首页 文章

防止离子应用的逆向工程

提问于
浏览
6

有没有办法阻止离子移动应用的逆向工程?正如在Android论坛中提到的,我已经激活了proguard并在eclipse中构建了应用程序 . 在我的bin文件夹中创建了一个名为proguard的文件 . 它包含这样的东西

view AndroidManifest.xml #generated:6 
-keep class com.fg.lolc.CordovaApp { <init>(...); }

但我仍然可以对应用程序进行逆向工程,我可以从我的APK中获取代码 . 有没有办法防止这种情况并提高离子应用的安全性?谢谢 .

angularjs security cordova proguard ionic-framework

2 回答

  • 7

    不,这是不可能的 . 你可以对你的JavaScript进行编码,使得获取代码变得有点困难,但总有办法扭转这种局面 . Web不是源代码的安全位置,它对所有人开放 .

    这是一篇很好的帖子,介绍了“加密”源代码的不同方法,使其难以阅读 .

    http://www.justbeck.com/three-ways-to-encrypt-phonegap-and-cordova-mobile-applications/

    相关How to avoid reverse engineering of an APK file?

    回复于
  • 2
    if you want secure your ionic app from  reverse engineering and fully 
secured source code i recommended two steps.
First use Enable ProGuard into cordova/ionic project 

1. To implement this, open /platforms/android/project.properties and 
   uncomment one line by removing the “#” at left:
   #proguard.config=${sdk.dir}/tools/proguard/proguard-android.txt:proguard-
   project.txt

2.copy proguard-custom.txt from ( https://github.com/greybax/cordova-plugin-
    proguard/blob/master/proguard-custom.txt ) 
                   to
     $android/assets/www/proguard-custom.txt Remove '#'
     #-keepclassmembers class android.webkit.WebView {
     # public *;
     # }

3. add snippet from to build.gradle
     Find buildTypes by ctrl + F and add like this 
    buildTypes {
    debug {
        minifyEnabled true
        useProguard false
        proguardFiles getDefaultProguardFile('proguard-android.txt'),
                'proguard-rules.pro'
    }
    release {
        minifyEnabled true
        proguardFiles getDefaultProguardFile('proguard-android.txt'),
                'proguard-rules.pro'
       }
   }

Second use cordova-plugin-crypt-file
obfuscate or encrypt your code like build/main.js
1)Install cordova plugin add cordova-plugin-crypt-file
2)plugins/cordova-plugin-crypt-file/plugin.xml

  //Using Refrence of cordova-plugin-crypt

  <cryptfiles>
     <include>
         <file regex="\.(htm|html|js|css)$" />
    </include>
    <exclude>
        <file regex="exclude_file\.js$" />
    </exclude>
  </cryptfiles>

Final step ionic cordova build android --release
 Now extreact your apk  or try APK decompiler 
  (http://www.javadecompilers.com/apk)
    回复于

相关问题