如何在反编译apk中获取Google-Service.Json文件? [英] How to get Google-Service.Json file in decompile apk?

问题描述

我想知道在Android apk上进行逆向工程时是否有可能获取google-service.json文件.因为在Firebase中，Google-Service json文件包含项目的所有键.

I want to know that is it possible to get google-service.json file when reverse engineering on android apk. Because in firebase Google-Service json file contain all keys of project.

推荐答案

您的APK中不包含JSON文件，发生的情况是您的google/firebase Gradle插件读取了JSON文件并将其插入到string资源文件中. 但是通过使用apktool之类的工具对apk进行reverese工程设计，任何人都可以访问这些资源文件，包括您的字符串资源文件和您放入Java代码中的原始字符串.

JSON file is not included in your APK, what happens is your google/firebase Gradle plugin reads the JSON file and inserts it in string resource file. But by reverese engineering an apk using tools like apktool, anyone can access these resource files including your string resource file and raw string you put in your java code.

如果您反编译APK，则会从字符串资源文件中获得这些secret详细信息.

If you decompile the APK, you will get these secret details from string resource files.

  <string name="google_api_key">your key</string>
  <string name="firebase_database_url">firebase db url</string>

如果您添加了Firebase ACL，则只有授权用户可以访问 数据以及您使用的密钥只能与apk一起使用 用您的密钥库签名的(确保您在其中生成的sha1哈希 用于Android应用程序的Firebase控制台)

if you added firebase ACL, only authorized user can access the data, and also the key you are using can only be used with apk that signed with your keystore ( make sure sha1 hash you generated in firebase console for android app)

有关acl或保护Firebase数据库操作的详细信息，请参见此处

For details on acl or protecting your firebase database operations see here

这篇关于如何在反编译apk中获取Google-Service.Json文件?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！