如何进行模糊处理字符串常量? [英] How to obfuscate string constants?
问题描述
我们有一个包含敏感信息的应用程序,我尽我所能来保护它。敏感信息包括:
We have an application which contains sensitive information and I'm trying my best to secure it. The sensitive information includes:
- 主演
- 的加密/解密算法的密钥
我一直在寻找的进行模糊处理代码,但它似乎并没有太大的帮助,因为我还是可以反编译它。不过,我最关心的是所使用的密钥序列号等加密时您编译代码,即使它混淆清晰可见。
I've been looking at Obfuscating the code but it doesn't seem to help much as I can still decompile it. However, my biggest concern is that the keys used for encryption of serial numbers etc are clearly visible when you decompile the code, even when it's Obfuscated.
任何人都可以建议如何我能确保这些字符串?
Can anyone suggest how I can secure these strings?
我认识的方法之一可能是从应用程序本身的任何解密,而这可能部分是可能的,有一些功能它必须使用加密/解密 - 主要是为了保存一个配置文件和一个'授权'令牌传递给DLL来进行计算。
I realise one of the methods might be to remove any decryption from the application itself, while this may be possible in part, there are some features which have to use encryption/decryption - mainly to save a config file and to pass an 'authorisation' token to a DLL to perform a calculation.
推荐答案
如果有人有足够的意志力打破这一切努力都将是徒劳的。没有人设法尚未弄清楚这一点,即使是最大的软件公司。
All efforts will be futile if someone is motivated enough to break it. No one has managed to figure this out yet, even the biggest software companies.
我尽我所能来保护它。
我并不是说这是一个严厉的批评,只是你需要知道的你的努力来实现,目前认为是不可能的。
I'm not saying this as a scathing criticism, just you need to be aware of what your trying to achieve is currently assumed to be impossible.
模糊处理是通过隐藏的安全,它确实有一些好处,因为它会阻止最无能的黑客尝试,但在很大程度上它是浪费的努力,或许可以更好地用发展的其他领域。
Obfuscation is security through obscurity, it does have some benefit as it will deter the most incompetent of hacker attempts, but largely it is wasted effort that could perhaps be better spent in other areas of development.
在回答你原来的问题,你会碰到与智能编译器的问题,他们可能会串会自动拼凑成编译的应用程序移除你的一些混淆努力,汇编的优化的。这将是难以维持的很好,所以我会重新考虑你的风险分析模型,也许自己辞职的事实,它可以被破解,如果有任何的价值可能会是。
In answer to your original question, you are going to run into problems with intelligent compilers, they might automatically piece together the string into the compiled application removing some of your obfuscation efforts as a compilation optimisations. It would be hard to maintain as well, so I would reconsider your risk analysis model and perhaps resign yourself to the fact it can be cracked and if it has any value probably will be.
这篇关于如何进行模糊处理字符串常量?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
