Proguard混淆器
最近公司有一个项目,是外包项目,由于对方也有技术人员,出于技术上的保密,需要对class文件进行二次处理,于是网上找了好久,只发现Proguard是用的最广泛而且网上资料最多的。由于不是纯JAVA项目,而是WEB项目,涉及到大量的配置文件,所以用这个工具稍显吃力,于是开始研究这玩意,花了好长一段时间,重复试验了N次,终于整出来了,下面总结一下我的经验。。
首先我介绍下我要混淆的项目框架是jfinal+dwz+spring(包含xml配置文件,导致部分class文件不能直接混淆)。下面开始说详细的操作步奏:
1)将web项目的src目录的java文件打包,只需要选择java文件即可,其他配置文件什么的都不用选择,如图
2)到http://proguard.sourceforge.net/下载proguard,目前我下载并使用的是proguard5.1(注:本人下载频道也有proguard5.1<http://download.csdn.net/detail/lulu147/8343521>)。
3)解压proguard5.1,执行 bin目录下的proguardgui.bat
然后会弹出如下图所示窗口
4)点击左边“input/output”菜单,然后点击右边的“Add input”按钮,添加需要混淆的jar包,我这里是test.jar,然后点击“add output”,选择输出的路径和包名。
5)下面开始添加支持库,这个地方很重要,很多同学刚开始使用这个工具的时候就是这里老是出问题。
点击右边的“add”。
说明一下,这里最好把你的eclipse里java project里的libraries所有Library的jar包,包含web项目lib下面的包,jdk中jre下面的包和servlet.jar包等copy到一个目录,然后在这里加入这些jar包。系统默认会带上rt.jar,这里我们可以先remove掉,然后到jre下面copy所有的包。
6)点击“shrinking”,设置成如图所示。
7)点击“obfuscation”,设置如图所示
8)点击“optimization”设置如图所示
9)点击information,设置如图所示,注意选择jdk版本(Target)
10) 点击“process”,再点击“save configuration”,在弹出的对话框中,输入要保存的配置文件名称(这里我的是1111111.pro),最后点击“保存”.
11) 设置基本完成,关掉proguard窗口,找到刚刚保存的配置文件,开始手动修改部分配置。
以下是我的配置文件,经测试通过,手动修改的部分为红色字体
-injars Test\test.jar -outjars Test\test--.jar
-libraryjars 'D:\jdk1.6.0_45\jre\lib\rt.jar' -libraryjars hunxiao\a\activation-1.1.jar -libraryjars hunxiao\a\activiti-cxf-5.10.jar -libraryjars hunxiao\a\activiti-engine-5.10.jar -libraryjars hunxiao\a\activiti-spring-5.10.jar -libraryjars hunxiao\a\alt-rt.jar -libraryjars hunxiao\a\alt-string.jar -libraryjars hunxiao\a\aopalliance-1.0.jar -libraryjars hunxiao\a\c3p0-0.9.1.2.jar -libraryjars hunxiao\a\charsets.jar -libraryjars hunxiao\a\commons-beanutils-1.9.1.jar -libraryjars hunxiao\a\commons-codec-1.9.jar -libraryjars hunxiao\a\commons-collections-3.2.1.jar -libraryjars hunxiao\a\commons-digester-1.7.jar -libraryjars hunxiao\a\commons-digester3-3.2.jar -libraryjars hunxiao\a\commons-io-2.0.1.jar -libraryjars hunxiao\a\commons-lang3-3.3.jar -libraryjars hunxiao\a\commons-logging-1.1.3.jar -libraryjars hunxiao\a\cos-26Dec2008.jar -libraryjars hunxiao\a\deploy.jar -libraryjars hunxiao\a\dom4j-1.6.1.jar -libraryjars hunxiao\a\druid-0.2.6.jar -libraryjars hunxiao\a\edtftpj.jar -libraryjars hunxiao\a\ehcache-core-2.5.2.jar -libraryjars hunxiao\a\fastjson-1.2.0.jar -libraryjars hunxiao\a\fprzMock.jar -libraryjars hunxiao\a\freemarker-2.3.16.jar -libraryjars hunxiao\a\groovy-all-1.5.5.jar -libraryjars hunxiao\a\guava-16.0.1.jar -libraryjars hunxiao\a\hessian-4.0.7.jar -libraryjars hunxiao\a\itext-2.1.7.jar -libraryjars hunxiao\a\iTextAsian-2.1.jar -libraryjars hunxiao\a\jasperreports-3.7.4.jar -libraryjars hunxiao\a\javaws.jar -libraryjars hunxiao\a\javax.servlet.jsp.jstl-1.2.0.v201105211821.jar -libraryjars hunxiao\a\jce.jar -libraryjars hunxiao\a\jfinal-1.6-bin-with-src.jar -libraryjars hunxiao\a\jfinal-ext-eu.jar -libraryjars hunxiao\a\jna-4.1.0.jar -libraryjars hunxiao\a\jna-platform-4.1.0.jar -libraryjars hunxiao\a\joda-time-2.1.jar -libraryjars hunxiao\a\joor-0.9.3.jar -libraryjars hunxiao\a\jsse.jar -libraryjars hunxiao\a\jxls-core-0.9.9.jar -libraryjars hunxiao\a\kaptcha-2.3.2.jar -libraryjars hunxiao\a\log4j-1.2.16.jar -libraryjars hunxiao\a\management-agent.jar -libraryjars hunxiao\a\mybatis-3.1.1.jar -libraryjars hunxiao\a\mysql-connector-java-5.1.20-bin.jar -libraryjars hunxiao\a\ojdbc6.jar -libraryjars hunxiao\a\org.apache.taglibs.standard.glassfish-1.2.0.v201112081803.jar -libraryjars hunxiao\a\org.springframework.aop-3.1.1.RELEASE.jar -libraryjars hunxiao\a\org.springframework.asm-3.1.1.RELEASE.jar -libraryjars hunxiao\a\org.springframework.aspects-3.1.1.RELEASE.jar -libraryjars hunxiao\a\org.springframework.beans-3.1.1.RELEASE.jar -libraryjars hunxiao\a\org.springframework.context-3.1.1.RELEASE.jar -libraryjars hunxiao\a\org.springframework.context.support-3.1.1.RELEASE.jar -libraryjars hunxiao\a\org.springframework.core-3.1.1.RELEASE.jar -libraryjars hunxiao\a\org.springframework.expression-3.1.1.RELEASE.jar -libraryjars