简体繁体 English

Xamarin项目中的混淆

[英]Obfuscation in Xamarin Projects

原文 2016-04-05 09:57:12 3 4 c#/ android/ xamarin/ xamarin.android

As you know Xamarin projects are compiled into dot net dll assembly and it'll be pack into apk file and can be easily reflected by reflectors like DotPeek. 如你所知，Xamarin项目被编译成dot net dll程序集，它将被打包到apk文件中，并且可以很容易地被像DotPeek这样的反射器反映出来。

My first question is: How can we protect our code? 我的第一个问题是：我们如何保护我们的代码？

My second question is: Do obfuscator tools like SmartAssembly are usable in Xamarin projects or Xamarin projects won't support them? 我的第二个问题是：像SmartAssembly这样的混淆工具是否可用于Xamarin项目，或者Xamarin项目是否不支持它们？

4 个解决方案

The best way to protect your .NET code (.DLLS) for APKs is to enable Ahead Of Time (AOT) compilation: 保护APK的.NET代码（.DLLS）的最佳方法是启用Ahead Of Time （AOT）编译：

AOT compilation will compile your applications IL code (.dlls) into native instructions. AOT编译会将您的应用程序IL代码（.dll）编译为本机指令。 The final code that is packaged into the APK is then X86, arm etc instructions rather than managed IL code. 打包到APK中的最终代码是X86，arm等指令，而不是托管的IL代码。

AOT compilation is only available in Enterprise and higher licenses. AOT编译仅适用于Enterprise和更高版本的许可证。

While AOT increases the difficulty of reverse engineering, it's still not 100% fool-proof. 虽然AOT增加了逆向工程的难度，但它仍然不是100％万无一失。 The final binaries can still be pulled from a rooted device and reverse engineered using software like IDA pro. 最终的二进制文件仍然可以从root设备中提取，并使用IDA pro等软件进行逆向工程。 It's a lot harder than using DotPeek but its still possible. 这比使用DotPeek困难得多，但它仍然可能。

It is also important to note the down sides of enabling AOT compilation. 注意启用AOT编译的缺点也很重要。 Application builds times increase significantly as every assembly referenced by your app needs to be compiled; 应用程序构建时间显着增加，因为应用程序引用的每个程序集都需要编译; my experiences indicated that you should expect a 200%-300% increase in build times when AOT is enabled. 我的经验表明，当启用AOT时，您应该期望构建时间增加200％-300％。

Additionally, AOT compilation will increase the final APK size. 此外，AOT编译将增加最终的APK大小。

For your first question, it is possible to use some tools for obfuscating your Xamarin code. 对于您的第一个问题，可以使用一些工具来混淆您的Xamarin代码。 For example, Crypto Obfuscator , Babel Obfuscator , and Dotfuscator 例如， Crypto Obfuscator ， Babel Obfuscator和Dotfuscator

For your second question, it seems SmartAssembly obfuscation is possible. 对于您的第二个问题，似乎SmartAssembly混淆是可能的。 Check the Windows Phone part here . 在此处查看Windows Phone部分。

Dotfuscator has support for Xamarin and instructions are online (for Dotfuscator Professional or the free Community Edition ) for how to integrate it. Dotfuscator支持Xamarin，并且有关如何集成它的说明在线（对于Dotfuscator Professional或免费的Community Edition ）。 In essence, the process is: 从本质上讲，这个过程是：

Configure the build to run Dotfuscator via an AfterBuild target 配置构建以通过AfterBuild目标运行Dotfuscator
Configure Dotfuscator: 配置Dotfuscator：
1. Specify the inputs 指定输入
2. Exclude things from renaming, as usual / as needed 通常/根据需要排除重命名的内容
3. Only use Mono-compatible transforms (Pro-only) 仅使用与Mono兼容的变换（仅限专业版）
Configure a Copy task or post-build event to copy the obfuscated binaries back to their original locations 配置复制任务或生成后事件以将混淆的二进制文件复制回其原始位置
Build, verify obfuscation, and test 构建，验证混淆和测试

Full disclosure: I work for PreEmptive Solutions. 完全披露：我为PreEmptive Solutions工作。

There's no way you can fully 100% protect your code from being decompiled and looked into. 您无法完全100％保护您的代码免受反编译和查看。

You could spend a lot of time hashing all of your methods and variables and then spend another lot of time creating some sort of application interpreter that will understand your obfuscated code, but even that will be looked into, investigated and eventually cracked. 您可能花费大量时间来散列所有方法和变量，然后花费大量时间创建某种应用程序解释器来理解您的混淆代码，但即使这样也会被调查，调查并最终破解。

Also see: How can I protect my .NET assemblies from decompilation? 另请参阅：如何保护.NET程序集免受反编译？

Protect .NET code from reverse engineering? 保护.NET代码免受逆向工程？