如何避免APK文件的逆向工程? [英] How to avoid reverse engineering of an APK file?
问题描述
我开发的支付处理程序为Android,我想prevent黑客从的 APK 文件
如果有人更改了.apk文件扩展名更改为.zip,然后就可以把它解压,轻松地访问所有应用程序的资源和资产,以及使用的 dex2jar 和一个Java反编译器,他们也可以访问源$ C $ C。这是很容易反向工程的Android APK文件 - 有关详细信息,请参阅堆栈溢出问题的的从APK文件反向工程项目 的。
我已经使用提供了Android SDK Proguard的工具。当我反向工程使用一个签名密钥库和Proguard的生成APK文件,我得到混淆code。然而,Android组件的名称保持不变,一些code,想在应用程序中使用键值,保持不变。按Proguard的文档的工具不能混淆清单文件中提及的组件。
现在我的问题是:
- 如何完全避免扭转一个Android APK工程?这可能吗?
- 如何保护所有应用程序的资源,资产和源$ C $ C,使黑客无法入侵的APK文件以任何方式?
- 有没有一种方法,使黑客更艰难的,甚至是不可能的?我还能做些什么来保护源$ C $ c。在我的APK文件?
  1。我如何才能彻底避免一个Android APK的逆向工程?这可能吗?
AFAIK,没有任何诀窍完全避免逆向工程。
和也有出色的@inazaruk说:无论你做你的code,潜在的攻击者能够改变它以任何方式,他或她认为这是可行的。你根本不能保护您的应用程序被修改。而你把任何保护也可以禁用/删除。
  2。我怎样才能保护所有应用程序的资源,资产和源$ C $ C,使黑客无法入侵的APK文件以任何方式?
您可以做不同的技巧,使黑客更难虽然。例如,使用模糊处理(如果它的Java code)。这通常会减慢显著逆向工程。
  3。有没有一种方法,使黑客更艰难的,甚至是不可能的?我还能做些什么来保护源$ C $ c。在我的APK文件?
至于大家说的,正如你可能知道,有没有100%的安全。但地方开始为Android,谷歌已经建成,是ProGuard的。如果你有其中的共享库的选项,您可以包括必要的code在C ++中,验证文件大小,集成, 等,如果你需要一个外部本机库添加到您的APK的库文件夹中的每个版本, 那么你可以通过下面的建议使用它。
把库中的本地库路径,默认为库 项目文件夹。如果建立了本地code为armeabi目标,然后把它 在库/ armeabi 。如果它内建的 armeabi-V7A ,然后把它放在 库/ armeabi-V7A。
<项目> /libs/armeabi/libstuff.so
I am developing a payment processing app for Android, and I want to prevent a hacker from accessing any resources, assets or source code from the APK file.
If someone changes the .apk extension to .zip then they can unzip it and easily access all the app's resources and assets, and using dex2jar and a Java decompiler, they can also access the source code. It's very easy to reverse engineer an Android APK file - for more details see Stack Overflow question Reverse engineering from an APK file to a project.
I have used the Proguard tool provided with the Android SDK. When I reverse engineer an APK file generated using a signed keystore and Proguard, I get obfuscated code. However, the names of Android components remain unchanged and some code, like key-values used in the app, remains unchanged. As per Proguard documentation the tool can't obfuscate components mentioned in the Manifest file.
Now my questions are:
- How can I completely avoid reverse engineering of an Android APK? Is this possible?
- How can I protect all the app's resources, assets and source code so that hackers can't hack the APK file in any way?
- Is there a way to make hacking more tough or even impossible? What more can I do to protect the source code in my APK file?
1. How can I completely avoid reverse engineering of an Android APK? Is this possible?
AFAIK, there is not any trick for complete avoidance of reverse engineering.
And also very well said by @inazaruk: Whatever you do to your code, a potential attacker is able to change it in any way she or he finds it feasible. You basically can't protect your application from being modified. And any protection you put in there can be disabled/removed.
2. How can I protect all the app's resources, assets and source code so that hackers can't hack the APK file in any way?
You can do different tricks to make hacking harder though. For example, use obfuscation (if it's Java code). This usually slows down reverse engineering significantly.
3. Is there a way to make hacking more tough or even impossible? What more can I do to protect the source code in my APK file?
As everyone says, and as you probably know, there's no 100% security. But the place to start for Android, that Google has built in, is ProGuard. If you have the option of including shared libraries, you can include the needed code in C++ to verify file sizes, integration, etc. If you need to add an external native library to your APK's library folder on every build, then you can use it by the below suggestion.
Put the library in the native library path which defaults to "libs" in your project folder. If you built the native code for the 'armeabi' target then put it under libs/armeabi. If it was built with armeabi-v7a then put it under libs/armeabi-v7a.
<project>/libs/armeabi/libstuff.so
这篇关于如何避免APK文件的逆向工程?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
