堆栈内存溢出
  简体   繁体   English

我可以使用 AOT 编译来保护我的应用程序吗?

[英]Can I protect my application using AOT compilation?

 原文  2020-08-02 18:32:41       c#/ xamarin.forms/ xamarin.android/ protection/ aot

问题描述

I would like to use AOT compilation to protect my code, but according to this: https://learn.microsoft.com/uk-ua/xamarin.android/deploy-test/release-prep/?tabs=windows#aot the resulting native code is included in the APK along with the uncompiled assemblies.我想使用 AOT 编译来保护我的代码,但是根据这个: https://learn.microsoft.com/uk-ua/xamarin.android/deploy-test/release-prep/?tabs=windows#aot生成的本机代码与未编译的程序集一起包含在 APK 中。 Does this mean that both the compiled and the uncompiled versions are included, and AOT does not really help for obfuscation?这是否意味着编译版本和未编译版本都包含在内,而 AOT 并不能真正帮助混淆?

2 个解决方案

解决方案1
 1 已采纳  2020-08-09 14:35:03

I used Hybrid AOT to remove IL code from .NET assemblies.我使用混合 AOT 从 .NET 程序集中删除了 IL 代码。 You need to manually edit Xamarim.Android.Common.Targets in C:\Program Files (x86)\Microsoft Visual Studio\2019\Enterprise\MSBuild\Xamarin\Android\您需要在 C:\Program Files (x86)\Microsoft Visual Studio\2019\Enterprise\MSBuild\Xamarin\Android\ 中手动编辑 Xamarim.Android.Common.Targets

  <CilStrip
    Condition=" '$(AndroidAotMode)' == 'Hybrid' And '$(AotAssemblies)' == 'True' "
    AndroidAotMode="$(AndroidAotMode)"
    ToolPath="$(_MonoAndroidToolsDirectory)"
    ApkOutputPath="$(_BuildApkEmbedOutputs)"
    ResolvedAssemblies="@(_ShrunkAssemblies)">
  </CilStrip>

And edit your Android.csproj并编辑您的 Android.csproj

<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
    <DebugSymbols>false</DebugSymbols>
    <DebugType>none</DebugType>
    <Optimize>true</Optimize>
    <OutputPath>bin\Release</OutputPath>
    <ErrorReport>prompt</ErrorReport>
    <WarningLevel>4</WarningLevel>
    <EmbedAssembliesIntoApk>true</EmbedAssembliesIntoApk>
    <AndroidManagedSymbols>true</AndroidManagedSymbols>
    <AndroidUseSharedRuntime>false</AndroidUseSharedRuntime>
    <AndroidLinkMode>SdkOnly</AndroidLinkMode>
    <EnableLLVM>false</EnableLLVM>
    <AotAssemblies>true</AotAssemblies>
    <AndroidAotMode>Hybrid</AndroidAotMode>
    <AndroidEnableProfiledAot>false</AndroidEnableProfiledAot>
    <AndroidAotAdditionalArguments>no-write-symbols,nodebug</AndroidAotAdditionalArguments>
  </PropertyGroup>

Source: https://forums.xamarin.com/discussion/182826/hybrid-aot来源: https://forums.xamarin.com/discussion/182826/hybrid-aot

解决方案2
 0  2020-08-02 18:47:11

Full AOT could make your APK much bigger so not sure if you should take that road just for obsfuscation purpose.完整的 AOT 可能会使您的 APK 更大,因此不确定您是否应该仅仅为了混淆目的而走这条路。

You could try Dotfuscator that is specifically designed for this您可以尝试专门为此设计的Dotfuscator

Visual Studio for Windows Windows 的 Visual Studio

Even with debugging disabled, it is still possible for attackers to re-package an application, adding or removing configuration options or permissions.即使禁用调试,攻击者仍有可能重新打包应用程序,添加或删除配置选项或权限。 This allows them to reverse-engineer, debug, or tamper with the application.这使他们能够对应用程序进行逆向工程、调试或篡改。 Dotfuscator Community Edition (CE) can be used to obfuscate managed code and inject runtime security state detection code into a Xamarin.Android app at build time to detect and respond if the app is running on a rooted device. Dotfuscator Community Edition (CE) 可用于混淆托管代码,并在构建时将运行时安全性 state 检测代码注入 Xamarin.Android 应用程序,以检测应用程序是否在已获得 root 权限的设备上运行并做出响应。

Dotfuscator CE is included with Visual Studio 2017. To use Dotfuscator, click Tools > PreEmptive Protection - Dotfuscator. Dotfuscator CE 包含在 Visual Studio 2017 中。要使用 Dotfuscator,请单击工具 > PreEmptive Protection - Dotfuscator。

To configure Dotfuscator CE, please see Using Dotfuscator Community Edition with Xamarin. Once it is configured, Dotfuscator CE will automatically protect each build that is created.要配置 Dotfuscator CE,请参阅 Using Dotfuscator Community Edition with Xamarin。配置后,Dotfuscator CE 将自动保护创建的每个构建。

Visual Studio for Mac适用于 Mac 的视觉工作室

Even with debugging disabled, it is still possible for attackers to re-package an application, adding or removing configuration options or permissions.即使禁用调试,攻击者仍有可能重新打包应用程序,添加或删除配置选项或权限。 This allows them to reverse-engineer, debug, or tamper with the application.这使他们能够对应用程序进行逆向工程、调试或篡改。 Although it does not support Visual Studio for Mac, you can use Dotfuscator Community Edition (CE) with Visual Studio to obfuscate managed code and inject runtime security state detection code into a Xamarin.Android app at build time to detect and respond if the app is running on a rooted device.尽管它不支持 Visual Studio for Mac,但您可以将 Dotfuscator Community Edition (CE) 与 Visual Studio 结合使用来混淆托管代码,并在构建时将运行时安全性 state 检测代码注入 Xamarin.Android 应用程序,以检测应用程序是否在有根设备。

To configure Dotfuscator CE, please see Using Dotfuscator Community Edition with Xamarin. Once it is configured, Dotfuscator CE will automatically protect each build that is created.要配置 Dotfuscator CE,请参阅 Using Dotfuscator Community Edition with Xamarin。配置后,Dotfuscator CE 将自动保护创建的每个构建。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何保护我的 .net 应用程序免受反编译器的攻击? - How can i protect my .net application from decompilers? 使用mono aot / aot-full编译:似乎没有任何事情发生? - Using mono aot / aot-full compilation: nothing appears to happen? 如何吞下所有异常并保护我的应用程序不会崩溃? - How can I swallow all exceptions and protect my application from crashing? 我如何“约会”保护我的申请? - How do I “date-protect” my application? 运行MVC应用程序时出现编译错误 - I have compilation error when i run my mvc application 如何保护我的动态编译代码 - How can i protect my dynamically compiled code 如何保护.NET程序集免受反编译? - How can I protect my .NET assemblies from decompilation? 如何保护我的装配以供其他人使用? - How can I protect my Assembly to being used by someother? .NET的.NET混淆:我如何保护我的代码? - .NET obfuscation of a DLL: how can I protect my code? 如何在我的C程序中单声道AOT生成的SO文件中使用方法? - How can I use methods in the SO files produced by mono AOT in my C program?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM