此方法是代码混淆,增加反编译后代码的可读成本。
一、proguard
<build>
<finalName>${artifactId}</finalName>
<plugins>
<plugin>
<groupId>com.github.wvengen</groupId>
<artifactId>proguard-maven-plugin</artifactId>
<executions>
<execution>
<phase>package</phase>
<goals><goal>proguard</goal></goals>
</execution>
</executions>
<configuration>
<proguardVersion>5.3.3</proguardVersion>
<injar>${project.build.finalName}.jar</injar>
<outjar>${project.build.finalName}.jar</outjar>
<obfuscate>true</obfuscate>
<options>
<option>-dontshrink</option>
<option>-dontoptimize</option>
<option>-adaptclassstrings</option>
<option>-keepattributes Exceptions,InnerClasses,Signature,Deprecated,
SourceFile,LineNumberTable,*Annotation*,EnclosingMethod</option>
<option>-keepnames interface **</option>
<option>-keepparameternames</option>
<option>-keep class !com.winning.cdrgw.filter.** { *; }</option>
<option>-keep interface * extends * { *; }</option>
<!-- This option will save all original defined annotations in all class in all packages.-->
<!--<option>-keepclassmembers class * {-->
@org.springframework.beans.factory.annotation.Autowired *;–>
@org.springframework.beans.factory.annotation.Value *;
}
</option>-->
</options>
<libs>
<!-- Include main JAVA library required.-->
<lib>${java.home}/lib/rt.jar</lib>
<lib>${java.home}/lib/jce.jar</lib>
</libs>
</configuration>
<dependencies>
<dependency>
<groupId>net.sf.proguard</groupId>
<artifactId>proguard-base</artifactId>
<version>5.3.3</version>
</dependency>
</dependencies>
</plugin>
<!-- Maven assembly must be run after proguard obfuscation so it take already obfuscated files.-->
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
<executions>
<execution>
<goals>
<goal>repackage</goal>
</goals>
<configuration>
<mainClass>com.winning.CdrgwApplication</mainClass>
</configuration>
</execution>
</executions>
</plugin>
</plugins>
</build>
注意:
-keep class 类/包.** 表示保留类名
-keepclassmembers class 类/包.**{ *;} 表示保留类下边的所有变量,均不混淆
2、混淆前后对比
1)、混淆前
2)、混淆后
二、Allatori
Allatori是一个Java 混淆器,它属于第二代混淆器,因此它能够全方位地保护你的知识产权。 Allatori具有以下几种保护方式:命名混淆,流混淆,调试信息混淆,字符串混淆,以及水印技术。对于教育和非商业项目来说这个混淆器是免费的。支持war和jar文件格式,并且允许对需要混淆代码的应用程序添加有效日期。 有项目需要对代码进行保护,比较初级的方案就是对代码进行混淆,打包之后的文件进行反编译后,就可以看到效果。此外,使用Allatori打的包体积也会小一点。
1、项目根目录lib下增加两个jar包-》 allatori.jar,allatori-annotations.jar
2、resource下添加Allatori配置文件-》allatori.xml
<config> <input> <jar in="confusion-0.0.1-SNAPSHOT.jar" out="confusion-0.0.1-SNAPSHOT-obfuscated.jar"/> </input> <keep-names> <class access="protected+"> <field access="protected+"/> <method access="protected+"/> </class> </keep-names> <property name="log-file" value="log.xml"/> </config> |
3、pom文件打包配置增加混淆配置
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> <modelVersion>4.0.0</modelVersion> <groupId>com.lovnx</groupId> <artifactId>confusion</artifactId> <version>0.0.1-SNAPSHOT</version> <packaging>jar</packaging> <build> <plugins> <plugin> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-maven-plugin</artifactId> </plugin> <!-- Allatori plugin start --> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-resources-plugin</artifactId> <version>2.6</version> <executions> <execution> <id>copy-and-filter-allatori-config</id> <phase>package</phase> <goals> <goal>copy-resources</goal> </goals> <configuration> <outputDirectory>${basedir}/target</outputDirectory> <resources> <resource> <directory>${basedir}/allatori</directory> <includes> <include>allatori.xml</include> </includes> <filtering>true</filtering> </resource> </resources> </configuration> </execution> </executions> </plugin> <plugin> <groupId>org.codehaus.mojo</groupId> <artifactId>exec-maven-plugin</artifactId> <version>1.2.1</version> <executions> <execution> <id>run-allatori</id> <phase>package</phase> <goals> <goal>exec</goal> </goals> </execution> </executions> <configuration> <executable>java</executable> <arguments> <argument>-Xms128m</argument> <argument>-Xmx512m</argument> <argument>-jar</argument> <argument>${basedir}/lib/allatori.jar</argument> <argument>${basedir}/target/allatori.xml</argument> </arguments> </configuration> </plugin> <!-- Allatori plugin end --> </plugins> </build> <dependencies> <!-- Test Begin --> <dependency> <groupId>junit</groupId> <artifactId>junit</artifactId> <scope>test</scope> </dependency> <!-- Test End --> <!-- springboot启动 --> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-web</artifactId> </dependency> </dependencies> <parent> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-parent</artifactId> <version>1.5.8.RELEASE</version> </parent> </project> |