Skip to main content


Eclipse Community Forums
Forum Search:

Search      Help    Register    Login    Home
Home » Archived » Buckminster » How to obfuscate
How to obfuscate [message #652617] Fri, 04 February 2011 17:53 Go to next message
Paul Nguyen is currently offline Paul NguyenFriend
Messages: 9
Registered: January 2011
Junior Member
Hi all,

Can buckminster do obfuscation? I am unable to find any information about it.

Thanks,

Paul
Re: How to obfuscate [message #652624 is a reply to message #652617] Fri, 04 February 2011 18:04 Go to previous messageGo to next message
Henrik Lindberg is currently offline Henrik LindbergFriend
Messages: 2509
Registered: July 2009
Senior Member
There is nothing built in to Buckminster that does this, nor is there
any standard plugin for this in PDE or JDT - so very short answer is: no.

You can naturally process your source or binaries in any way you like
and you can use Buckminster to manage that. How you do this depends on
the obfuscator you want to use naturally. If it runs as part of your
workspace build, then it should work with buckminster as well, other
options include calling ant.

Hope that helps.
- henrik.

On 2/4/11 6:53 PM, Paul Nguyen wrote:
> Hi all,
>
> Can buckminster do obfuscation? I am unable to find any information
> about it.
>
> Thanks,
>
> Paul
Re: How to obfuscate [message #652625 is a reply to message #652617] Fri, 04 February 2011 18:06 Go to previous messageGo to next message
Carsten Reckord is currently offline Carsten ReckordFriend
Messages: 139
Registered: July 2009
Senior Member
Hi Paul,

We are using Obclipse (http://obclipse.sourceforge.net/) with a bit of ant
magic which is called from a Buckminster Ant action either during site.p2 or
during create.product.

Obclipse is a wrapper around Proguard, which is aimed at easily obfuscating
entire eclipse products (or update sites for that matter). I've done some
minor local changes to it to better fit our usecase, which I haven't gotten
around to contribute back. But other than that, we are very happy with it.

I'd have to wade through the involved scripts to untangle them from other
dependencies, but then I could post them here if you're interested.

Cheers,
Carsten

On 04.02.2011 18:53, Paul Nguyen wrote:
> Hi all,
>
> Can buckminster do obfuscation? I am unable to find any information about it.
>
> Thanks,
>
> Paul
Re: How to obfuscate [message #652659 is a reply to message #652617] Fri, 04 February 2011 21:44 Go to previous messageGo to next message
Thomas Hallgren is currently offline Thomas HallgrenFriend
Messages: 3240
Registered: July 2009
Senior Member
Hi Paul,

Buckminster has no built in support for obfuscation but you can always use an ant actor and do it using an ant-script.

- thomas

On 2011-02-04 18:53, Paul Nguyen wrote:
> Hi all,
>
> Can buckminster do obfuscation? I am unable to find any information about it.
>
> Thanks,
>
> Paul
Re: How to obfuscate [message #652715 is a reply to message #652659] Sat, 05 February 2011 20:11 Go to previous messageGo to next message
Paul Nguyen is currently offline Paul NguyenFriend
Messages: 9
Registered: January 2011
Junior Member
Thank you everyone for the answers.

We are using Zelix KlassMaster which (I believe) only obfuscates java bytecode (not the source code). This means that we will have to obfuscate the resulting bundle jar file which already built and signed by buckminster.

The problem is the obfuscator removed the signing info after obfuscating the jar. As the result, we cannot use the built-in buckminster jar signing capacity. Am I wrong on this?

Thanks,

Paul
Re: How to obfuscate [message #652728 is a reply to message #652715] Sat, 05 February 2011 22:28 Go to previous messageGo to next message
Thomas Hallgren is currently offline Thomas HallgrenFriend
Messages: 3240
Registered: July 2009
Senior Member
On 2011-02-05 21:11, Paul Nguyen wrote:
> Thank you everyone for the answers.
>
> We are using Zelix KlassMaster which (I believe) only obfuscates java bytecode (not the source code). This means that we
> will have to obfuscate the resulting bundle jar file which already built and signed by buckminster.
> The problem is the obfuscator removed the signing info after obfuscating the jar. As the result, we cannot use the
> built-in buckminster jar signing capacity. Am I wrong on this?
>
The reason you sign a bundle is to verify that it contains the exact same bytes when you use it as it did when you
signed it. Obfuscating will of course alter the bytes and must therefore occur prior to signing. To do that, you must
alter the generated cspec (using a cspex) and inject the signing at the correct place. Perhaps that's what Carsten is
doing with his scripts?

