Spring Boot uses the Allatori code obfuscation method, springallatori
Allatori obfuscation Technology
Allatori is a Java obfuscator, which belongs to the second generation, so it can protect your intellectual property rights in an all-round way. Allatori offers the following protection methods: Name obfuscation, stream obfuscation, debugging information obfuscation, string obfuscation, and watermarking technology. This obfuscator is free for educational and non-commercial projects. Supports war and jar file formats, and allows you to add a valid date for applications that require obfuscation of code. Some projects need to protect the code. The preliminary solution is to confuse the code. After decompiling the packaged files, you can see the effect. In addition, the Package Size Using Allatori is smaller.
Engineering Introduction
A very common maven project, the difference is to add the Allatori jar package under the root directory.
Let's take a look at the pom. xml file:
<Project xmlns = "http://maven.apache.org/POM/4.0.0" xmlns: xsi = "http://www.w3.org/2001/XMLSchema-instance" xsi: schemaLocation = "http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> <modelVersion> 4.0.0 </modelVersion> <groupId> com. lovnx </groupId> <artifactId> confusion </artifactId> <version> 0.0.1-SNAPSHOT </version> <packaging> jar </packaging> <build> <plugins> <plugin> <groupId> Org. springframework. boot </groupId> <artifactId> spring-boot-maven-plugin </artifactId> </plugin> <! -- Allatori plugin start --> <plugin> <groupId> org. apache. maven. plugins </groupId> <artifactId> maven-resources-plugin </artifactId> <version> 2.6 </version> <executions> <execution> <id> copy-and-filter- allatori-config </id> <phase> package </phase> <goals> <goal> copy-resources </goal> </goals> <configuration> <outputDirectory >$ {basedir}/target </outputDirectory> <resources> <resource> <directory >$ {basedir }/ Allatori </directory> <includes> <include> allatori. xml </include> </includes> <filtering> true </filtering> </resource> </resources> </configuration> </execution> </executions> </plugin> <plugin> <groupId> org. codehaus. mojo </groupId> <artifactId> exec-maven-plugin </artifactId> <version> 1.2.1 </version> <executions> <execution> <id> run-allatori </id> <phase> package </phase> <goals> <goal> exec </goal> </goals> </Execution> </executions> <configuration> <executable> java </executable> <arguments> <argument>-Xms128m </argument> <argument>-Xmx512m </argument> <argument>-jar </argument> <argument >$ {basedir}/lib/allatori. jar </argument> <argument >$ {basedir}/target/allatori. xml </argument> </arguments> </configuration> </plugin> <! -- Allatori plugin end --> </plugins> </build> <dependencies> <! -- Test Begin --> <dependency> <groupId> junit </groupId> <artifactId> junit </artifactId> <scope> test </scope> </dependency> <! -- Test End --> <! -- Start springboot --> <dependency> <groupId> org. springframework. boot </groupId> <artifactId> spring-boot-starter-web </artifactId> </dependency> </dependencies> <parent> <groupId> org. springframework. boot </groupId> <artifactId> spring-boot-starter-parent </artifactId> <version> 1.5.8.RELEASE </version> </parent> </project>
The configuration of Allatori for the maven packaging plug-in and Spring Boot project is also described above. What is important in the Allatori configuration is:
<argument>${basedir}/lib/allatori.jar</argument><argument>${basedir}/target/allatori.xml</argument>
Specify the Allatori. jar file path of allatori. If your project is a pom project, you can put the lib directory in the parent project, and then the sub-project only needs:
<argument>../lib/allatori.jar</argument>
You can.
The allatori. xml file is also very important. Let's take a look at the content:
<config> <input> <jar in="confusion-0.0.1-SNAPSHOT.jar" out="confusion-0.0.1-SNAPSHOT-obfuscated.jar"/> </input> <keep-names> <class access="protected+"> <field access="protected+"/> <method access="protected+"/> </class> </keep-names> <property name="log-file" value="log.xml"/></config>
This is the specific configuration of the Allatori obfuscator. You can configure a lot of information, many policies, and specify which classes are not obfuscated, the specific methods can be found in the document in the attachment at the end of the document.
