最近公司有一个项目,是外包项目,由于对方也有技术人员,出于技术上的保密,需要对class文件进行二次处理,于是网上找了好久,只发现Proguard是用的最广泛而且网上资料最多的。由于不是纯JAVA项目,而是WEB项目,涉及到大量的配置文件,所以用这个工具稍显吃力,于是开始研究这玩意,花了好长一段时间,重复试验了N次,终于整出来了,下面总结一下我的经验。。

首先我介绍下我要混淆的项目框架是jeecg easyui spring(包含xml配置文件,导致部分class文件不能直接混淆)。下面开始说详细的操作步奏:

1)将web项目的src目录的java文件打包,只需要选择java文件即可,其他配置文件什么的都不用选择,如图


2)http://proguard.sourceforge.net/下载proguard,目前我下载并使用的是proguard5.1(注:本人下载频道也有proguard5.1)。

3)解压proguard5.1,执行 bin目录下的proguardgui.bat


然后会弹出如下图所示窗口


4)点击左边“input/output”菜单,然后点击右边的“Add input”按钮,添加需要混淆的jar包,我这里是test.jar,然后点击“add output”,选择输出的路径和包名。


5)下面开始添加支持库,这个地方很重要,很多同学刚开始使用这个工具的时候就是这里老是出问题。
点击右边的“add”。


说明一下,这里最好把你的eclipse里java project里的libraries所有Library的jar包,包含web项目lib下面的包,jdk中jre下面的包和servlet.jar包等copy到一个目录,然后在这里加入这些jar包。系统默认会带上rt.jar,这里我们可以先remove掉,然后到jre下面copy所有的包。


6)点击“shrinking”,设置成如图所示。


7)点击“obfuscation”,设置如图所示


8)点击“optimization”设置如图所示

9)点击information,设置如图所示,注意选择jdk版本(Target


10) 点击“process”,再点击“save configuration”,在弹出的对话框中,输入要保存的配置文件名称(这里我的是1111111.pro),最后点击保存”.



11) 设置基本完成,关掉proguard窗口,找到刚刚保存的配置文件,开始手动修改部分配置。

以下是我的配置文件,经测试通过,手动修改的部分为红色字体

-injars Test\test.jar

-outjars Test\test--.jar

-libraryjars 'D:\jdk1.6.0_45\jre\lib\rt.jar'