- thomas
Re: How to obfuscate [message #652759 is a reply to message #652728] Sun, 06 February 2011 12:40 Go to previous messageGo to next message
Carsten Reckord is currently offline Carsten ReckordFriend
Messages: 139
Registered: July 2009
Senior Member
This is a multi-part message in MIME format.
--------------060606060904040108090800
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

On 05.02.2011 23:28, Thomas Hallgren wrote:
> On 2011-02-05 21:11, Paul Nguyen wrote:
>> Thank you everyone for the answers.
>>
>> We are using Zelix KlassMaster which (I believe) only obfuscates java bytecode (not the source code). This means that we
>> will have to obfuscate the resulting bundle jar file which already built and signed by buckminster.
>> The problem is the obfuscator removed the signing info after obfuscating the jar. As the result, we cannot use the
>> built-in buckminster jar signing capacity. Am I wrong on this?
>>
> The reason you sign a bundle is to verify that it contains the exact same bytes when you use it as it did when you
> signed it. Obfuscating will of course alter the bytes and must therefore occur prior to signing. To do that, you must
> alter the generated cspec (using a cspex) and inject the signing at the correct place. Perhaps that's what Carsten is
> doing with his scripts?
>
> - thomas
>

Yes, wev've ssentially duplicated the whole site.p2 stack of actions with an
obfuscation step in front. I've attached the cspex parts responsible for
that. Some explanations on the actions involved:

- the stock site.p2 is renamed to site.p2.unobfuscated
- the new site.p2 is a group delegating to either site.p2.unobfuscated
or site.p2.obfuscated depending on if the build property site.obfuscate is
set to true

- copy.site.obfuscated will create a copy of the site.feature.exports that
will then be obfuscated by the other actions. Maybe you don't need this, but
our obfuscator does in-situ obfuscation and we wanted to keep the
unobfuscated jars, too.

- site.obfuscated does the actual obfuscation. You'll have to hook a call to
your obfuscator here with an ant action. It uses the result of
copy.site.obfuscated as input and outputs the obfuscated results (so your
obfuscator ant target will have to use ${sp:action.requirements} as source
and ${sp:action.output} as destination of the obfuscation). A second product
of this action is the obfuscation map generated by the obfuscator.

- the other site.* actions are pretty much 1:1 copies of the non-obfuscated
versions



--------------060606060904040108090800
Content-Type: text/xml;
name="buckminster.cspex"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename="buckminster.cspex"

