Q1. So could anyone tell me please some simple obfuscators or some simple steps to use proguard so that I can just input "abc.jar" and it outputs "obfuscate_abc.jar" or something simple like that.

一季度。所以有人可以告诉我一些简单的混淆器或一些使用 proguard 的简单步骤，这样我就可以输入“abc.jar”并输出“obfuscate_abc.jar”或类似的东西。

Just go for ProGuard, it's definitely a good tool (recommended in many answers here on SO like this one, this oneand this one).

只需选择 ProGuard，它绝对是一个很好的工具（在 SO 上的许多答案中都推荐使用，例如this one、this one和this one）。

Q2. One more thing, as my java program uses external libraries, so should i need to obfuscate those libraries too?

Q2。还有一件事，因为我的 java 程序使用外部库，所以我也需要混淆这些库吗？

No need IMHO (not even mentioning that you may not).

不需要恕我直言（甚至没有提到你可能不会）。

Q3. Is there any eclipse or netbeans plugin availabe to this obfuscation?

Q3。是否有任何 eclipse 或 netbeans 插件可用于这种混淆？

I'd rather suggest to use the Ant Taskor the proguard-maven-plugin. See this questionabout the maven plugin if required.

我宁愿建议使用Ant Task或proguard-maven-plugin。如果需要，请参阅有关 maven 插件的此问题。

Q4. So, one more question is Why do we need to keep that mapping-table with us. We can simply retain a copy of un-obfuscated application so as to make changes in that (if required in future). Is there any reason to retain that mapping-table file with us?

第 4 季度。所以，还有一个问题是为什么我们需要随身携带那个映射表。我们可以简单地保留未混淆应用程序的副本，以便对其进行更改（如果将来需要）。有什么理由让我们保留那个映射表文件吗？

Yes, to "translate" stacktrace.

是的，“翻译”堆栈跟踪。

You only need to obfuscate the other libraries in the case where you need to protect them against whatever you think obfuscation is doing for your code. However you should read the licences for those other libraries to see whether they restrict you from distributing modified versions.

您只需要在需要保护它们免受您认为混淆对您的代码所做的任何事情的情况下混淆其他库。但是，您应该阅读其他库的许可证，以查看它们是否限制您分发修改后的版本。

regarding Q4: The mapping is used when users send you bug reports that contain exception stacktraces from the obfuscated code. ProGuard allows you to translate these stacktraces back to the original class names and line numbers if you have the mapping.

关于 Q4：当用户向您发送包含来自混淆代码的异常堆栈跟踪的错误报告时，将使用该映射。如果您有映射，ProGuard 允许您将这些堆栈跟踪转换回原始类名和行号。

Just answering Q4…

刚刚回答 Q4...

There is a good reason to keep the mapping. If the client ever sends you a stacktrace, it can be very useful to know where in the code that stacktrace came from. The purpose of an obfuscator is to get rid of that information ;-) By keeping the mapping, you enable the conversion of the stacktrace into where the problem occurred in the original code.

保留映射是有充分理由的。如果客户端曾经向您发送过堆栈跟踪，那么了解堆栈跟踪来自代码中的何处会非常有用。混淆器的目的是去除这些信息 ;-) 通过保留映射，您可以将堆栈跟踪转换为原始代码中出现问题的位置。

I can answer question 4. You should retain it for debugging. Say you have a bug in function "printTheAlphabet()" on line 23, after obfuscating the stack trace might say something like "Error in j6z9r() on line 27" which makes it pretty impossible to locate the error in your source code.

我可以回答问题 4。您应该保留它以进行调试。假设您在第 23 行的函数“printTheAlphabet()”中有一个错误，在混淆堆栈跟踪之后可能会说“第 27 行的 j6z9r() 中的错误”之类的内容，这使得在您的源代码中定位错误变得非常不可能。

I tried this from scratch. It should get you started. I think the key will be to understand the "keep options" in the configuration file.

我从头开始尝试这个。它应该让你开始。我认为关键是要了解配置文件中的“保留选项”。

Using this code:

使用此代码：

import java.util.*;

public class Example {

    public static void main(String... args) {
        Example ex = new Example();
        ex.go();
    }

    public void go() {
        String[] strings = { "abc", "def", "ijk" };
        for (String s : strings) {
            System.out.println(s);
        }
    }

}

I created an Example.jar. I copied the proguard.jar from the ProGuard lib directory, and ran this command-line

我创建了一个 Example.jar。我从 ProGuard lib 目录复制了 proguard.jar，并运行了这个命令行

java -jar proguard.jar @myconfig.pro

where myconfig.pro contains:

其中 myconfig.pro 包含：

-injars Example.jar
-outjars ExampleOut.jar
-libraryjars <java.home>/lib/rt.jar

-keep public class Example {
    public static void main(java.lang.String[]);
}

This produces ExampleOut.jar which contains the same functionality and is obfuscated (verified with JAD). Note that I did not use a manifest, so to test functionality, I unjarred and tested the class. Execution entry-points within jars are left to the reader.

