防止离子应用的逆向工程

时间:2022-06-11 03:07:29

Is there a way to prevent reverse engineering of ionic mobile application? As mentioned in Android forum I've activated proguard and built the application in eclipse. A file called proguard was created in my bin folder. It contained something like this

有没有办法阻止离子移动应用的逆向工程?正如在Android论坛中提到的,我已经激活了proguard并在eclipse中构建了应用程序。在我的bin文件夹中创建了一个名为proguard的文件。它包含这样的东西

 view AndroidManifest.xml #generated:6 
-keep class com.fg.lolc.CordovaApp { <init>(...); }

But I still could reverse engineer the app and I was able to get the code from my APK. Is there a way to prevent this and improve the security of the ionic application? Thanks.

但我仍然可以对应用程序进行逆向工程,我能够从我的APK中获取代码。有没有办法防止这种情况并提高离子应用的安全性?谢谢。

2 个解决方案

#1

7  

Nope, it isn't possible to prevent this. You can encode your JavaScript to make it a little harder to get the code, but there are always ways to reverse that. The web is not a secure place for source code, it is open for all.

不,这是不可能的。您可以对JavaScript进行编码以使得获取代码变得更加困难,但总有一些方法可以解决这个问题。网络不是源代码的安全位置,它对所有人开放。

Here is a good post about different ways to 'encrypt' your source code, to make it harder to read.

这是一篇很好的帖子,介绍了“加密”源代码的不同方法,使其难以阅读。

http://www.justbeck.com/three-ways-to-encrypt-phonegap-and-cordova-mobile-applications/

Related How to avoid reverse engineering of an APK file?

相关如何避免APK文件的逆向工程?

#2

2  

if you want secure your ionic app from  reverse engineering and fully 
secured source code i recommended two steps.
First use Enable ProGuard into cordova/ionic project 

1. To implement this, open /platforms/android/project.properties and 
   uncomment one line by removing the “#” at left:
   #proguard.config=${sdk.dir}/tools/proguard/proguard-android.txt:proguard-
   project.txt

2.copy proguard-custom.txt from ( https://github.com/greybax/cordova-plugin-
    proguard/blob/master/proguard-custom.txt ) 
                   to
     $android/assets/www/proguard-custom.txt Remove '#'
     #-keepclassmembers class android.webkit.WebView {
     # public *;
     # }

3. add snippet from to build.gradle
     Find buildTypes by ctrl + F and add like this 
    buildTypes {
    debug {
        minifyEnabled true
        useProguard false
        proguardFiles getDefaultProguardFile('proguard-android.txt'),
                'proguard-rules.pro'
    }
    release {
        minifyEnabled true
        proguardFiles getDefaultProguardFile('proguard-android.txt'),
                'proguard-rules.pro'
       }
   }

Second use cordova-plugin-crypt-file
obfuscate or encrypt your code like build/main.js
1)Install cordova plugin add cordova-plugin-crypt-file
2)plugins/cordova-plugin-crypt-file/plugin.xml

  //Using Refrence of cordova-plugin-crypt

  <cryptfiles>
     <include>
         <file regex="\.(htm|html|js|css)$" />
    </include>
    <exclude>
        <file regex="exclude_file\.js$" />
    </exclude>
  </cryptfiles>

Final step ionic cordova build android --release
 Now extreact your apk  or try APK decompiler 
  (http://www.javadecompilers.com/apk)

#1

7  

Nope, it isn't possible to prevent this. You can encode your JavaScript to make it a little harder to get the code, but there are always ways to reverse that. The web is not a secure place for source code, it is open for all.

不,这是不可能的。您可以对JavaScript进行编码以使得获取代码变得更加困难,但总有一些方法可以解决这个问题。网络不是源代码的安全位置,它对所有人开放。

Here is a good post about different ways to 'encrypt' your source code, to make it harder to read.

这是一篇很好的帖子,介绍了“加密”源代码的不同方法,使其难以阅读。

http://www.justbeck.com/three-ways-to-encrypt-phonegap-and-cordova-mobile-applications/

Related How to avoid reverse engineering of an APK file?

相关如何避免APK文件的逆向工程?

#2

2  

if you want secure your ionic app from  reverse engineering and fully 
secured source code i recommended two steps.
First use Enable ProGuard into cordova/ionic project 

1. To implement this, open /platforms/android/project.properties and 
   uncomment one line by removing the “#” at left:
   #proguard.config=${sdk.dir}/tools/proguard/proguard-android.txt:proguard-
   project.txt

2.copy proguard-custom.txt from ( https://github.com/greybax/cordova-plugin-
    proguard/blob/master/proguard-custom.txt ) 
                   to
     $android/assets/www/proguard-custom.txt Remove '#'
     #-keepclassmembers class android.webkit.WebView {
     # public *;
     # }

3. add snippet from to build.gradle
     Find buildTypes by ctrl + F and add like this 
    buildTypes {
    debug {
        minifyEnabled true
        useProguard false
        proguardFiles getDefaultProguardFile('proguard-android.txt'),
                'proguard-rules.pro'
    }
    release {
        minifyEnabled true
        proguardFiles getDefaultProguardFile('proguard-android.txt'),
                'proguard-rules.pro'
       }
   }

Second use cordova-plugin-crypt-file
obfuscate or encrypt your code like build/main.js
1)Install cordova plugin add cordova-plugin-crypt-file
2)plugins/cordova-plugin-crypt-file/plugin.xml

  //Using Refrence of cordova-plugin-crypt

  <cryptfiles>
     <include>
         <file regex="\.(htm|html|js|css)$" />
    </include>
    <exclude>
        <file regex="exclude_file\.js$" />
    </exclude>
  </cryptfiles>

Final step ionic cordova build android --release
 Now extreact your apk  or try APK decompiler 
  (http://www.javadecompilers.com/apk)
标签:

相关文章