java 混淆:在java中隐藏硬编码值
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/13101727/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Obfuscation: hide hardcoded values in java
提问by Addev
Possible Duplicate:
hiding strings in Obfuscated code
可能的重复:
在混淆代码中隐藏字符串
I'm trying to hide a little some static Strings of my app in order to make it harder to decompile, this way like the constants like cipher algorithms names are harder to find in the obfuscated code.
我试图隐藏一些我的应用程序的静态字符串,以使其更难反编译,就像密码算法名称等常量在混淆代码中更难找到一样。
I've considered things like:
我考虑过这样的事情:
String CONCAT= "concat"+"string";
String RAW_STRING= "raw_string";
String FROM_BYTES=new String("from_bytes".getBytes());
String FROM_CHARS=new String(new char[]{'f','r','o','m','_','c','h','a','r','s'});
String FROM_CHAR2=new String(new char[]{102,114,111,109,95,99,104,97,114,115,95,50});
And the last two options seems to be "darker" than the raw option but I imagine there are better ways for doing this.
最后两个选项似乎比原始选项“更暗”,但我想有更好的方法来做到这一点。
How can I improve this? Thanks
我该如何改进?谢谢
采纳答案by Kai
For one, you shouldn't just write
一方面,你不应该只写
String FROM_CHAR2=new String(new char[]{102,114,111,109,95,99,104,97,114,115,95,50});
It's a dead give-away that the char array is actually a String.
char数组实际上是一个字符串,这是一个致命的放弃。
You can do a combination of the followings:
您可以组合执行以下操作:
- put your "String" in an int[] array
- or even better, break your String into several int arrays
- calculate/manipulate the array's values at various stage of the application, so its value will only become valid at a certain interval during a runtime, guaranteeing that it won't be deciphered at a curious glance by decompiling your code
- passes the array(s) back and forth, through local variables, back to instance variables, etc, before finally converting the arrays to a single array to be passed to the String constructor
- immediately set the String to null after use, just to reduce the amount of time the actual String exist at runtime
- 把你的“字符串”放在一个 int[] 数组中
- 甚至更好,将你的 String 分成几个 int 数组
- 在应用程序的各个阶段计算/操作数组的值,因此它的值只会在运行时的某个时间间隔内有效,从而保证不会通过反编译代码而在奇怪的一瞥中被破译
- 在最终将数组转换为单个数组以传递给 String 构造函数之前,通过局部变量、返回实例变量等来回传递数组
- 使用后立即将 String 设置为 null,只是为了减少实际 String 在运行时存在的时间
回答by stefan bachert
I would prefer to set the value in the static (class) initializer using an decryption algo Something like
我更喜欢使用解密算法在静态(类)初始值设定项中设置值
class ...
String CONCAT;
static {
CONCAT = uncrypt ("ahgsdhagcf");
}
where uncryptmight be really a good unencryption algo or somewhat weaker a base64 decode.
其中uncrypt也许真的好unencryption算法中或稍弱一个base64解码。
In any case you need a simple program to encode your string first.
无论如何,您首先需要一个简单的程序来对字符串进行编码。
