[英]where does the variables defined using "--dart-define" go and can we reverse engineer them?
I am building a flluter application.我正在构建一个颤振应用程序。 I don't want to compromise my
secret_key
by putting it in the code, so I tried making a .env
file and created an apk.我不想通过将它放在代码中来破坏我的
secret_key
,所以我尝试制作一个.env
文件并创建了一个 apk。 Then I unzipped the apk and found my config file there.然后我解压缩了apk并在那里找到了我的配置文件。 So now I am not doing that.
所以现在我不这样做了。
The next thing I tried is using --dart-define
variable declarations to put my secret_key
while building the app and I am accessing it using我尝试的下一件事是在构建应用程序时使用
--dart-define
变量声明来放置我的secret_key
,我正在使用它访问它
const secret = String.fromEnvironment("secret_key");
Coming to the question, where do these variables go inside the dart code and is there a way to get them by reverse engineering.来到这个问题,这些变量 go 在 dart 代码中在哪里,有没有办法通过逆向工程来获得它们。 Basically is it safe to put my secret key this way?
基本上以这种方式放置我的密钥是否安全?
From what I found, you can find the --dart-define
variables in the binary file generated for each ABI, so yes , you can reverse-engineer it.根据我的发现,您可以在为每个 ABI 生成的二进制文件中找到
--dart-define
变量,所以是的,您可以对其进行逆向工程。
How to try:如何尝试:
Call the variable from your code with String.fromEnvironment("ANIMAL")
.使用
String.fromEnvironment("ANIMAL")
从您的代码中调用变量。
Run flutter build apk --dart-define=ANIMAL=Dog
to build for Android运行
flutter build apk --dart-define=ANIMAL=Dog
为 Android 构建
Open the generated.APK file with a file archiver (7-Zip, for example) and navigate to /lib/(ABI)/
使用文件存档器(例如 7-Zip)打开生成的 .APK 文件并导航到
/lib/(ABI)/
Open /lib/(ABI)/libapp.so
file with a text editor or hex viewer and search for the value Dog
and you will find it使用文本编辑器或十六进制查看器打开
/lib/(ABI)/libapp.so
文件并搜索值Dog
你会找到它
Observations:观察:
--obfuscate
with flutter build
won't help, because it doesn't obfuscate environment variables--obfuscate
和flutter build
将无济于事,因为它不会混淆环境变量
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.