<?xml version="1.0" encoding="UTF-8"?>
<cspecExtension
xmlns:com="http://www.eclipse.org/buckminster/Common-1.0"
xmlns="http://www.eclipse.org/buckminster/CSpec-1.0">
<actions>
<private name="copy.site.obfuscated" actor="ant">
<actorProperties>
<property key="buildFileId" value="buckminster.pdetasks"/>
<property key="targets" value="copy.group"/>
</actorProperties>
<prerequisites alias="action.requirements">
<attribute name="site.feature.exports"/>
</prerequisites>
<products alias="action.output" upToDatePolicy="MAPPER">
<path path="site.obfuscated"/>
</products>
</private>
<public name="site.obfuscated" actor="ant">
<actorProperties>
<property key="buildFile" value="build/obfuscate.ant"/>
<property key="targets" value="obfuscate"/>
</actorProperties>
<prerequisites>
<attribute alias="source" name="copy.site.obfuscated"/>
</prerequisites>
<products upToDatePolicy="MAPPER">
<public name="site.feature.exports.obfuscated" alias="action.output" base="${buckminster.output}/site.obfuscated/"/>
<public name="obfuscate.map" alias="mappingFile" path="obfuscate.map"/>
</products>
</public>
<public name="site.p2.obfuscated" actor="p2SiteGenerator">
<prerequisites>
<attribute name="site.feature.exports.obfuscated" alias="site" filter="(&amp;(!(site.signing=true))(!(site.pack200=true))) "/>
<attribute name="site.obfuscated.packed" alias="site" filter="(site.pack200=true)"/>
<attribute name="site.obfuscated.signed" alias="site" filter="(&amp;(site.signing=true)(!(site.pack200=true))) "/>
<attribute name="manifest" alias="site.definer"/>
<attribute name="product.configuration.exports" alias="product.configs"/>
</prerequisites>
<products base="${buckminster.output}/site.p2.obfuscated/"/>
</public>
<public name="site.p2.obfuscated.zip" actor="ant">
<actorProperties>
<property key="buildFileId" value="buckminster.pdetasks"/>
<property key="targets" value="create.site.zip"/>
</actorProperties>
<prerequisites>
<attribute name="manifest" alias="manifest"/>
<attribute name="site.p2.obfuscated" alias="action.requirements"/>
</prerequisites>
<products alias="action.output" base="${buckminster.output}/"/>
</public>
<public name="site.obfuscated.packed" actor="jarProcessor" always="true">
<properties>
<property key="command" value="pack"/>
</properties>
<prerequisites>
<attribute name="site.feature.exports.obfuscated" alias="jar.folder" filter="(!(site.signing=true))"/>
<attribute name="site.obfuscated.signed" alias="jar.folder" filter="(site.signing=true)"/>
</prerequisites>
<products base="${buckminster.output}/site.obfuscated.packed/"/>
</public>
<public name="site.obfuscated.signed" actor="ant" always="true">
<actorProperties>
<property key="buildFileId" value="buckminster.signing"/>
<property key="targets" value="sign.jars"/>
</actorProperties>
<prerequisites alias="action.requirements">
<attribute name="site.obfuscated.repacked" filter="(site.pack200=true)"/>
<attribute name="site.feature.exports.obfuscated" filter="(!(site.pack200=true))"/>
</prerequisites>
<products alias="action.output" base="${buckminster.output}/site.obfuscated.signed/"/>
</public>
<private name="site.obfuscated.repacked" actor="jarProcessor" always="true">
<properties>
<property key="command" value="repack"/>
</properties>
<prerequisites>
<attribute name="site.feature.exports.obfuscated" alias="jar.folder"/>
</prerequisites>
<products base="${buckminster.output}/site.obfuscated.repacked/"/>
</private>
</actions>
<groups>
<public name="site.p2">
<attribute name="site.p2.unobfuscated" filter="(!(site.obfuscate=true))"/>
<attribute name="site.p2.obfuscated" filter="(site.obfuscate=true)"/>
</public>
</groups>
<alterGroups>
<rename newName="site.p2.unobfuscated" oldName="site.p2"/>
</alterGroups>
</cspecExtension>

--------------060606060904040108090800--
Re: How to obfuscate [message #652760 is a reply to message #652759] Sun, 06 February 2011 12:42 Go to previous messageGo to next message
Carsten Reckord is currently offline Carsten ReckordFriend
Messages: 139
Registered: July 2009
Senior Member
On 06.02.2011 13:40, Carsten Reckord wrote:
> copy.site.obfuscated as input and outputs the obfuscated results (so your
> obfuscator ant target will have to use ${sp:action.requirements} as source

Oops, make that ${sp:source}...
Re: How to obfuscate [message #652957 is a reply to message #652760] Mon, 07 February 2011 18:14 Go to previous messageGo to next message
Paul Nguyen is currently offline Paul NguyenFriend
Messages: 9
Registered: January 2011
Junior Member
Thank you both Carsten & Thomas.

Carsten - Thanks for the cspex. I will definitely use it for our build.

Paul
Re: How to obfuscate [message #898640 is a reply to message #652759] Fri, 27 July 2012 01:22 Go to previous message
Felix Lu is currently offline Felix LuFriend
Messages: 12
Registered: April 2011
Junior Member
Hi Carston,

Thank you very much for the .cspex file. Can you paste the content of your build/obfuscate.ant file?

B.R.
Felix
Previous Topic:Basedir <...>.jar is not a directory
Next Topic:Updating Jenkins workspace
Goto Forum:
  


Current Time: Tue Mar 19 08:23:43 GMT 2024

Powered by FUDForum. Page generated in 0.01679 seconds
.:: Contact :: Home ::.

Powered by: FUDforum 3.0.2.
Copyright ©2001-2010 FUDforum Bulletin Board Software

Back to the top