Note the following:
<input> <jar in="confusion-0.0.1-SNAPSHOT.jar" out="confusion-0.0.1-SNAPSHOT-obfuscated.jar"/> </input>
Confusion-0.0.1-SNAPSHOT.jar this is the unobfuscated package after packaging, while confusion-0.0.1-SNAPSHOT-obfuscated.jar is the obfuscated package, this is what we need.
Packaging procedure
1. clean maven project.
2. Copy the allatori. xml file under resources to the target directory.
3. install the maven project. If the following information is displayed, the project is successful:
################################################# ## ## # # ## ### ### ## ### ## # # # # # # # # # # # # ## ### # # ### # # # ## # ## # # ### ### # # # ### # # ### ## ## DEMO VERSION! ## NOT FOR COMMERCIAL USE! ## ## Demo version adds System.out's ## and gives 'ALLATORI_DEMO' name ## to some fields and methods. ## ## ## Obfuscation by Allatori Obfuscator v6.4 DEMO ## ## http://www.allatori.com ## #################################################
4. Successful projects:
The arrow points to the desired package. The package code has been obfuscated.
View results
Here we use the decompilation tool to check the obfuscated package. I use the jd-gui software, which is small and practical.
Before TestApplication. java obfuscation:
import org.springframework.boot.SpringApplication;import org.springframework.boot.autoconfigure.SpringBootApplication;@SpringBootApplicationpublic class TestApplication { public static void main(String[] args) { SpringApplication.run(TestApplication.class, args); }}
After TestApplication. java obfuscation:
import java.io.PrintStream;import org.springframework.boot.SpringApplication;import org.springframework.boot.autoconfigure.SpringBootApplication;@SpringBootApplicationpublic class TestApplication{ public static String ALLATORIxDEMO(String a) { int tmp4_3 = 4; int tmp7_6 = 1; int tmp21_18 = a.length(); int tmp25_24 = 1; tmp25_24; int j; int ? = tmp25_24; int k = tmp21_18; int tmp35_31 = (j = new char[tmp21_18] - 1); tmp35_31; int i = 5 << 4 ^ (0x2 ^ 0x5); (tmp4_3 << tmp4_3 ^ tmp7_6 << tmp7_6); if (tmp35_31 >= 0) { int tmp45_44 = j; j--; ?[tmp45_44] = ((char)(a.charAt(tmp45_44) ^ i)); int tmp66_63 = (j--); ?[tmp66_63] = ((char)(a.charAt(tmp66_63) ^ k)); } return new String(?); } public static void main(String[] a) { System.out.println("\n################################################\n# #\n# ## # # ## ### ### ## ### #\n# # # # # # # # # # # # # #\n# ### # # ### # # # ## # #\n# # # ### ### # # # ### # # ### #\n# #\n# Obfuscation by Allatori Obfuscator v6.4 DEMO #\n# #\n# http://www.allatori.com #\n# #\n################################################\n"); SpringApplication.run(TestApplication.class, a); }}
Before TestController. java obfuscation:
import org.springframework.web.bind.annotation.GetMapping;import org.springframework.web.bind.annotation.RestController;@RestControllerpublic class TestController { @GetMapping("/test") public String test(){ return "88888888888888888"; }}
After TestController. java obfuscation:
import org.springframework.web.bind.annotation.GetMapping;import org.springframework.web.bind.annotation.RestController;@RestControllerpublic class TestController{ @GetMapping({"/test"}) public String test() { return ALLATORIxDEMO("*]*]*]*]*]*]*]*]*"); } public static String ALLATORIxDEMO(String a) { int tmp27_24 = a.length(); int tmp31_30 = 1; tmp31_30; int j; int ? = tmp31_30; int k = tmp27_24; int tmp41_37 = (j = new char[tmp27_24] - 1); tmp41_37; int i = (0x3 ^ 0x5) << 4 ^ 0x5; (2 << 3 ^ 0x2); if (tmp41_37 >= 0) { int tmp51_50 = j; j--; ?[tmp51_50] = ((char)(a.charAt(tmp51_50) ^ i)); int tmp72_69 = (j--); ?[tmp72_69] = ((char)(a.charAt(tmp72_69) ^ k)); } return new String(?); }}
Haha, how are you doing? The obfuscator package runs as usual without any problems.
------- Github source code and documentation address 《-------
The above is all the content of this article. I hope it will be helpful for your learning and support for helping customers.
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