这将生成 ExampleOut.jar，其中包含相同的功能并进行了混淆（使用 JAD 验证）。请注意，我没有使用清单，因此为了测试功能，我解压并测试了该类。jars 中的执行入口点留给读者。

There are many more keep options listed in the Usage section.

用法部分列出了更多保留选项。

I have had a quick look at yGuardbefore and liked the fact that you could integrate the obfuscation steps into an Ant script. This allows you to use it very easily in Eclipse etc if you want.

我之前快速浏览过yGuard，并且喜欢您可以将混淆步骤集成到 Ant 脚本中的事实。如果需要，这允许您在 Eclipse 等中非常轻松地使用它。

The documentation it comes with provide a number of ready made Ant scripts to get you started. These just need to be modified to work with your projects layout, ie setting the correct package names etc.

它附带的文档提供了许多现成的 Ant 脚本来帮助您入门。这些只需要修改即可与您的项目布局一起使用，即设置正确的包名称等。

If your not clear on how to get Ant going in Eclipse, you pretty much just need to add a build.xml file to the project, copy the example script that comes with yGuard into it, modify the script to work with your project and run the yGuard task from the Ant view.

如果您不清楚如何让 Ant 在 Eclipse 中运行，您几乎只需要向项目添加一个 build.xml 文件，将 yGuard 附带的示例脚本复制到其中，修改脚本以与您的项目一起使用并运行Ant 视图中的 yGuard 任务。

With regards to your mapping table question. The only reason I can think you might need something like this would be if you can't replicate a bug your obfuscated jar exhibits, from your original code. At this point you might need to work with the obfuscated version, maybe to determine if the obfuscation has caused a problem.

关于您的映射表问题。我认为您可能需要这样的东西的唯一原因是，如果您无法从原始代码中复制混淆的 jar 显示的错误。此时您可能需要使用混淆版本，以确定混淆是否导致问题。

How to obfuscate code quickly & dirty:

如何快速且脏地混淆代码：

Try it: http://www.daftlogic.com/projects-online-javascript-obfuscator.htmor it: http://javascriptobfuscator.com/default.aspxor Google "javascript obfuscator online".

试试看：http: //www.daftlogic.com/projects-online-javascript-obfuscator.htm或它：http: //javascriptobfuscator.com/default.aspx或谷歌“javascript obfuscator online”。

I know it is for Javascript, but you can get the function result using a Javascript eval for Java (have a look at: https://stackoverflow.com/a/2605051/450148)

我知道它是针对 Javascript 的，但是您可以使用 Java 的 Javascript eval 获得函数结果（请查看：https: //stackoverflow.com/a/2605051/450148）

It is not the best aprouch, but it can be useful if you are really in a hurry and you are not a paranoic about security.

这不是最好的方法，但如果您真的很着急并且您对安全性不是偏执狂，它可能会很有用。

EDIT: The next piece of code uses the simple ROT13 to not expose directly your password. The good thing is the "hacker" do not know which algorithm you are using (you can replace ROT13 for which algorithm you like), but it is still very easy to break it down:

编辑：下一段代码使用简单的 ROT13 来不直接公开您的密码。好在“黑客”不知道你使用的是哪种算法（你可以用你喜欢的算法替换ROT13），但还是很容易分解：

static String password;

static {
    password = a("NXVNWQX5CHXRWTKGDMHD");
}

private static String a(String b) {
    String c = "eval(function(p,a,c,k,e,d){e=function(c){return c.toString(36)};if(!''.replace(/^/,String)){while(c--){d[c.toString(a)]=k[c]||c.toString(a)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('k a(b){2 5=\'\';o(2 i=0;i<b.e;i++){2 c=b.g(i);2 1=b.f(i);4(c>=\'a\'&&c<=\'m\')1+=3;6 4(c>=\'n\'&&c<=\'9\')1-=3;6 4(c>=\'7\'&&c<=\'h\')1+=3;6 4(c>=\'7\'&&c<=\'p\')1-=3;2 d=8.l(1);5+=d}j 5}',26,26,'|charcode|var|13|if|sb|else|A|String|z|||||length|charCodeAt|charAt|M||return|function|fromCharCode|||for|Z'.split('|'),0,{}));";

    ScriptEngineManager manager = new ScriptEngineManager();
    ScriptEngine engine = manager.getEngineByName("js");
    Object z = "";

    //noinspection EmptyCatchBlock
    try {
        z = engine.eval(c + " a('" + b + "');");
    } catch (ScriptException e) {}

    return z.toString();
}