ProGuard Detailed - Java Code Obfuscation

Mobile 2023-05-07 21:05:01 views: null

ProGuard Detailed - Java Code Obfuscation

1. Java code obfuscation usage scenarios - proguard

1.1 Confused usage scenarios

   In engineering applications, we often encounter core codes that we don’t want to be copied by others, but the system is developed in java, which cannot avoid being decompiled. This can be solved by code obfuscation.
   After investigating the mainstream third-party obfuscation tools, I found that only ProGuard is used the most, and the version has been updated and maintained, and there are more functions, so I plan to use this to confuse.

1.2 Introduction to proguard

   ProGuard is a Java class file shrinker, optimizer, obfuscator and prevalidator. These can make the codebase smaller, more efficient, and better resistant to reverse engineering.
   proguard includes four functions:
(1) shrinker - Java class file shrinker:
   detect and remove unused classes, variables, methods and attributes.
(2) optimizer - Java class file optimizer:
   analyze and optimize the bytecode of the method, non-entry node classes will add private/static/final, unused parameters will be deleted, and some methods may become internal link code.
(3) obfuscator: The obfuscator
   renames the class name, variable name, and method name of the non-entry class with a short and non-semantic name. The name of the entry class remains the same.
(4) preverifier : The preverifier
   preverifies whether the code conforms to the Java1.6 or higher specification (the only step that is not related to the entry class).
Note: If you use reflection in your code, you need to set the class, variable, and method called by reflection as the entry node. Just add -keep. (will talk about below)

In addition to proguard, there is also a DexGuard, which is specially used to optimize and confuse Android applications. Its functions include resource obfuscation, string encryption, class encryption and dex file splitting, etc. It directly generates Dalvik bytecode when android is compiled.

1.3 proguard download

   Proguard official website: https://www.guardsquare.com/proguard .

Two, proguard use example

Note: I am using proguard6.1.1 version here

Download the version of proguard6.1.1, unzip it and execute the file proguard6.1.1\bin\proguardgui.bat to open the software

2.1 run

 The place marked in the red box in the figure below needs to be specially set, and other places can be defaulted
1. Click next to enter the next step
1

2.2 Set Input/Output

3
1. "Add input": Select the jar file to be confused
2. "Add output": Set the path and name of the saved file after confusion

(1) If the name of the obfuscated project does not need to be changed, specify a directory location, and the obfuscated project will be automatically placed in the specified directory: (2) If the name of the obfuscated project needs to be
8
changed, an empty jar file needs to be created here. Export saved after specifying obfuscation.
How to create an empty jar file?
  window+R
  -> cmd to enter the command line interface
  -> e: (to enter the disk to be operated)
   -> cd the directory of the file to be created
   -> enter the command: jar cf 文件名.jar input-file(s-这里需要空文件,所以设置为空)
8
After execution, the following file will appear:
9
Note: There may be other setting methods

3. The following "Add": add all the dependent j packages used in your project, including all dependent references and java dependencies

1. How do you know which dependencies your project uses?
(1) java project or Gwt project:
Right-click the project -> properties -> Java Build Path to view dependent projects and reference jar packages
2
(2) maven project:
add this section of configuration to the pom. Dependencies are exported to the specified directory. After Maven install, all dependencies will be exported in the target\lib directory, and these jar packages will be added to "Add":
3

2. Note: The dependency of java requires you to add it in the Java\jdk1.8.0\jre\lib directory.
How to find the java jdk directory?
–> Command line input:java -verbose
9

4. Click next to enter the next step

2.3 shrinking - shrink parameter setting

1. Set keep
2. Click next to enter the next step

The main Keep option here is to choose according to your own situation. For example, choose Application for applications, Libraries for WEB projects, and Android, etc., according to your own situation, and then next

5

2.4 obfuscating - configure obfuscating rules

1. Set the output map log file location:

  The map file is an empty .txt file. When the program is executed, the obfuscation mapping log data that prints the original name to the obfuscated name will be automatically stored in the file.

2. Select the obfuscation parameters according to your own needs

Parameter Description:
6

3. Click next to enter the next step.
My configuration here is as follows:
10

2.5 optimization - class file optimization

   There are no special settings here, use its default settings

 If the program does not run normally after confusion, you can turn off the Optimize option. Anyway, what we are most concerned about is obfuscation and preventing decompilation, code optimization is not very important.

Click next to go to the next step
7

2.6 information

1. Set java version: Target can choose JDK version
2. Click next to enter the next step

Note: Ignore warnings about possibly erronous input. If you are confused and cannot continue because of warnings, you can check this option. Others can be selected by default, and then the next step.

7

2.7 process

1. Click the "Save configuration..." button: .pro txt file to save the configuration file.
2. Click Process to confuse, and if you see Processing completed successfully, it means success.
8
9
An example map log after success is as follows:
10

2.8 Abnormal re-operation

  If the process shows that it is not successful or obfuscation is required in the future, you can load the .pro file saved in Section 2.7, and the tool will automatically set the obfuscation parameters.

   If you make a mistake in the confusion, go back and check whether there is a problem with each configuration, or if you understand the meaning of the tool configuration items, you can directly modify the configuration file saved above, and then re-Load configuration to use the modified configuration file to perform the obfuscation operation.

11

Reference link: https://blog.csdn.net/kouwoo/article/details/106938939

Guess you like

Origin blog.csdn.net/weixin_44462773/article/details/124172382
Recommended
NetBSD bans submission of code generated by AI
Ranking
Talk dubbo of LRUCache
Chapter 1 Learning Summary
Introduction to Virtualization
pytorch 调用lstm
Six modules
[8086] The natural number of 1 to 36 into a 6x6 two-dimensional array of line-sequentially, and then print out the lower left half of the triangular array
mybatis mapper mapping file $ # {} {} understanding and
C language input and output buffer
c language floating-point input and output
andorid P version compatible, refer to Huawei
Daily
More
2024-05-18(31)
2024-05-17(6)
2024-05-16(23)
2024-05-15(5)
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)

Code World

© 2018 codetd.com