hunxiao\a\org.springframework.instrument-3.1.1.RELEASE.jar -libraryjars hunxiao\a\org.springframework.instrument.tomcat-3.1.1.RELEASE.jar -libraryjars hunxiao\a\org.springframework.jdbc-3.1.1.RELEASE.jar -libraryjars hunxiao\a\org.springframework.jms-3.1.1.RELEASE.jar -libraryjars hunxiao\a\org.springframework.org.apache.commons.logging-1.1.1.jar -libraryjars hunxiao\a\org.springframework.orm-3.1.1.RELEASE.jar -libraryjars hunxiao\a\org.springframework.oxm-3.1.1.RELEASE.jar -libraryjars hunxiao\a\org.springframework.test-3.1.1.RELEASE.jar -libraryjars hunxiao\a\org.springframework.transaction-3.1.1.RELEASE.jar -libraryjars hunxiao\a\org.springframework.web-3.1.1.RELEASE.jar -libraryjars hunxiao\a\org.springframework.web.portlet-3.1.1.RELEASE.jar -libraryjars hunxiao\a\org.springframework.web.servlet-3.1.1.RELEASE.jar -libraryjars hunxiao\a\plugin.jar -libraryjars hunxiao\a\poi-3.9.jar -libraryjars hunxiao\a\quartz-1.8.6.jar -libraryjars hunxiao\a\resources.jar -libraryjars hunxiao\a\rt.jar -libraryjars hunxiao\a\servlet-api.jar -libraryjars hunxiao\a\shiro-all-1.2.3.jar -libraryjars hunxiao\a\slf4j-api-1.6.1.jar -libraryjars hunxiao\a\slf4j-log4j12-1.6.1.jar -libraryjars hunxiao\a\sqlite-jdbc-3.7.2.jar -libraryjars hunxiao\a\ssosdk-2.0-SNAPSHOT.jar -libraryjars hunxiao\a\TaxWsBean.jar
-target 1.6 -dontshrink -useuniqueclassmembernames -keeppackagenames -keepattributes Exceptions,InnerClasses,Signature,Deprecated,SourceFile,LineNumberTable,LocalVariable*Table,*Annotation*,Synthetic,EnclosingMethod -keepparameternames
#保留单个类 -keep public class net.easyunion.common.shiro.ShiroDbRealm -keep public class net.easyunion.common.filters.SetCharacterEncodingFilter -keep public class net.easyunion.common.queue.MakeQueue
#保留所有控制类(如果是SSH三大框架,由于页面发出请求到struts核心拦截器拦截之后,找到配置文件,配置文件必须对应action里面的类和方法,这里就不能混淆类和方法,所以所有的action类包括里面的方法都不需要混淆,按照如下方式设置就行,保留所有的Action类名和方法名) -keep public class net.easyunion.app.invoice.controller.* {*;} -keep public class net.easyunion.app.sysseting.controller.* {*;} -keep public class net.easyunion.app.system.controller.* {*;} -keep public class net.easyunion.app.system.model.* {*;} -keep public class net.easyunion.app.supplier.controller.* {*;} -keep public class net.easyunion.common.controller.* {*;}
-keep public class net.easyunion.app.Config
# Keep names - Native method names. Keep all native class/method names. -keepclasseswithmembers,includedescriptorclasses,allowshrinking class * { native }
# Keep names - _class method names. Keep all .class method names. This may be # useful for libraries that will be obfuscated again with different obfuscators. -keepclassmembers,allowshrinking class * { java.lang.Class class$(java.lang.String); java.lang.Class class$(java.lang.String,boolean); }
# Remove - System method calls. Remove all invocations of System # methods without side effects whose return values are not used. -assumenosideeffects public class java.lang.System { public static long currentTimeMillis(); static java.lang.Class getCallerClass(); public static int identityHashCode(java.lang.Object); public static java.lang.SecurityManager getSecurityManager(); public static java.util.Properties getProperties(); public static java.lang.String getProperty(java.lang.String); public static java.lang.String getenv(java.lang.String); public static java.lang.String mapLibraryName(java.lang.String); public static java.lang.String getProperty(java.lang.String,java.lang.String); }
# Remove - Math method calls. Remove all invocations of Math # methods without side effects whose return values are not used. -assumenosideeffects public class java.lang.Math { public static double sin(double); public static double cos(double); public static double tan(double); public static double asin(double); public static double acos(double); public static double atan(double); public static double toRadians(double); public static double toDegrees(double); public static double exp(double); public static double