我可以使用 AOT 编译来保护我的应用程序吗?
Can I protect my application using AOT compilation?
我想使用 AOT 编译来保护我的代码,但据此:https://docs.microsoft.com/uk-ua/xamarin/android/deploy-test/release-prep/?tabs=windows#aot 生成的本机代码与未编译的程序集一起包含在 APK 中。这是否意味着编译版本和未编译版本都包括在内,AOT 并不能真正帮助混淆?
完整的 AOT 可能会使您的 APK 更大,因此不确定您是否应该仅仅为了混淆目的而走这条路。
您可以试试专门为此设计的Dotfuscator
Visual Studio 对于 Windows
Even with debugging disabled, it is still possible for attackers to re-package an application, adding or removing configuration options or permissions. This allows them to reverse-engineer, debug, or tamper with the application. Dotfuscator Community Edition (CE) can be used to obfuscate managed code and inject runtime security state detection code into a Xamarin.Android app at build time to detect and respond if the app is running on a rooted device.
Dotfuscator CE is included with Visual Studio 2017. To use Dotfuscator, click Tools > PreEmptive Protection - Dotfuscator.
To configure Dotfuscator CE, please see Using Dotfuscator Community Edition with Xamarin. Once it is configured, Dotfuscator CE will automatically protect each build that is created.
Visual Studio 对于 Mac
Even with debugging disabled, it is still possible for attackers to re-package an application, adding or removing configuration options or permissions. This allows them to reverse-engineer, debug, or tamper with the application. Although it does not support Visual Studio for Mac, you can use Dotfuscator Community Edition (CE) with Visual Studio to obfuscate managed code and inject runtime security state detection code into a Xamarin.Android app at build time to detect and respond if the app is running on a rooted device.
To configure Dotfuscator CE, please see Using Dotfuscator Community Edition with Xamarin. Once it is configured, Dotfuscator CE will automatically protect each build that is created.
我使用混合 AOT 从 .NET 程序集中删除了 IL 代码。
您需要在 C:\Program Files (x86)\Microsoft Visual Studio19\Enterprise\MSBuild\Xamarin\Android\
中手动编辑 Xamarim.Android.Common.Targets
<CilStrip
Condition=" '$(AndroidAotMode)' == 'Hybrid' And '$(AotAssemblies)' == 'True' "
AndroidAotMode="$(AndroidAotMode)"
ToolPath="$(_MonoAndroidToolsDirectory)"
ApkOutputPath="$(_BuildApkEmbedOutputs)"
ResolvedAssemblies="@(_ShrunkAssemblies)">
</CilStrip>
并编辑您的 Android.csproj
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
<DebugSymbols>false</DebugSymbols>
<DebugType>none</DebugType>
<Optimize>true</Optimize>
<OutputPath>bin\Release</OutputPath>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
<EmbedAssembliesIntoApk>true</EmbedAssembliesIntoApk>
<AndroidManagedSymbols>true</AndroidManagedSymbols>
<AndroidUseSharedRuntime>false</AndroidUseSharedRuntime>
<AndroidLinkMode>SdkOnly</AndroidLinkMode>
<EnableLLVM>false</EnableLLVM>
<AotAssemblies>true</AotAssemblies>
<AndroidAotMode>Hybrid</AndroidAotMode>
<AndroidEnableProfiledAot>false</AndroidEnableProfiledAot>
<AndroidAotAdditionalArguments>no-write-symbols,nodebug</AndroidAotAdditionalArguments>
</PropertyGroup>
我想使用 AOT 编译来保护我的代码,但据此:https://docs.microsoft.com/uk-ua/xamarin/android/deploy-test/release-prep/?tabs=windows#aot 生成的本机代码与未编译的程序集一起包含在 APK 中。这是否意味着编译版本和未编译版本都包括在内,AOT 并不能真正帮助混淆?
完整的 AOT 可能会使您的 APK 更大,因此不确定您是否应该仅仅为了混淆目的而走这条路。
您可以试试专门为此设计的Dotfuscator
Visual Studio 对于 Windows
Even with debugging disabled, it is still possible for attackers to re-package an application, adding or removing configuration options or permissions. This allows them to reverse-engineer, debug, or tamper with the application. Dotfuscator Community Edition (CE) can be used to obfuscate managed code and inject runtime security state detection code into a Xamarin.Android app at build time to detect and respond if the app is running on a rooted device.
Dotfuscator CE is included with Visual Studio 2017. To use Dotfuscator, click Tools > PreEmptive Protection - Dotfuscator.
To configure Dotfuscator CE, please see Using Dotfuscator Community Edition with Xamarin. Once it is configured, Dotfuscator CE will automatically protect each build that is created.
Visual Studio 对于 Mac
Even with debugging disabled, it is still possible for attackers to re-package an application, adding or removing configuration options or permissions. This allows them to reverse-engineer, debug, or tamper with the application. Although it does not support Visual Studio for Mac, you can use Dotfuscator Community Edition (CE) with Visual Studio to obfuscate managed code and inject runtime security state detection code into a Xamarin.Android app at build time to detect and respond if the app is running on a rooted device.
To configure Dotfuscator CE, please see Using Dotfuscator Community Edition with Xamarin. Once it is configured, Dotfuscator CE will automatically protect each build that is created.
我使用混合 AOT 从 .NET 程序集中删除了 IL 代码。 您需要在 C:\Program Files (x86)\Microsoft Visual Studio19\Enterprise\MSBuild\Xamarin\Android\
中手动编辑 Xamarim.Android.Common.Targets <CilStrip
Condition=" '$(AndroidAotMode)' == 'Hybrid' And '$(AotAssemblies)' == 'True' "
AndroidAotMode="$(AndroidAotMode)"
ToolPath="$(_MonoAndroidToolsDirectory)"
ApkOutputPath="$(_BuildApkEmbedOutputs)"
ResolvedAssemblies="@(_ShrunkAssemblies)">
</CilStrip>
并编辑您的 Android.csproj
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
<DebugSymbols>false</DebugSymbols>
<DebugType>none</DebugType>
<Optimize>true</Optimize>
<OutputPath>bin\Release</OutputPath>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
<EmbedAssembliesIntoApk>true</EmbedAssembliesIntoApk>
<AndroidManagedSymbols>true</AndroidManagedSymbols>
<AndroidUseSharedRuntime>false</AndroidUseSharedRuntime>
<AndroidLinkMode>SdkOnly</AndroidLinkMode>
<EnableLLVM>false</EnableLLVM>
<AotAssemblies>true</AotAssemblies>
<AndroidAotMode>Hybrid</AndroidAotMode>
<AndroidEnableProfiledAot>false</AndroidEnableProfiledAot>
<AndroidAotAdditionalArguments>no-write-symbols,nodebug</AndroidAotAdditionalArguments>
</PropertyGroup>