此方法是代碼混淆,增加反編譯後代碼的可讀成本。
一、proguard
<build>
<finalName>${artifactId}</finalName>
<plugins>
<plugin>
<groupId>com.github.wvengen</groupId>
<artifactId>proguard-maven-plugin</artifactId>
<executions>
<execution>
<phase>package</phase>
<goals><goal>proguard</goal></goals>
</execution>
</executions>
<configuration>
<proguardVersion>5.3.3</proguardVersion>
<injar>${project.build.finalName}.jar</injar>
<outjar>${project.build.finalName}.jar</outjar>
<obfuscate>true</obfuscate>
<options>
<option>-dontshrink</option>
<option>-dontoptimize</option>
<option>-adaptclassstrings</option>
<option>-keepattributes Exceptions,InnerClasses,Signature,Deprecated,
SourceFile,LineNumberTable,*Annotation*,EnclosingMethod</option>
<option>-keepnames interface **</option>
<option>-keepparameternames</option>
<option>-keep class !com.winning.cdrgw.filter.** { *; }</option>
<option>-keep interface * extends * { *; }</option>
<!-- This option will save all original defined annotations in all class in all packages.-->
<!--<option>-keepclassmembers class * {-->
@org.springframework.beans.factory.annotation.Autowired *;–>
@org.springframework.beans.factory.annotation.Value *;
}
</option>-->
</options>
<libs>
<!-- Include main JAVA library required.-->
<lib>${java.home}/lib/rt.jar</lib>
<lib>${java.home}/lib/jce.jar</lib>
</libs>
</configuration>
<dependencies>
<dependency>
<groupId>net.sf.proguard</groupId>
<artifactId>proguard-base</artifactId>
<version>5.3.3</version>
</dependency>
</dependencies>
</plugin>
<!-- Maven assembly must be run after proguard obfuscation so it take already obfuscated files.-->
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
<executions>
<execution>
<goals>
<goal>repackage</goal>
</goals>
<configuration>
<mainClass>com.winning.CdrgwApplication</mainClass>
</configuration>
</execution>
</executions>
</plugin>
</plugins>
</build>
注意:
-keep class 類/包.** 表示保留類名
-keepclassmembers class 類/包.**{ *;} 表示保留類下邊的所有變量,均不混淆
2、混淆前後對比
1)、混淆前
2)、混淆後
二、Allatori
Allatori是一個Java 混淆器,它屬於第二代混淆器,因此它能夠全方位地保護你的知識產權。 Allatori具有以下幾種保護方式:命名混淆,流混淆,調試信息混淆,字符串混淆,以及水印技術。對於教育和非商業項目來說這個混淆器是免費的。支持war和jar文件格式,並且允許對需要混淆代碼的應用程序添加有效日期。 有項目需要對代碼進行保護,比較初級的方案就是對代碼進行混淆,打包之後的文件進行反編譯後,就可以看到效果。此外,使用Allatori打的包體積也會小一點。
1、項目根目錄lib下增加兩個jar包-》 allatori.jar,allatori-annotations.jar
2、resource下添加Allatori配置文件-》allatori.xml
<config> <input> <jar in="confusion-0.0.1-SNAPSHOT.jar" out="confusion-0.0.1-SNAPSHOT-obfuscated.jar"/> </input> <keep-names> <class access="protected+"> <field access="protected+"/> <method access="protected+"/> </class> </keep-names> <property name="log-file" value="log.xml"/> </config> |
3、pom文件打包配置增加混淆配置
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> <modelVersion>4.0.0</modelVersion> <groupId>com.lovnx</groupId> <artifactId>confusion</artifactId> <version>0.0.1-SNAPSHOT</version> <packaging>jar</packaging> <build> <plugins> <plugin> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-maven-plugin</artifactId> </plugin> <!-- Allatori plugin start --> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-resources-plugin</artifactId> <version>2.6</version> <executions> <execution> <id>copy-and-filter-allatori-config</id> <phase>package</phase> <goals> <goal>copy-resources</goal> </goals> <configuration> <outputDirectory>${basedir}/target</outputDirectory> <resources> <resource> <directory>${basedir}/allatori</directory> <includes> <include>allatori.xml</include> </includes> <filtering>true</filtering> </resource> </resources> </configuration> </execution> </executions> </plugin> <plugin> <groupId>org.codehaus.mojo</groupId> <artifactId>exec-maven-plugin</artifactId> <version>1.2.1</version> <executions> <execution> <id>run-allatori</id> <phase>package</phase> <goals> <goal>exec</goal> </goals> </execution> </executions> <configuration> <executable>java</executable> <arguments> <argument>-Xms128m</argument> <argument>-Xmx512m</argument> <argument>-jar</argument> <argument>${basedir}/lib/allatori.jar</argument> <argument>${basedir}/target/allatori.xml</argument> </arguments> </configuration> </plugin> <!-- Allatori plugin end --> </plugins> </build> <dependencies> <!-- Test Begin --> <dependency> <groupId>junit</groupId> <artifactId>junit</artifactId> <scope>test</scope> </dependency> <!-- Test End --> <!-- springboot啓動 --> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-web</artifactId> </dependency> </dependencies> <parent> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-parent</artifactId> <version>1.5.8.RELEASE</version> </parent> </project> |