如何避免APK资产文件夹资源项目文件的反向工程? [英] How to avoid reverse engineering of an APK assets folder resources items file?

问题描述

我正在开发一个android应用程序，在此应用程序assets文件夹中包含一些密码和一些imp信息. 我想防止黑客访问any resources, assets or source code from the APK file，主要是assets resources.

I am developing a android application, in this application assets folder contains some password and some imp information. I want to prevent a hacker from accessing any resources, assets or source code from the APK file, Mainly assets resources.

我怎么能做到这一点?

我找到了并且也在考虑以下解决方案，请让我正确，并提供您的建议.

I found and also think about following solutions, Please make me correct and provide your suggestions on this.

1) Put every data or files in assets folder in encrypted way.

在此解决方案中，当我需要使用此资产文件夹数据时，则每次都需要进行解密，这会使我的应用程序运行缓慢.

In this solution when i require to use this assets folder data then i need to do decryption every time that make my application slow.

2) To secure resources, don't include all important resources in the assets folder with APK. Download these resources at the time of application first start up.

此解决方案也不适用于我的应用程序，因为如果要第一次或第二次使用，我想在脱机模式下使用我的应用程序.

This solution also not suitable for my application as i want to use my application in Offline mode if it is going to be use first time or second time.

3) obfuscation would not protect assets folder data so we can not use that.

请提供您的建议和建议.

Please provide your suggestions and inputs on the same.

任何帮助将不胜感激.

感谢&问候

推荐答案

在Android上进行逆向工程非常容易！您无法避免. 您不应在APK中存储任何敏感信息，因为有人可以轻松找到它们.

Reverse engineering on Android is REALLY easy ! You can't prevent that. You should not store any sensitive informations in your APK because someone could find them easily.

如果要在用户设备上存储内容，则应使用非对称加密.

You should use asymmetric encryption if you want to store something on the user device.

可以在代码中隐藏一些数据，例如对称加密密钥，但是如果有人要查找，则会在几分钟内找到它们. (还有几秒钟，如果您将其放在资产文件夹中...)

It's possible to hide some data in your code like a symmetric encryption key but it will be found in few minutes if someone want to find it. (and few seconds if you put it in assets folder...)

编辑 如果要在代码中放入对称加密密钥，请不要将其设置为:

EDIT If you want to put a symmetric encryption key in your code, don't set it like :

String myKey = "myEncryptionKey";
byte[] key = myKey.getBytes();

因为逆向工程师可以通过一个命令列出apk中的所有字符串...所以请使用类似以下内容:

because a reverse engineer is able to list all strings in your apk with a single command... So use something like :

StringBuilder sb = new StringBuilder();
sb.append(m);
sb.append(y);
...
byte[] key = sb.toString().getBytes();

或

byte[] key = Base64.decode("esfas09f8as90f8").getBytes();

这篇关于如何避免APK资产文件夹资源项目文件的反向工程?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！