-libraryjars hunxiao\a\activation-1.1.jar

-libraryjars hunxiao\a\activiti-cxf-5.10.jar

-libraryjars hunxiao\a\activiti-engine-5.10.jar

-libraryjars hunxiao\a\activiti-spring-5.10.jar

-libraryjars hunxiao\a\alt-rt.jar

-libraryjars hunxiao\a\alt-string.jar

-libraryjars hunxiao\a\aopalliance-1.0.jar

-libraryjars hunxiao\a\c3p0-0.9.1.2.jar

-libraryjars hunxiao\a\charsets.jar

-libraryjars hunxiao\a\commons-beanutils-1.9.1.jar

-libraryjars hunxiao\a\commons-codec-1.9.jar

-libraryjars hunxiao\a\commons-collections-3.2.1.jar

-libraryjars hunxiao\a\commons-digester-1.7.jar

-libraryjars hunxiao\a\commons-digester3-3.2.jar

-libraryjars hunxiao\a\commons-io-2.0.1.jar

-libraryjars hunxiao\a\commons-lang3-3.3.jar

-libraryjars hunxiao\a\commons-logging-1.1.3.jar

-libraryjars hunxiao\a\cos-26Dec2008.jar

-libraryjars hunxiao\a\deploy.jar

-libraryjars hunxiao\a\dom4j-1.6.1.jar

-libraryjars hunxiao\a\druid-0.2.6.jar

-libraryjars hunxiao\a\edtftpj.jar

-libraryjars hunxiao\a\ehcache-core-2.5.2.jar

-libraryjars hunxiao\a\fastjson-1.2.0.jar

-libraryjars hunxiao\a\fprzMock.jar

-libraryjars hunxiao\a\freemarker-2.3.16.jar

-libraryjars hunxiao\a\groovy-all-1.5.5.jar

-libraryjars hunxiao\a\guava-16.0.1.jar

-libraryjars hunxiao\a\hessian-4.0.7.jar

-libraryjars hunxiao\a\itext-2.1.7.jar

-libraryjars hunxiao\a\iTextAsian-2.1.jar

-libraryjars hunxiao\a\jasperreports-3.7.4.jar

-libraryjars hunxiao\a\javaws.jar

-libraryjars hunxiao\a\javax.servlet.jsp.jstl-1.2.0.v201105211821.jar

-libraryjars hunxiao\a\jce.jar

-libraryjars hunxiao\a\jfinal-1.6-bin-with-src.jar

-libraryjars hunxiao\a\jfinal-ext-eu.jar

-libraryjars hunxiao\a\jna-4.1.0.jar

-libraryjars hunxiao\a\jna-platform-4.1.0.jar

-libraryjars hunxiao\a\joda-time-2.1.jar

-libraryjars hunxiao\a\joor-0.9.3.jar

-libraryjars hunxiao\a\jsse.jar

-libraryjars hunxiao\a\jxls-core-0.9.9.jar

-libraryjars hunxiao\a\kaptcha-2.3.2.jar

-libraryjars hunxiao\a\log4j-1.2.16.jar

-libraryjars hunxiao\a\management-agent.jar

-libraryjars hunxiao\a\mybatis-3.1.1.jar

-libraryjars hunxiao\a\mysql-connector-java-5.1.20-bin.jar

-libraryjars hunxiao\a\ojdbc6.jar

-libraryjars hunxiao\a\org.apache.taglibs.standard.glassfish-1.2.0.v201112081803.jar

