Is there any advantage in using code obfuscation in Xamarin project that is doing AOT compilation
Question
We have a Xamarin solution that has both Xamarin.Android and Xamarin.iOS projects. We are compiling the apps with Ahead-of-time (AOT) so the code cannot be reverse engineer into the original c# code.
In a case like this, is there some code that could be reverse engineer from the aot-compiled apk, that would be obfuscated if the code was first run through a code obfuscator like dotfuscator?
1 answers
solution1
3 ACCPTED 2019-10-29 14:41:32
Even though the Xamarin.iOS build results in a native iOS binary, code obfuscation can still be helpful if you don't want the reverse engineers to figure out the control flow, plaintext strings and other possibly secret information about your application (among other things). Of course, a dedicated person will still manage to do those things given enough time but the idea is to make it hard enough to take a long time or make it not worth their time at all.
I'm more familiar with how iOS apps built with Swift or Objective-C can be disassembled and analyzed but I believe it's not too different when compared to a Xamarin.iOS application since it's compiled to ARM code that is certainly understood by many tools such as IDA Pro, Hopper etc.
So, to answer your question. It definitely makes sense to obfuscate before the native compilation and maybe even encrypt plaintext strings etc.
Take a look at the following article for a deep dive on how iOS apps are reverse engineered and tampered with: Tampering and Reverse Engineering on iOS . It gives you a really good idea on how easy it is to reverse an unprotected application given the right tools and knowledge.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.