如何混淆字符串常量? [英] How to obfuscate string constants?
问题描述
我们有一个包含敏感信息的应用程序,我正在尽力保护它.敏感信息包括:
We have an application which contains sensitive information and I'm trying my best to secure it. The sensitive information includes:
- 主要算法
- 加密/解密算法的密钥
我一直在研究混淆代码,但它似乎没有多大帮助,因为我仍然可以反编译它.但是,我最担心的是,当您反编译代码时,即使经过混淆处理,用于加密序列号等的密钥也清晰可见.
I've been looking at Obfuscating the code but it doesn't seem to help much as I can still decompile it. However, my biggest concern is that the keys used for encryption of serial numbers etc are clearly visible when you decompile the code, even when it's Obfuscated.
谁能建议我如何保护这些字符串?
Can anyone suggest how I can secure these strings?
我意识到其中一种方法可能是从应用程序本身中删除任何解密,虽然这可能部分是可能的,但有一些功能必须使用加密/解密 - 主要是为了保存配置文件并传递一个DLL 的授权"令牌以执行计算.
I realise one of the methods might be to remove any decryption from the application itself, while this may be possible in part, there are some features which have to use encryption/decryption - mainly to save a config file and to pass an 'authorisation' token to a DLL to perform a calculation.
推荐答案
如果有人有足够的动力去打破它,那么所有的努力都将是徒劳的.没有人能够解决这个问题,即使是最大的软件公司也是如此.
All efforts will be futile if someone is motivated enough to break it. No one has managed to figure this out yet, even the biggest software companies.
我正在尽力保护它
我并不是说这是严厉的批评,只是您需要了解您尝试实现的目标目前被认为是不可能的.
I'm not saying this as a scathing criticism, just you need to be aware of what your trying to achieve is currently assumed to be impossible.
混淆是通过默默无闻的安全性,它确实有一些好处,因为它可以阻止最无能的黑客企图,但在很大程度上,它是浪费的努力,本可以更好地用于其他开发领域.
Obfuscation is security through obscurity, it does have some benefit as it will deter the most incompetent of hacker attempts, but largely it is wasted effort that could perhaps be better spent in other areas of development.
在回答您的原始问题时,您将遇到智能编译器的问题,它们可能会自动将字符串拼凑到已编译的应用程序中,从而消除您作为编译优化所做的一些混淆工作.它也很难维护,所以我会重新考虑你的风险分析模型,也许你会接受它可以被破解的事实,如果它有任何价值,它可能会被破解.
In answer to your original question, you are going to run into problems with intelligent compilers, they might automatically piece together the string into the compiled application removing some of your obfuscation efforts as a compilation optimisations. It would be hard to maintain as well, so I would reconsider your risk analysis model and perhaps resign yourself to the fact it can be cracked and if it has any value probably will be.
这篇关于如何混淆字符串常量?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
