springboot 代碼混淆

此方法是代碼混淆，增加反編譯後代碼的可讀成本。

一、proguard

<build>
   <finalName>${artifactId}</finalName>
   <plugins>
      <plugin>
         <groupId>com.github.wvengen</groupId>
         <artifactId>proguard-maven-plugin</artifactId>
         <executions>
            <execution>
               <phase>package</phase>
               <goals><goal>proguard</goal></goals>
            </execution>
         </executions>
         <configuration>
            <proguardVersion>5.3.3</proguardVersion>
            <injar>${project.build.finalName}.jar</injar>
            <outjar>${project.build.finalName}.jar</outjar>
            <obfuscate>true</obfuscate>
            <options>
               <option>-dontshrink</option>
               <option>-dontoptimize</option>
           
               <option>-adaptclassstrings</option>
               <option>-keepattributes Exceptions,InnerClasses,Signature,Deprecated,
                  SourceFile,LineNumberTable,*Annotation*,EnclosingMethod</option>
               <option>-keepnames interface **</option>
               <option>-keepparameternames</option>
               <option>-keep class !com.winning.cdrgw.filter.** { *; }</option>
               <option>-keep interface * extends * { *; }</option>
               <!-- This option will save all original defined annotations in all class in all packages.-->
               <!--<option>-keepclassmembers class * {-->
                  @org.springframework.beans.factory.annotation.Autowired *;&ndash;&gt;
                  @org.springframework.beans.factory.annotation.Value *;
                  }
                </option>-->
            </options>
            <libs>
               <!-- Include main JAVA library required.-->
               <lib>${java.home}/lib/rt.jar</lib>
               <lib>${java.home}/lib/jce.jar</lib>
            </libs>
         </configuration>
         <dependencies>
            <dependency>
               <groupId>net.sf.proguard</groupId>
               <artifactId>proguard-base</artifactId>
               <version>5.3.3</version>
            </dependency>
         </dependencies>
      </plugin>

      <!-- Maven assembly must be run after proguard obfuscation so it take already obfuscated files.-->
      <plugin>
         <groupId>org.springframework.boot</groupId>
         <artifactId>spring-boot-maven-plugin</artifactId>
         <executions>
            <execution>
               <goals>
                  <goal>repackage</goal>
               </goals>
               <configuration>
                  <mainClass>com.winning.CdrgwApplication</mainClass>
               </configuration>
            </execution>
         </executions>
      </plugin>
   </plugins>
</build>

注意：

-keep class 類/包.**  表示保留類名

-keepclassmembers class 類/包.**{ *;} 表示保留類下邊的所有變量，均不混淆

 

2、混淆前後對比

1）、混淆前

2）、混淆後

 

二、Allatori

Allatori是一個Java 混淆器，它屬於第二代混淆器，因此它能夠全方位地保護你的知識產權。 Allatori具有以下幾種保護方式：命名混淆，流混淆，調試信息混淆，字符串混淆，以及水印技術。對於教育和非商業項目來說這個混淆器是免費的。支持war和jar文件格式，並且允許對需要混淆代碼的應用程序添加有效日期。 有項目需要對代碼進行保護，比較初級的方案就是對代碼進行混淆，打包之後的文件進行反編譯後，就可以看到效果。此外，使用Allatori打的包體積也會小一點。

1、項目根目錄lib下增加兩個jar包-》 allatori.jar，allatori-annotations.jar

2、resource下添加Allatori配置文件-》allatori.xml

<config>

  <input>

    <jar in="confusion-0.0.1-SNAPSHOT.jar" out="confusion-0.0.1-SNAPSHOT-obfuscated.jar"/>

  </input>

  <keep-names>

    <class access="protected+">

      <field access="protected+"/>

      <method access="protected+"/>

    </class>

  </keep-names>

  <property name="log-file" value="log.xml"/>

</config>

 

3、pom文件打包配置增加混淆配置

<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

 xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">

 <modelVersion>4.0.0</modelVersion>

 <groupId>com.lovnx</groupId>

 <artifactId>confusion</artifactId>

 <version>0.0.1-SNAPSHOT</version>

 <packaging>jar</packaging>

 <build>

 <plugins>

  <plugin>

  <groupId>org.springframework.boot</groupId>

  <artifactId>spring-boot-maven-plugin</artifactId>

  </plugin>

  <!-- Allatori plugin start -->

  <plugin>

  <groupId>org.apache.maven.plugins</groupId>

  <artifactId>maven-resources-plugin</artifactId>

  <version>2.6</version>

  <executions>

   <execution>

   <id>copy-and-filter-allatori-config</id>

   <phase>package</phase>

   <goals>

    <goal>copy-resources</goal>

   </goals>

   <configuration>

    <outputDirectory>${basedir}/target</outputDirectory>

    <resources>

    <resource>

     <directory>${basedir}/allatori</directory>

     <includes>

     <include>allatori.xml</include>

     </includes>

     <filtering>true</filtering>

    </resource>

    </resources>

   </configuration>

   </execution>

  </executions>

  </plugin>

  <plugin>

  <groupId>org.codehaus.mojo</groupId>

  <artifactId>exec-maven-plugin</artifactId>

  <version>1.2.1</version>

  <executions>

   <execution>

   <id>run-allatori</id>

   <phase>package</phase>

   <goals>

    <goal>exec</goal>

   </goals>

   </execution>

  </executions>

  <configuration>

   <executable>java</executable>

   <arguments>

   <argument>-Xms128m</argument>

   <argument>-Xmx512m</argument>

   <argument>-jar</argument>

   <argument>${basedir}/lib/allatori.jar</argument>

   <argument>${basedir}/target/allatori.xml</argument>

   </arguments>

  </configuration>

  </plugin>

  <!-- Allatori plugin end -->

 </plugins>

 </build>

 <dependencies>

 <!-- Test Begin -->

 <dependency>

  <groupId>junit</groupId>

  <artifactId>junit</artifactId>

  <scope>test</scope>

 </dependency>

 <!-- Test End -->

 <!-- springboot啓動 -->

 <dependency>

  <groupId>org.springframework.boot</groupId>

  <artifactId>spring-boot-starter-web</artifactId>

 </dependency>

 </dependencies>

 <parent>

 <groupId>org.springframework.boot</groupId>

 <artifactId>spring-boot-starter-parent</artifactId>

 <version>1.5.8.RELEASE</version>

 </parent>

</project>