我正在使用IBM workLight 4.0 版本,目前我正在开发一个简单的保险应用程序,一切都做得很好。在 Android 设置完成后,我可以从 .APK(android 设置文件)中提取 HTML5 和 javascript 源。我觉得它对黑客来说是不安全的,并且可能被某人滥用。
你能请任何人告诉我如何在设置/部署中保护代码吗?
我正在使用IBM workLight 4.0 版本,目前我正在开发一个简单的保险应用程序,一切都做得很好。在 Android 设置完成后,我可以从 .APK(android 设置文件)中提取 HTML5 和 javascript 源。我觉得它对黑客来说是不安全的,并且可能被某人滥用。
你能请任何人告诉我如何在设置/部署中保护代码吗?
答案是在创建 APK 之前混淆您的代码。有关混淆的更多信息,请访问 wiki。
我之前的 stackoverflow 帖子告诉了如何为 android 做这件事。 如何避免对 APK 文件进行逆向工程?
对于 Javascript 混淆,请访问这个 stackoverflow 问题 How can I obfuscate (protect) JavaScript?
还有一件事 HTML不能被混淆,你可以通过按 F12 来查看 HTML 源代码和相关的 css。
Worklight 4.0 2013 年还在使用?:)
Android Proguard 不适用于 Worklight v4 到 v6.2(当前版本)中基于 Worklight 的 Android 应用程序。
在 Worklight 中向 Android 应用程序添加某种程度的混淆的唯一方法是使用 Google Closure 编译器。您可以按照 Anton Aleksandrov 的以下博客文章中的步骤执行此操作:在 Worklight 应用程序中混淆 JavaScript 代码。
笔记:
Wikipedia defines code obfuscation in a following way
In software development, obfuscation is the deliberate act of creating obfuscated code, i.e. source or machine code that is difficult for humans to understand. Programmers may deliberately obfuscate code to conceal its purpose (security through obscurity) or its logic, in order to prevent tampering, deter reverse engineering, or as a puzzle or recreational challenge for someone reading the source code. Programs known as obfuscators transform readable code into obfuscated code using various techniques.
Two important things to be noted from the above definition are
- The purpose of code obfuscation is to conceal its purpose, prevent tampering, deter reverse engineering or puzzle someone reading the code.
- Obfuscated code is difficult for humans to understand.
So basically obfuscating your code means converting it to a format that is difficult for humans to read. Not impossible. Just difficult.
Therefore - it is very important to understand that code obfuscation, especially in JavaScript, is a relatively weak security measure. Most modern web debugging tools are smart enough to "prettify" the obfuscated code reverting it to a much more readable (however still not original) format.