update

jar-analyzer · Dec 2, 2024 · c86e08c · c86e08c
commit c86e08c
Show file tree

Hide file tree

Showing 63 changed files with 4,630 additions and 0 deletions.
diff --git a/.github/workflows/leak.yml b/.github/workflows/leak.yml
@@ -0,0 +1,20 @@
+name: leak check
+
+on:
+  push:
+    branches: [ "master" ]
+  pull_request:
+    branches: [ "master" ]
+
+jobs:
+
+  check:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - uses: gitleaks/gitleaks-action@v2
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GITLEAKS_LICENSE: ${{ secrets.GITLEAKS_LICENSE }}
diff --git a/.github/workflows/maven.yml b/.github/workflows/maven.yml
@@ -0,0 +1,22 @@
+name: maven check
+
+on:
+  push:
+    branches: [ "master" ]
+  pull_request:
+    branches: [ "master" ]
+
+jobs:
+
+  check:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v4
+    - name: set up java 8
+      uses: actions/setup-java@v4
+      with:
+        java-version: '8'
+        distribution: 'temurin'
+        cache: maven
+    - name: check core maven
+      run: mvn -B clean package -DskipTests --file pom.xml
diff --git a/.github/workflows/trufflehog.yml b/.github/workflows/trufflehog.yml
@@ -0,0 +1,22 @@
+name: truffle check
+
+on:
+  push:
+    branches:
+      - master
+  pull_request:
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - name: Secret Scanning
+        uses: trufflesecurity/trufflehog@main
+        with:
+          base: ""
+          head: ${{ github.ref_name }}
+          extra_args: --only-verified
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1,42 @@
+target/
+!.mvn/wrapper/maven-wrapper.jar
+!**/src/main/**/target/
+!**/src/test/**/target/
+
+### IntelliJ IDEA ###
+.idea/modules.xml
+.idea/jarRepositories.xml
+.idea/compiler.xml
+.idea/libraries/
+*.iws
+*.iml
+*.ipr
+
+### Eclipse ###
+.apt_generated
+.classpath
+.factorypath
+.project
+.settings
+.springBeans
+.sts4-cache
+
+### NetBeans ###
+/nbproject/private/
+/nbbuild/
+/dist/
+/nbdist/
+/.nb-gradle/
+build/
+!**/src/main/**/build/
+!**/src/test/**/build/
+
+### VS Code ###
+.vscode/
+
+### Mac OS ###
+.DS_Store
+
+.idea/
+*.jar
+*.exe
diff --git a/README.md b/README.md
@@ -0,0 +1,153 @@
+# class-obf
+
+[CHANGE LOG](CHANGELOG.MD)
+
+<img alt="gitleaks badge" src="https://img.shields.io/badge/protected%20by-gitleaks-blue">
+
+![](https://img.shields.io/github/downloads/jar-analyzer/class-obf/total)
+![](https://img.shields.io/github/v/release/jar-analyzer/class-obf)
+
+`class-obf` 项目全称 `Class Obfuscator` 项目，专门用来混淆单个 `Class` 文件
+
+示例图：混淆前 -> 混淆后
+
+![](img/000.png)
+
+可以自定义中文混淆字符，以及方法隐藏等技巧
+
+![](img/004.png)
+
+## 背景
+
+`jar-analyzer` 系列曾有一款工具 `jar-obfuscator` 实现 `jar` 包的混淆
+
+链接：https://github.com/jar-analyzer/jar-obfuscator
+
+但是该工具有以下问题：
+
+- 配置文件非常复杂，不熟悉的情况下难以上手使用
+- 不同的 `Jar` 文件需要考虑各种不同的情况否则无法启动
+- 实际需求更大的是对单个 `Class` 文件的混淆（内存马等需求）
+
+**于是有了这款工具**
+
+- 配置大幅简化，仅针对单个 `Class` 文件
+- 命令行输出改善，详细展示混淆细节
+
+## 快速开始
+
+生成配置文件：`java -jar class-obf.jar --generate`
+
+使用指定配置文件混淆当前目录的 `Test.class` 
+
+```shell
+java -jar class-obf.jar --config config.yaml --input Test.class
+```
+
+一个普通的类
+
+```java
+public class Test {
+    private String a = "cal";
+    private String b = "c.exe";
+    private int c = 1;
+
+    public static void eval() throws Exception {
+        Test test = new Test();
+        Runtime rt = Runtime.getRuntime();
+        rt.exec(test.a + test.b);
+        System.out.println(test.c);
+    }
+
+    public static void main(String[] args) throws Exception {
+        eval();
+    }
+}
+```
+
+你可以随意搭配配置文件，得到以下集中混淆结果
+
+效果一（默认配置）
+
+![](img/001.png)
+
+效果二（使用最高级别的花指令参数）
+
+![](img/002.png)
+
+自定义混淆字符（例如使用中文）
+
+![](img/003.png)
+
+开启隐藏方法和字段功能（反编译看不到方法）
+
+![](img/004.png)
+
+但是！可以成功执行
+
+![](img/005.png)
+
+## 配置文件
+
+可以根据你的需求修改配置文件
+
+```yaml
+!!me.n1ar4.clazz.obfuscator.config.BaseConfig
+# 日志级别
+logLevel: info
+
+# 全局方法黑名单
+methodBlackList:
+  - "test"
+
+# 混淆字符组合
+obfuscateChars:
+  - "i"
+  - "l"
+  - "L"
+  - "1"
+  - "I"
+
+# 是否开启删除编译信息
+enableDeleteCompileInfo: true
+# 是否开启字段混淆
+enableFieldName: true
+# 是否开启字段隐藏
+enableHideField: false
+# 是否开启方法隐藏
+enableHideMethod: false
+# 是否开启方法名混淆
+enableMethodName: true
+# 是否开启方法参数名混淆
+enableParamName: true
+# 是否对数字进行异或混淆
+enableXOR: true
+
+# 是否启用全局字符串提取混淆
+enableAdvanceString: true
+# 全局提取字符串的变量名可以自定义
+advanceStringName: ME_N1AR4_CLAZZ_OBF_PROJECT
+
+# 是否开启花指令混淆
+enableJunk: true
+# 花指令混淆级别 1-5
+junkLevel: 3
+# 一个类中花指令最多数量
+maxJunkOneClass: 1000
+```
+
+## Thanks
+
+<img src="https://resources.jetbrains.com/storage/products/company/brand/logos/IntelliJ_IDEA.svg" alt="IntelliJ IDEA logo.">
+
+
+This project is developed using JetBrains IDEA.
+Thanks to JetBrains for providing me with a free license, which is a strong support for me.
+
+## Star
+
+<div align="center">
+
+<img src="https://api.star-history.com/svg?repos=jar-analyzer/class-obfr&type=Date" width="600" height="400" alt="Star History Chart" valign="middle">
+
+</div>
diff --git a/img/000.png b/img/000.png
diff --git a/img/001.png b/img/001.png
diff --git a/img/002.png b/img/002.png
diff --git a/img/003.png b/img/003.png
diff --git a/img/004.png b/img/004.png
diff --git a/img/005.png b/img/005.png