log(double); public static double log10(double); public static double sqrt(double); public static double cbrt(double); public static double IEEEremainder(double,double); public static double ceil(double); public static double floor(double); public static double rint(double); public static double atan2(double,double); public static double pow(double,double); public static int round(float); public static long round(double); public static double random(); public static int abs(int); public static long abs(long); public static float abs(float); public static double abs(double); public static int max(int,int); public static long max(long,long); public static float max(float,float); public static double max(double,double); public static int min(int,int); public static long min(long,long); public static float min(float,float); public static double min(double,double); public static double ulp(double); public static float ulp(float); public static double signum(double); public static float signum(float); public static double sinh(double); public static double cosh(double); public static double tanh(double); public static double hypot(double,double); public static double expm1(double); public static double log1p(double); }
# Remove - Number method calls. Remove all invocations of Number # methods without side effects whose return values are not used. -assumenosideeffects public class java.lang.* extends java.lang.Number { public static java.lang.String toString(byte); public static java.lang.Byte valueOf(byte); public static byte parseByte(java.lang.String); public static byte parseByte(java.lang.String,int); public static java.lang.Byte valueOf(java.lang.String,int); public static java.lang.Byte valueOf(java.lang.String); public static java.lang.Byte decode(java.lang.String); public int compareTo(java.lang.Byte); public static java.lang.String toString(short); public static short parseShort(java.lang.String); public static short parseShort(java.lang.String,int); public static java.lang.Short valueOf(java.lang.String,int); public static java.lang.Short valueOf(java.lang.String); public static java.lang.Short valueOf(short); public static java.lang.Short decode(java.lang.String); public static short reverseBytes(short); public int compareTo(java.lang.Short); public static java.lang.String toString(int,int); public static java.lang.String toHexString(int); public static java.lang.String toOctalString(int); public static java.lang.String toBinaryString(int); public static java.lang.String toString(int); public static int parseInt(java.lang.String,int); public static int parseInt(java.lang.String); public static java.lang.Integer valueOf(java.lang.String,int); public static java.lang.Integer valueOf(java.lang.String); public static java.lang.Integer valueOf(int); public static java.lang.Integer getInteger(java.lang.String); public static java.lang.Integer getInteger(java.lang.String,int); public static java.lang.Integer getInteger(java.lang.String,java.lang.Integer); public static java.lang.Integer decode(java.lang.String); public static int highestOneBit(int); public static int lowestOneBit(int); public static int numberOfLeadingZeros(int); public static int numberOfTrailingZeros(int); public static int bitCount(int); public static int rotateLeft(int,int); public static int rotateRight(int,int); public static int reverse(int); public static int signum(int); public static int reverseBytes(int); public int compareTo(java.lang.Integer); public static java.lang.String toString(long,int); public static java.lang.String toHexString(long); public static java.lang.String toOctalString(long); public static java.lang.String toBinaryString(long); public static java.lang.String toString(long); public static long parseLong(java.lang.String,int); public static long parseLong(java.lang.String); public static java.lang.Long valueOf(java.lang.String,int); public static java.lang.Long valueOf(java.lang.String); public static