springboot项目使用proguard配置代码混淆
代码混淆是一些软件开发过程中必不可少的步骤。
常用的代码混淆技术有
proguard maven plugin ,
yguard maven plugin,
procyon maven plugin,
dex maven plugin .
这些代码混淆技术大同小异,都是对maven打包生成class时进行干预,来完成对java字节码的代码混淆。
本文以springboot项目使用proguard为例,讲一下如何使用proguard完成代码混淆。
物料准备:
1.pom引入proguard-maven-plugin插件
2.在proguard.cfg配置文件里设置具体的代码混淆配置
3.maven package 打包测试
pom.xml配置proguard插件
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>cn.thinkpet</groupId>
<artifactId>springboot-app-scaffold</artifactId>
<version>0.0.1-SNAPSHOT</version>
<name>springboot-app-scaffold</name>
<description>Demo project for Spring Boot</description>
<properties>
<java.version>1.8</java.version>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
<spring-boot.version>2.4.2</spring-boot.version>
</properties>
<dependencies>
<dependency>
<groupId>cn.hutool</groupId>
<artifactId>hutool-all</artifactId>
<version>5.8.16</version>
</dependency>
<dependency>
<groupId>org.dom4j</groupId>
<artifactId>dom4j</artifactId>
<version>2.0.0</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-validation</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-configuration-processor</artifactId>
</dependency>
<dependency>
<groupId>org.apache.cxf</groupId>
<artifactId>cxf-spring-boot-starter-jaxws</artifactId>
<version>3.2.4</version>
</dependency>
<dependency>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
<optional>true</optional>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
</dependencies>
<dependencyManagement>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-dependencies</artifactId>
<version>${spring-boot.version}</version>
<type>pom</type>
<scope>import</scope>
</dependency>
</dependencies>
</dependencyManagement>
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<version>3.8.1</version>
<configuration>
<source>1.8</source>
<target>1.8</target>
<encoding>UTF-8</encoding>
</configuration>
</plugin>
<!--
注意maven插件需要配置到plugins标签下
-->
<plugin>
<!-- 这里引入的是2.6.0版本的proguard maven插件 --> <groupId>com.github.wvengen</groupId>
<artifactId>proguard-maven-plugin</artifactId>
<version>2.6.0</version>
<executions>
<execution>
<phase>package</phase>
<goals>
<goal>proguard</goal>
</goals>
</execution>
</executions>
<configuration>
<!-- 这里要指定一下proguard的版本
2.6.0版本的proguard-maven-plugin
对应的 proguard-base版本是7.2.2
所以这里要声明使用的是7.2.2的proguardVersion
--> <proguardVersion>7.2.2</proguardVersion>
<!--
输入的jar
--> <injar>${project.build.finalName}.jar</injar>
<!--
输出的jar
--> <outjar>${project.build.finalName}.jar</outjar>
<!--
详细的代码混淆配置在
配置文件proguard.cfg里展示
--> <proguardInclude>${project.basedir}/proguard.cfg</proguardInclude>
<!--
代码混淆需要引入的jdk里的部分jar
-->
<libs>
<lib>${java.home}/lib/rt.jar</lib>
<lib>${java.home}/lib/jce.jar</lib>
<lib>${java.home}/lib/jsse.jar</lib>
</libs>
<!--
输出目录,配置target目录即可
--> <outputDirectory>${project.basedir}/target</outputDirectory>
</configuration>
</plugin>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
<version>${spring-boot.version}</version>
<executions>
<execution>
<id>repackage</id>
<goals>
<goal>repackage</goal>
</goals>
<configuration>
<mainClass>cn.thinkpet.springbootappscaffold.SpringbootAppScaffoldApplication</mainClass>
</configuration>
</execution>
</executions>
<configuration>
<addResources>true</addResources>
</configuration>
</plugin>
</plugins>
<resources>
<resource>
<directory>src/main/java</directory>
<includes>
<include>**/*.properties</include>
<include>**/*.xml</include>
</includes>
<filtering>false</filtering>
</resource>
<resource>
<directory>src/main/resources</directory>
<includes>
<include>**/*.properties</include>
<include>**/*.xml</include>
<include>**/*.yml</include>
<include>**/Dockerfile</include>
<include>**/*.xdb</include>
<include>**/*.xlsx</include>
</includes>
<filtering>false</filtering>
</resource>
</resources>
</build>
</project>
配置proguard.cfg文件
需要注意这个文件要配置到maven项目的根目录下
#jdk版本1.8
#-target 1.8
#不做收缩(不删除注释以及未被引用的代码)
-dontshrink
#不做优化(不变更代码实现逻辑)
-dontoptimize
#-dontobfuscate
#-microedition
#不使用大小写混合,混淆后的类名为小写
-dontusemixedcaseclassnames
#使用唯一的类名来混淆
-useuniqueclassmembernames
#允许访问并修改有修饰符的类和类的成员
-allowaccessmodification
#保持 包名不变
-keeppackagenames
#需要保持的属性:异常,内部类,注解等
-keepattributes Exceptions,InnerClass,Signature,Deprecated,SourceFile,LineNumberTable,LocalVariable*Table,*Annotation*,Synthetic,EnclosingMethod
#spring 相关的注解,不要混淆
-keepclassmembers class * {
@org.springframework.** *;
@org.springframework.beans.factory.annotation.Autowired <fields>;
@org.springframework.beans.factory.annotation.Autowired <methods>;
@javax.annotation.PostConstruct *;
@javax.annotation.PreDestroy *;
@javax.annotation.Resource *;
@org.springframework.scheduling.annotation.Async <methods>;
}
#不混淆所有的get/set方法
-keepclassmembers public class *{
void set*(***); *** get*();
}
-keepnames interface ** {*;}
-keep interface * extends * {*;}
-keepparameternames
-keepclassmembers enum * {*;}
# 保持启动类不变
-keep public class cn.thinkpet.springbootappscaffold.SpringbootAppScaffoldApplication {*;}
#不混淆被Component等注解标记的类
-keep @org.springframework.stereotype.Component class * {*;}
-keep @org.springframework.stereotype.Service class * {*;}
-keep @org.springframework.web.bind.annotation.RestController class * {*;}
-keep @org.springframework.context.annotation.Configuration class * {*;}
#-keep @org.aspectj.lang.annotation.Aspect class * {*;}
-adaptclassstrings
#跳过非公共库的类
-skipnonpubliclibraryclasses
#忽略警告
-ignorewarnings
-dontnote
# 打印配置内容
-printconfiguration
# 配置不混淆某些类
-keep class org.slf4j.** {*;}
打包测试
执行命令
mvn clean package -DskipTests
观察控制台,等待打包完成后,看下target目录如下
图中的
springboot-app-springbootappscaffold-0.0.1-SNAPSHOT.jar 即为代码混淆后的jar包
proguard_map.txt里记录了jar里哪些代码被混淆了,
如Apple.class 被混淆成 a.class 这种详细的内容 ,它是依据proguard.cfg里配置的项目来进行代码混淆的。
![[学习笔记] [机器学习] 10. 支持向量机 SVM(SVM 算法原理、SVM API介绍、SVM 损失函数、SVM 回归、手写数字识别)](https://img-blog.csdnimg.cn/4e43dc8db4264b45b7591f5a4a7bda2d.png#pic_center)
![[n00bzCTF 2023] CPR 最后还是差一个](https://img-blog.csdnimg.cn/9984f416418e43e7837cde50f299679b.png)
