发表新帖
发表新帖

Obfuscation in Xamarin Projects

前端 未结
关注
4 1753
盖世英雄少女心
盖世英雄少女心 2020-12-05 14:55

As you know Xamarin projects are compiled into dot net dll assembly and it\'ll be pack into apk file and can be easily reflected by reflectors like DotPeek.

相关标签:
4条回答
  • 不要未来只要你来
    2020-12-05 14:56

    There's no way you can fully 100% protect your code from being decompiled and looked into.

    You could spend a lot of time hashing all of your methods and variables and then spend another lot of time creating some sort of application interpreter that will understand your obfuscated code, but even that will be looked into, investigated and eventually cracked.

    Also see: How can I protect my .NET assemblies from decompilation?

    Protect .NET code from reverse engineering?

    0 讨论(0)
  • 醉酒成梦
    2020-12-05 14:58

    Dotfuscator has support for Xamarin and instructions are online (for Dotfuscator Professional or the free Community Edition) for how to integrate it. In essence, the process is:

    1. Configure the build to run Dotfuscator via an AfterBuild target
    2. Configure Dotfuscator:
      1. Specify the inputs
      2. Exclude things from renaming, as usual / as needed
      3. Only use Mono-compatible transforms (Pro-only)
    3. Configure a Copy task or post-build event to copy the obfuscated binaries back to their original locations
    4. Build, verify obfuscation, and test

    Full disclosure: I work for PreEmptive Solutions.

    0 讨论(0)
  • 小蘑菇
    2020-12-05 15:00

    The best way to protect your .NET code (.DLLS) for APKs is to enable Ahead Of Time (AOT) compilation:

    AOT compilation will compile your applications IL code (.dlls) into native instructions. The final code that is packaged into the APK is then X86, arm etc instructions rather than managed IL code.

    AOT compilation is only available in Enterprise and higher licenses.

    While AOT increases the difficulty of reverse engineering, it's still not 100% fool-proof. The final binaries can still be pulled from a rooted device and reverse engineered using software like IDA pro. It's a lot harder than using DotPeek but its still possible.

    It is also important to note the down sides of enabling AOT compilation. Application builds times increase significantly as every assembly referenced by your app needs to be compiled; my experiences indicated that you should expect a 200%-300% increase in build times when AOT is enabled.

    Additionally, AOT compilation will increase the final APK size.

    0 讨论(0)
  • 你的背包
    2020-12-05 15:08

    For your first question, it is possible to use some tools for obfuscating your Xamarin code. For example, Crypto Obfuscator, Babel Obfuscator, and Dotfuscator

    For your second question, it seems SmartAssembly obfuscation is possible. Check the Windows Phone part here.

    0 讨论(0)
 看不清?
提交回复
热议问题