java.lang.Long valueOf(long); public static java.lang.Long decode(java.lang.String); public static java.lang.Long getLong(java.lang.String); public static java.lang.Long getLong(java.lang.String,long); public static java.lang.Long getLong(java.lang.String,java.lang.Long); public static long highestOneBit(long); public static long lowestOneBit(long); public static int numberOfLeadingZeros(long); public static int numberOfTrailingZeros(long); public static int bitCount(long); public static long rotateLeft(long,int); public static long rotateRight(long,int); public static long reverse(long); public static int signum(long); public static long reverseBytes(long); public int compareTo(java.lang.Long); public static java.lang.String toString(float); public static java.lang.String toHexString(float); public static java.lang.Float valueOf(java.lang.String); public static java.lang.Float valueOf(float); public static float parseFloat(java.lang.String); public static boolean isNaN(float); public static boolean isInfinite(float); public static int floatToIntBits(float); public static int floatToRawIntBits(float); public static float intBitsToFloat(int); public static int compare(float,float); public boolean isNaN(); public boolean isInfinite(); public int compareTo(java.lang.Float); public static java.lang.String toString(double); public static java.lang.String toHexString(double); public static java.lang.Double valueOf(java.lang.String); public static java.lang.Double valueOf(double); public static double parseDouble(java.lang.String); public static boolean isNaN(double); public static boolean isInfinite(double); public static long doubleToLongBits(double); public static long doubleToRawLongBits(double); public static double longBitsToDouble(long); public static int compare(double,double); public boolean isNaN(); public boolean isInfinite(); public int compareTo(java.lang.Double); public byte byteValue(); public short shortValue(); public int intValue(); public long longValue(); public float floatValue(); public double doubleValue(); public int compareTo(java.lang.Object); public boolean equals(java.lang.Object); public int hashCode(); public java.lang.String toString(); }
# Remove - String method calls. Remove all invocations of String # methods without side effects whose return values are not used. -assumenosideeffects public class java.lang.String { public static java.lang.String copyValueOf(char[]); public static java.lang.String copyValueOf(char[],int,int); public static java.lang.String valueOf(boolean); public static java.lang.String valueOf(char); public static java.lang.String valueOf(char[]); public static java.lang.String valueOf(char[],int,int); public static java.lang.String valueOf(double); public static java.lang.String valueOf(float); public static java.lang.String valueOf(int); public static java.lang.String valueOf(java.lang.Object); public static java.lang.String valueOf(long); public boolean contentEquals(java.lang.StringBuffer); public boolean endsWith(java.lang.String); public boolean equalsIgnoreCase(java.lang.String); public boolean equals(java.lang.Object); public boolean matches(java.lang.String); public boolean regionMatches(boolean,int,java.lang.String,int,int); public boolean regionMatches(int,java.lang.String,int,int); public boolean startsWith(java.lang.String); public boolean startsWith(java.lang.String,int); public byte[] getBytes(); public byte[] getBytes(java.lang.String); public char charAt(int); public char[] toCharArray(); public int compareToIgnoreCase(java.lang.String); public int compareTo(java.lang.Object); public int compareTo(java.lang.String); public int hashCode(); public int indexOf(int); public int indexOf(int,int); public int indexOf(java.lang.String); public int indexOf(java.lang.String,int); public int lastIndexOf(int); public int lastIndexOf(int,int); public int lastIndexOf(java.lang.String); public int lastIndexOf(java.lang.String,int); public int