简体繁体 English

拖放应用程序构建器许可。如何确保源代码不会被反编译和重用？

[英]Drag & Drop app builder licensing. How do I make sure the source code won't be decompiled and re-used?

原文 2020-02-08 12:01:25 9 2 android/ ios/ node.js/ react-native/ encryption

I'm working on a drag and drop app builder.我正在开发拖放应用程序构建器。 The concept is simple: users can build their apps visually, then the app's settings get turned into a configuration file which will be used by the app to decide how to construct itself (which views should be shown, how should the navigation look like, etc.)这个概念很简单：用户可以可视化地构建他们的应用程序，然后应用程序的设置变成一个配置文件，应用程序将使用它来决定如何构建自己（应该显示哪些视图，导航应该是什么样子等） .)

My main concern is once the users download the apk (or ipa) file, they can decompile it, change things in the configuration file and re-compile/re-sign it to be published as a brand new app.我主要担心的是，一旦用户下载了 apk（或 ipa）文件，他们就可以反编译它，更改配置文件中的内容并重新编译/重新签名以发布为全新的应用程序。

I was thinking about putting part of the logic on server side but that would introduce me the following problems:我正在考虑将部分逻辑放在服务器端，但这会给我带来以下问题：

If 1000 people built and published an app with my software, and each app sends only 10,000 daily requests to my server, that's already 10,000,000 requests per day, which would be pretty expensive.如果 1000 人使用我的软件构建并发布了一个应用程序，并且每个应用程序每天只向我的服务器发送 10,000 个请求，那么每天已经有 10,000,000 个请求，这将非常昂贵。
If my server is down for any reason, I will have a lot of angry users coming at me.如果我的服务器因任何原因停机，我将有很多愤怒的用户来找我。

Got any ideas?有什么想法吗？

2 个解决方案

There is no exact way of stopping decompilation/reverse engineering process of android app or apk !没有确切的方法可以停止android app 或 apk 的反编译/逆向工程过程！

But there Some chances to reduce the scope of code visiblity after decompilation/reverse engineering process !但是有一些机会在反编译/逆向工程过程后减少代码可见性的范围！

Here are some habits I am sharing以下是我分享的一些习惯

1) Put important code on a Server : You may rely on remote procedure calls to a well protected server. 1) 将重要的代码放在服务器上：您可能依赖于对受保护良好的服务器的远程过程调用。 This reduces the chance of your codes being stolen as the code will always remain on the server and nothing other than the results can be seen.这减少了您的代码被盗的机会，因为代码将始终保留在服务器上，只能看到结果。

2) Debugger Detection Techniques : Insted of using the hard coated values or string use some formula or encryption methods which can help to hide the actual values 2) 调试器检测技术：使用硬涂层值或字符串使用一些有助于隐藏实际值的公式或加密方法

3) Write important parts of code in C/C++ :You can also write the important parts of your code in C/C++ and add them as a compiled library. 3）用C/C++编写代码的重要部分：您也可以用C/C++编写代码的重要部分，并将它们作为编译库添加。 While it can be disassembled into assembly code , reverse engineering a large library from assembly is extremely time-consuming.虽然它可以反汇编成汇编代码，但从汇编逆向工程一个大型库是非常耗时的。 Java is easier to decompile in comparison to C/C++.与 C/C++ 相比，Java 更容易反编译。

These are some key habits which are be taken care by good developer , You should also check out this answer as well !这些是优秀开发人员应注意的一些关键习惯，您也应该查看这个答案！

Huh, I knew it wasn't possible to stop the decompilation/reverse engineering process on any android app.嗯，我知道不可能停止任何 Android 应用程序上的反编译/逆向工程过程。 But, I thought maybe everything was possible!但是，我想也许一切皆有可能！ Like, perhaps something has changed since then, but no.就像，也许从那时起有些事情发生了变化，但没有。 Basically, I use the same steps as Nisarg Jani described.基本上，我使用与 Nisarg Jani 描述的相同的步骤。 But, you have to pay some special attention to the C++ code.但是，您必须特别注意 C++ 代码。 Any mistake will destroy everything that you have built to that moment.任何错误都会摧毁你在那一刻建立的一切。