-libraryjars hunxiao\a\org.springframework.aop-3.1.1.RELEASE.jar

-libraryjars hunxiao\a\org.springframework.asm-3.1.1.RELEASE.jar

-libraryjars hunxiao\a\org.springframework.aspects-3.1.1.RELEASE.jar

-libraryjars hunxiao\a\org.springframework.beans-3.1.1.RELEASE.jar

-libraryjars hunxiao\a\org.springframework.context-3.1.1.RELEASE.jar

-libraryjars hunxiao\a\org.springframework.context.support-3.1.1.RELEASE.jar

-libraryjars hunxiao\a\org.springframework.core-3.1.1.RELEASE.jar

-libraryjars hunxiao\a\org.springframework.expression-3.1.1.RELEASE.jar

-libraryjars hunxiao\a\org.springframework.instrument-3.1.1.RELEASE.jar

-libraryjars hunxiao\a\org.springframework.instrument.tomcat-3.1.1.RELEASE.jar

-libraryjars hunxiao\a\org.springframework.jdbc-3.1.1.RELEASE.jar

-libraryjars hunxiao\a\org.springframework.jms-3.1.1.RELEASE.jar

-libraryjars hunxiao\a\org.springframework.org.apache.commons.logging-1.1.1.jar

-libraryjars hunxiao\a\org.springframework.orm-3.1.1.RELEASE.jar

-libraryjars hunxiao\a\org.springframework.oxm-3.1.1.RELEASE.jar

-libraryjars hunxiao\a\org.springframework.test-3.1.1.RELEASE.jar

-libraryjars hunxiao\a\org.springframework.transaction-3.1.1.RELEASE.jar

-libraryjars hunxiao\a\org.springframework.web-3.1.1.RELEASE.jar

-libraryjars hunxiao\a\org.springframework.web.portlet-3.1.1.RELEASE.jar

-libraryjars hunxiao\a\org.springframework.web.servlet-3.1.1.RELEASE.jar

-libraryjars hunxiao\a\plugin.jar

-libraryjars hunxiao\a\poi-3.9.jar

-libraryjars hunxiao\a\quartz-1.8.6.jar

-libraryjars hunxiao\a\resources.jar

-libraryjars hunxiao\a\rt.jar

-libraryjars hunxiao\a\servlet-api.jar

-libraryjars hunxiao\a\shiro-all-1.2.3.jar

-libraryjars hunxiao\a\slf4j-api-1.6.1.jar

-libraryjars hunxiao\a\slf4j-log4j12-1.6.1.jar

-libraryjars hunxiao\a\sqlite-jdbc-3.7.2.jar

-libraryjars hunxiao\a\ssosdk-2.0-SNAPSHOT.jar

-libraryjars hunxiao\a\TaxWsBean.jar

-target 1.6

-dontshrink

-useuniqueclassmembernames

-keeppackagenames

-keepattributes Exceptions,InnerClasses,Signature,Deprecated,SourceFile,LineNumberTable,LocalVariable*Table,*Annotation*,Synthetic,EnclosingMethod

-keepparameternames

#保留单个类

-keep public class net.easyunion.common.shiro.ShiroDbRealm

-keep public class net.easyunion.common.filters.SetCharacterEncodingFilter

-keep public class net.easyunion.common.queue.MakeQueue

#保留所有控制类(如果是SSH三大框架,由于页面发出请求到struts核心拦截器拦截之后,找到配置文件,配置文件必须对应action里面的类和方法,这里就不能混淆类和方法,所以所有的action类包括里面的方法都不需要混淆,按照如下方式设置就行,保留所有的Action类名和方法名)

-keep public class net.easyunion.app.invoice.controller.* {*;}

-keep public class net.easyunion.app.sysseting.controller.* {*;}

-keep public class net.easyunion.app.system.controller.* {*;}

-keep public class net.easyunion.app.system.model.* {*;}

-keep public class net.easyunion.app.supplier.controller.* {*;}

-keep public class net.easyunion.common.controller.* {*;}

-keep public class net.easyunion.app.Config

# Keep names - Native method names. Keep all native class/method names.

-keepclasseswithmembers,includedescriptorclasses,allowshrinking class * {

native <methods>;

}

# Keep names - _class method names. Keep all .class method names. This may be

# useful for libraries that will be obfuscated again with different obfuscators.

-keepclassmembers,allowshrinking class * {

java.lang.Class class$(java.lang.String);

java.lang.Class class$(java.lang.String,boolean);

}

# Remove - System method calls. Remove all invocations of System

# methods without side effects whose return values are not used.

-assumenosideeffects public class java.lang.System {

public static long currentTimeMillis();

static java.lang.Class getCallerClass();

public static int identityHashCode(java.lang.Object);

public static java.lang.SecurityManager getSecurityManager();

public static java.util.Properties getProperties();

public static java.lang.String getProperty(java.lang.String);

public static java.lang.String getenv(java.lang.String);

public static java.lang.String mapLibraryName(java.lang.String);

public static java.lang.String getProperty(java.lang.String,java.lang.String);

}

# Remove - Math method calls. Remove all invocations of Math

# methods without side effects whose return values are not used.

-assumenosideeffects public class java.lang.Math {

public static double sin(double);

public static double cos(double);

public static double tan(double);

public static double asin(double);

public static double acos(double);

public static double atan(double);

public static double toRadians(double);

public static double toDegrees(double);

public static double exp(double);

public static double log(double);

public static double log10(double);

public static double sqrt(double);

public static double cbrt(double);

public static double IEEEremainder(double,double);

public static double ceil(double);

public static double floor(double);

public static double rint(double);

public static double atan2(double,double);

public static double pow(double,double);

public static int round(float);

public static long round(double);

public static double random();

public static int abs(int);

public static long abs(long);

public static float abs(float);

public static double abs(double);

public static int max(int,int);

public static long max(long,long);

public static float max(float,float);

public static double max(double,double);

public static int min(int,int);

public static long min(long,long);

public static float min(float,float);

public static double min(double,double);

public static double ulp(double);

public static float ulp(float);

public static double signum(double);

public static float signum(float);

public static double sinh(double);

public static double cosh(double);

public static double tanh(double);

public static double hypot(double,double);

public static double expm1(double);

public static double log1p(double);

