Alex Kalinovsky《Covert Java》第三章节Obfuscating Classes翻译（二）

最新推荐文章于 2026-01-03 01:53:35 发布

翻译最新推荐文章于 2026-01-03 01:53:35 发布 · 885 阅读

文章标签：

#java #javascript #class #structure #numbers #methods

本文介绍了代码混淆作为保护知识产权的方法。代码混淆将字节码转换为难以阅读的形式，增加逆向工程难度，包括去除调试信息、重命名包和类等。由于Java字节码标准化，混淆器可加载、解析并转换类文件。对于以源代码形式分发的HTML和JavaScript，以及可反编译出源码的Java，混淆器尤为必要。

混淆是为了保护知识产权

混淆是通过把字节码转换成为阅读性很差的代码的方式，来实现增加反向工程难度的目标的一种方法。它常用的方法有剥离全部的调试信息，包括变量表和行号，以及变更包，类，方法的名称为混淆程序自动生成名称。更先进的混淆器走的更远，它们可以通过重构逻辑关系，插入并不执行的伪造代码的方式来更改 java 代码的控制流程的顺序。混淆过程的前提是，它所做的转换不能破坏字节码的有效性，还有不能更改程序的功能。

可以实现程序混淆的原因和可以实现程序反编译的原因一样：java 的字节码的组织是遵照一定标准和行文结构的。混淆器载入java class 文件，分析它们的格式，根据支持的程序特征进行转换。当所有的转换都完成以后，字节码重新保存为一个新的 class 文件。新的文件具有一个全新的内在结构，但是功能表现和原始文件一致。

对于那些需要把功能的实现逻辑关系呈现给用户的产品和技术来说，混淆器的必要性尤其显著。在使用HTML 和 javascript 的例子中，程序是以代码的形式呈现给用户。java 的表现并不比它们强多少，尽管它是以字节码的形式呈现，但是只要使用上一个章节介绍的反编译器，就很容易得到java 程序的源代码----效果并不比直接得到java程序的原始代码差多少。。。

英语原文

Obfuscation As a Protection of Intellectual Property

Obfuscation is the process of transforming bytecode to a less human-readable form with the purpose of complicating reverse engineering. It typically includes stripping out all the debug information, such as variable tables and line numbers, and renaming packages, classes, and methods to machine-generated names. Advanced obfuscators go further and change the control flow of Java code by restructuring the existing logic and inserting bogus code that will not execute. The premise of the obfuscation is that the transformations do not break the validity of the bytecode and do not alter the exposed functionality.

Obfuscation is possible for the same reasons that decompiling is possible: Java bytecode is standardized and well documented. Obfuscators load Java class files, parse their formats, and then apply transformations based on supported features. When all the transformations are applied, the bytecode is saved as a new class file. The new file has a different internal structure but behaves just like the original file.

Obfuscators are especially necessary for products and technologies in which the implementation logic is delivered to the user. That is the case for HTML pages and JavaScript where the product is distributed in source code form. Java doesn't fare much better because, even though it is typically distributed in binary bytecode, using a decompiler as described in the previous chapter can produce the source code—which is almost as good as the original.