问题
I'm looking into obfuscating my Windows Phone 8 app.
The first thing that's thrown me a little is that most programs I've looked at talk about obfuscating the .DLL file that is generated when my build my app, but it's the .xap file I upload to the store? So I don't understand what difference obfuscating the .DLL files would make?
回答1:
Since some time all XAPs are delivered trough secure connection. There is no need for Obfuscation as the XAP file cannot be accessed on the device or while downloading.
回答2:
Windows Phone store itself encrypts the XAP, so nobody can decrypt it. When any one installs the app, the DLLs & other files are not accessible via SD card or file manager. If anybody downloads XAP from app store via "Download and install manually" & try to rename .XAP to .ZIP then it won't work.
If you want to try, download XAP from here & try to rename & extract source from it, you won't be able to do that.
回答3:
I understand peoples trepidation around the security of being able to extract the dlls from a store .xap file, especially if someone cracks it at some point in the future. My boss is one of them, so I was asked to obfuscate my Windows Phone 8.1 silverlight app before committing it to the store.
I looked at a few, and recommend ConfuserEx. By setting a few simple settings, I was able to completely mangle the code, method names, constants and everything else. Reflector couldn't even open the dlls and ILSPY just showed a whole load of full-stops. Very impressed - it even did this to the main UI project as well.
Its a bit of trial and error, but just set a global policy with Protection=None, then add in "invalid metadata" protection (i also added "constants" and "rename" to all except the main UI project).
And its free!!!
Not impenetrable I know, but does add that little bit more protection (as they say, "keeps honest people honest"). Its also useful to do as a post-build event, especially if you're passing your xap file direct to stakeholders for evaluation without going through the store.
来源:https://stackoverflow.com/questions/20683645/obfuscation-with-windows-phone-8