep class com.xxx.xxx.xxx.controller.** { <methods>; }</option>
<option>-keep class com.xxx.xxx.xxx.dao.** { <methods>; }</option>
<option>-keep class com.xxx.xxx.xxx.exception { <methods>; }</option>
<option>-keep class com.xxx.xxx.xxx.model.** { <methods>; }</option>
</options>
<! - Class is confused after the JAR package output ->
<outjar>classes-autotest.jar</outjar>
<! - Add dependencies, here you can modify it, here you can test only a JRE Runtime package is available ->
<libs>
<lib>${java.home}/lib/rt.jar</lib>
</libs>
<! - What to load, only Classes succeed here, after all, you can't confuse the configuration file and JSP ->
<injar>classes</injar>
<! - Output Directory ->
<outputDirectory>${project.build.directory}</outputDirectory>
</configuration>
</plugin>
運行 MVN Clean Package -dskiptests
混淆結(jié)果如圖:
Classes-pg.jar 很混亂,包含了完整的項目結(jié)構。
ProGuard_map.txt 混淆內(nèi)容映射
ProGuard_seed.txt 參與混淆類
經(jīng)過混淆,反編譯代碼如下:
可以看出,部分包名已經(jīng)改為簡單的字母,不再具有業(yè)務意義,變量名也進行了修改,增加了讀取代碼。
運行服務,項目運行正常。
需要注意:
1.有時有時會配置包名或類名,所以需要更改一些相關的配置文件,所以在ProGuard中并不是隨機生成類名,而是先將相同的包按照原來的名字排序,混淆了類名是A .Class, B.Class, C.class .....
那么,當包中的類超過26個時,默認命名為A.Class、B.Class、C.Class,在某些操作系統(tǒng)下,會不區(qū)分case case case case,會導致錯誤(水平限制,沒有深入的紀律是相關的;因此
<! - 沒有混合類機制的案例 - >
<option>-dontusemixedcaseclassnames</option>
配置極其關鍵,分別命名為aa.class、ab.class、ac.class,而不是原來的大寫類,而不是原來的大寫類名,避免出錯。
2.包部署問題。這個profile中打包的WAR中的classes文件還是正常的代碼。需要手動解壓,替換Classes-Pg.jar,在工程管理的情況下,可以在Jenkins中配置腳本,自動混淆Classes替換WAR包:
# Change the contents of the WAR package classes as confusing packages
cd /root/.jenkins/workspace/mytest_master/target
jar -xvf classes-pg.jar
rm -rf mytest
mkdir mytest
mv mytest.war mytest
cd mytest/
jar -xvf mytest.war
rm -rf WEB-INF/classes/com/
cd ../
cp -rf com mytest/WEB-INF/classes/
cd mytest
jar -cvfM0 mytest.war ./
mv mytest.war ../
這樣Jenkins就是混淆了WAR包,可以直接給客戶使用。
官方微信
官方抖音
Java實驗班
Java就業(yè)班
Java夜校直播班
Java在職加薪班
Java架構師班
京公網(wǎng)安備 11030102010736號