}

# Remove - Number method calls. Remove all invocations of Number

# methods without side effects whose return values are not used.

-assumenosideeffects public class java.lang.* extends java.lang.Number {

public static java.lang.String toString(byte);

public static java.lang.Byte valueOf(byte);

public static byte parseByte(java.lang.String);

public static byte parseByte(java.lang.String,int);

public static java.lang.Byte valueOf(java.lang.String,int);

public static java.lang.Byte valueOf(java.lang.String);

public static java.lang.Byte decode(java.lang.String);

public int compareTo(java.lang.Byte);

public static java.lang.String toString(short);

public static short parseShort(java.lang.String);

public static short parseShort(java.lang.String,int);

public static java.lang.Short valueOf(java.lang.String,int);

public static java.lang.Short valueOf(java.lang.String);

public static java.lang.Short valueOf(short);

public static java.lang.Short decode(java.lang.String);

public static short reverseBytes(short);

public int compareTo(java.lang.Short);

public static java.lang.String toString(int,int);

public static java.lang.String toHexString(int);

public static java.lang.String toOctalString(int);

public static java.lang.String toBinaryString(int);

public static java.lang.String toString(int);

public static int parseInt(java.lang.String,int);

public static int parseInt(java.lang.String);

public static java.lang.Integer valueOf(java.lang.String,int);

public static java.lang.Integer valueOf(java.lang.String);

public static java.lang.Integer valueOf(int);

public static java.lang.Integer getInteger(java.lang.String);

public static java.lang.Integer getInteger(java.lang.String,int);

public static java.lang.Integer getInteger(java.lang.String,java.lang.Integer);

public static java.lang.Integer decode(java.lang.String);

public static int highestOneBit(int);

public static int lowestOneBit(int);

public static int numberOfLeadingZeros(int);

public static int numberOfTrailingZeros(int);

public static int bitCount(int);

public static int rotateLeft(int,int);

public static int rotateRight(int,int);

public static int reverse(int);

public static int signum(int);

public static int reverseBytes(int);

public int compareTo(java.lang.Integer);

public static java.lang.String toString(long,int);

public static java.lang.String toHexString(long);

public static java.lang.String toOctalString(long);

public static java.lang.String toBinaryString(long);

public static java.lang.String toString(long);

public static long parseLong(java.lang.String,int);

public static long parseLong(java.lang.String);

public static java.lang.Long valueOf(java.lang.String,int);

public static java.lang.Long valueOf(java.lang.String);

public static java.lang.Long valueOf(long);

public static java.lang.Long decode(java.lang.String);

public static java.lang.Long getLong(java.lang.String);

public static java.lang.Long getLong(java.lang.String,long);

public static java.lang.Long getLong(java.lang.String,java.lang.Long);

public static long highestOneBit(long);

public static long lowestOneBit(long);

public static int numberOfLeadingZeros(long);

public static int numberOfTrailingZeros(long);

public static int bitCount(long);

public static long rotateLeft(long,int);

public static long rotateRight(long,int);

public static long reverse(long);

public static int signum(long);

public static long reverseBytes(long);

public int compareTo(java.lang.Long);

public static java.lang.String toString(float);

public static java.lang.String toHexString(float);

public static java.lang.Float valueOf(java.lang.String);

public static java.lang.Float valueOf(float);

public static float parseFloat(java.lang.String);

public static boolean isNaN(float);

public static boolean isInfinite(float);

public static int floatToIntBits(float);

public static int floatToRawIntBits(float);

public static float intBitsToFloat(int);

public static int compare(float,float);