length(); public java.lang.CharSequence subSequence(int,int); public java.lang.String concat(java.lang.String); public java.lang.String replaceAll(java.lang.String,java.lang.String); public java.lang.String replace(char,char); public java.lang.String replaceFirst(java.lang.String,java.lang.String); public java.lang.String[] split(java.lang.String); public java.lang.String[] split(java.lang.String,int); public java.lang.String substring(int); public java.lang.String substring(int,int); public java.lang.String toLowerCase(); public java.lang.String toLowerCase(java.util.Locale); public java.lang.String toString(); public java.lang.String toUpperCase(); public java.lang.String toUpperCase(java.util.Locale); public java.lang.String trim(); }
# Remove - StringBuffer method calls. Remove all invocations of StringBuffer # methods without side effects whose return values are not used. -assumenosideeffects public class java.lang.StringBuffer { public java.lang.String toString(); public char charAt(int); public int capacity(); public int codePointAt(int); public int codePointBefore(int); public int indexOf(java.lang.String,int); public int lastIndexOf(java.lang.String); public int lastIndexOf(java.lang.String,int); public int length(); public java.lang.String substring(int); public java.lang.String substring(int,int); }
# Remove - StringBuilder method calls. Remove all invocations of StringBuilder # methods without side effects whose return values are not used. -assumenosideeffects public class java.lang.StringBuilder { public java.lang.String toString(); public char charAt(int); public int capacity(); public int codePointAt(int); public int codePointBefore(int); public int indexOf(java.lang.String,int); public int lastIndexOf(java.lang.String); public int lastIndexOf(java.lang.String,int); public int length(); public java.lang.String substring(int); public java.lang.String substring(int,int); } |
12)手动设置完成后保存,然后重新打开progrard,执行 bin目录下的proguardgui.bat。
点击第一个选项“Proguard”,再点击“Load configuration”,选择我们刚才保存的“1111111.pro”进行加载。
13)然后点击Process,然后点击View configuration查看是否是已经修改过后的配置文件。
14) 确认是最新修改过的配置文件,然后点击process!开始混淆。。
如下图,表示混淆成功。。
15)我们可以用jd-gui反编译工具看看混淆后的效果。可以看到,之前设置不混淆的类都没有更换类名,而混淆的类都自动更换为a,b,c等类名了。到此,整个java项目混淆就成功了,然后把混淆成功的class文件拷贝到自己的web项目中,替换原先的class文件,然后用tomcat跑项目,发现和正常的class文件运行效果一样,项目正常运行。
16)说明下配置
参数:
-include {filename} 从给定的文件中读取配置参数
-basedirectory {directoryname} 指定基础目录为以后相对的档案名称
-injars {class_path} 指定要处理的应用程序jar,war,ear和目录
-outjars {class_path} 指定处理完后要输出的jar,war,ear和目录的名称
-libraryjars {classpath} 指定要处理的应用程序jar,war,ear和目录所需要的程序库文件
-dontskipnonpubliclibraryclasses 指定不去忽略非公共的库类。
-dontskipnonpubliclibraryclassmembers 指定不去忽略包可见的库类的成员。
保留选项
-keep {Modifier} {class_specification} 保护指定的类文件和类的成员
-keepclassmembers {modifier} {class_specification} 保护指定类的成员,如果此类受到保护他们会保护的更好
-keepclasseswithmembers {class_specification} 保护指定的类和类的成员,但条件是所有指定的类和类成员是要存在。
-keepnames {class_specification} 保护指定的类和类的成员的名称(如果他们不会压缩步骤中删除)
-keepclassmembernames {class_specification} 保护指定的类的成员的名称(如果他们不会压缩步骤中删除)
-keepclasseswithmembernames {class_specification} 保护指定的类和类的成员的名称,如果所有指定的类成员出席(在压缩步骤之后)
-printseeds {filename} 列出类和类的成员-keep选项的清单,标准输出到给定的文件
压缩
-dontshrink 不压缩输入的类文件
-printusage {filename}
-whyareyoukeeping {class_specification}
优化
-dontoptimize 不优化输入的类文件
-assumenosideeffects {class_specification} 优化时假设指定的方法,没有任何副作用
-allowaccessmodification 优化时允许访问并修改有修饰符的类和类的成员
混淆
-dontobfuscate 不混淆输入的类文件
-printmapping {filename}
-applymapping {filename} 重用映射增加混淆
-obfuscationdictionary {filename} 使用给定文件中的关键字作为要混淆方法的名称
-overloadaggressively 混淆时应用侵入式重载
-useuniqueclassmembernames 确定统一的混淆类的成员名称来增加混淆
-flattenpackagehierarchy {package_name} 重新包装所有重命名的包并放在给定的单一包中
-repackageclass {package_name} 重新包装所有重命名的类文件中放在给定的单一包中
-dontusemixedcaseclassnames 混淆时不会产生形形色色的类名
-keepattributes {attribute_name,...} 保护给定的可选属性,例如LineNumberTable, LocalVariableTable, SourceFile, Deprecated, Synthetic, Signature, and InnerClasses.
-renamesourcefileattribute {string} 设置源文件中给定的字符串常量