public boolean isNaN();

public boolean isInfinite();

public int compareTo(java.lang.Float);

public static java.lang.String toString(double);

public static java.lang.String toHexString(double);

public static java.lang.Double valueOf(java.lang.String);

public static java.lang.Double valueOf(double);

public static double parseDouble(java.lang.String);

public static boolean isNaN(double);

public static boolean isInfinite(double);

public static long doubleToLongBits(double);

public static long doubleToRawLongBits(double);

public static double longBitsToDouble(long);

public static int compare(double,double);

public boolean isNaN();

public boolean isInfinite();

public int compareTo(java.lang.Double);

public byte byteValue();

public short shortValue();

public int intValue();

public long longValue();

public float floatValue();

public double doubleValue();

public int compareTo(java.lang.Object);

public boolean equals(java.lang.Object);

public int hashCode();

public java.lang.String toString();

}

# Remove - String method calls. Remove all invocations of String

# methods without side effects whose return values are not used.

-assumenosideeffects public class java.lang.String {

public static java.lang.String copyValueOf(char[]);

public static java.lang.String copyValueOf(char[],int,int);

public static java.lang.String valueOf(boolean);

public static java.lang.String valueOf(char);

public static java.lang.String valueOf(char[]);

public static java.lang.String valueOf(char[],int,int);

public static java.lang.String valueOf(double);

public static java.lang.String valueOf(float);

public static java.lang.String valueOf(int);

public static java.lang.String valueOf(java.lang.Object);

public static java.lang.String valueOf(long);

public boolean contentEquals(java.lang.StringBuffer);

public boolean endsWith(java.lang.String);

public boolean equalsIgnoreCase(java.lang.String);

public boolean equals(java.lang.Object);

public boolean matches(java.lang.String);

public boolean regionMatches(boolean,int,java.lang.String,int,int);

public boolean regionMatches(int,java.lang.String,int,int);

public boolean startsWith(java.lang.String);

public boolean startsWith(java.lang.String,int);

public byte[] getBytes();

public byte[] getBytes(java.lang.String);

public char charAt(int);

public char[] toCharArray();

public int compareToIgnoreCase(java.lang.String);

public int compareTo(java.lang.Object);

public int compareTo(java.lang.String);

public int hashCode();

public int indexOf(int);

public int indexOf(int,int);

public int indexOf(java.lang.String);

public int indexOf(java.lang.String,int);

public int lastIndexOf(int);

public int lastIndexOf(int,int);

public int lastIndexOf(java.lang.String);

public int lastIndexOf(java.lang.String,int);

public int length();

public java.lang.CharSequence subSequence(int,int);

public java.lang.String concat(java.lang.String);

public java.lang.String replaceAll(java.lang.String,java.lang.String);

public java.lang.String replace(char,char);

public java.lang.String replaceFirst(java.lang.String,java.lang.String);

public java.lang.String[] split(java.lang.String);

public java.lang.String[] split(java.lang.String,int);

public java.lang.String substring(int);

public java.lang.String substring(int,int);

public java.lang.String toLowerCase();

public java.lang.String toLowerCase(java.util.Locale);

public java.lang.String toString();

public java.lang.String toUpperCase();

public java.lang.String toUpperCase(java.util.Locale);

public java.lang.String trim();

}

# Remove - StringBuffer method calls. Remove all invocations of StringBuffer

# methods without side effects whose return values are not used.

-assumenosideeffects public class java.lang.StringBuffer {

public java.lang.String toString();

public char charAt(int);

public int capacity();

public int codePointAt(int);

public int codePointBefore(int);

public int indexOf(java.lang.String,int);

public int lastIndexOf(java.lang.String);

public int lastIndexOf(java.lang.String,int);

public int length();

public java.lang.String substring(int);

public java.lang.String substring(int,int);

}

# Remove - StringBuilder method calls. Remove all invocations of StringBuilder

# methods without side effects whose return values are not used.

-assumenosideeffects public class java.lang.StringBuilder {

public java.lang.String toString();

public char charAt(int);

public int capacity();

public int codePointAt(int);

public int codePointBefore(int);

public int indexOf(java.lang.String,int);

public int lastIndexOf(java.lang.String);

public int lastIndexOf(java.lang.String,int);

public int length();

public java.lang.String substring(int);

public java.lang.String substring(int,int);

}


12)手动设置完成后保存,然后重新打开progrard,执行 bin目录下的proguardgui.bat。

点击第一个选项“Proguard”,再点击“Load configuration”,选择我们刚才保存的“1111111.pro”进行加载。



13然后点击Process,然后点击View configuration查看是否是已经修改过后的配置文件。


14) 确认是最新修改过的配置文件,然后点击process!开始混淆。。

如下图,表示混淆成功。。



15)我们可以用jd-gui反编译工具看看混淆后的效果。可以看到,之前设置不混淆的类都没有更换类名,而混淆的类都自动更换为a,b,c等类名了。到此,整个java项目混淆就成功了,然后把混淆成功的class文件拷贝到自己的web项目中,替换原先的class文件,然后用tomcat跑项目,发现和正常的class文件运行效果一样,项目正常运行。



16)说明下配置

参数:

-include {filename} 从给定的文件中读取配置参数
-basedirectory {directoryname} 指定基础目录为以后相对的档案名称
-injars {class_path} 指定要处理的应用程序jar,war,ear和目录
-outjars {class_path} 指定处理完后要输出的jar,war,ear和目录的名称
-libraryjars {classpath} 指定要处理的应用程序jar,war,ear和目录所需要的程序库文件
-dontskipnonpubliclibraryclasses 指定不去忽略非公共的库类。
-dontskipnonpubliclibraryclassmembers 指定不去忽略包可见的库类的成员。

保留选项

-keep {Modifier} {class_specification} 保护指定的类文件和类的成员
-keepclassmembers {modifier} {class_specification} 保护指定类的成员,如果此类受到保护他们会保护的更好
-keepclasseswithmembers {class_specification} 保护指定的类和类的成员,但条件是所有指定的类和类成员是要存在。
-keepnames {class_specification} 保护指定的类和类的成员的名称(如果他们不会压缩步骤中删除)
-keepclassmembernames {class_specification} 保护指定的类的成员的名称(如果他们不会压缩步骤中删除)
-keepclasseswithmembernames {class_specification} 保护指定的类和类的成员的名称,如果所有指定的类成员出席(在压缩步骤之后)
-printseeds {filename} 列出类和类的成员-keep选项的清单,标准输出到给定的文件

压缩

-dontshrink 不压缩输入的类文件
-printusage {filename}
-whyareyoukeeping {class_specification}

优化

-dontoptimize 不优化输入的类文件
-assumenosideeffects {class_specification} 优化时假设指定的方法,没有任何副作用
-allowaccessmodification 优化时允许访问并修改有修饰符的类和类的成员

混淆

-dontobfuscate 不混淆输入的类文件
-printmapping {filename}
-applymapping {filename} 重用映射增加混淆
-obfuscationdictionary {filename} 使用给定文件中的关键字作为要混淆方法的名称
-overloadaggressively 混淆时应用侵入式重载
-useuniqueclassmembernames 确定统一的混淆类的成员名称来增加混淆
-flattenpackagehierarchy {package_name} 重新包装所有重命名的包并放在给定的单一包中
-repackageclass {package_name} 重新包装所有重命名的类文件中放在给定的单一包中
-dontusemixedcaseclassnames 混淆时不会产生形形色色的类名
-keepattributes {attribute_name,...} 保护给定的可选属性,例如LineNumberTable, LocalVariableTable, SourceFile, Deprecated, Synthetic, Signature, and InnerClasses.
-renamesourcefileattribute {string} 设置源文件中给定的字符串常量