- Tell me, please, is it possible to somehow determine in the application code that the decompiler is trying to decompile it, and in this case, launch a function in which, say, 1TB of information will download?
- Or does the decompiler not download anything, even if it is in the logic of the application?
- Does it make sense to cram a false code into the application that is not used anywhere, if there is, then how much code in MB should be in the application in order to cut off at least weak machines from the decompile. Thank you.
lamerboy lamerboy
6 four
- 3The decompiler does not execute the application, so it will not "download" anything. A false code will be easily cut off by building a call graph, which for dex, in general, is easy to build. And the decompiler is not so resource-intensive that the volume of code has a significant influence on it - Vladimir Martyanov
- 3Application code is files. The decompiler will not attempt to run your code. About the amount of unnecessary code in megabytes - it depends on how much you care about the users of the application. You can push a gigabyte of such a code - then there will be no problems, since there are no users -> no interest in the application -> no one will decompile it. Cutting off unused code if desired will probably be easy, so only if radically, with 1GB ... - Regent
- The application can not protect itself. Do not waste time on this. Protect data, unique algorithms, etc. - Eugene Krivenja
- Comments can not write because of the rating, as well as on the Internet a lot of articles about obfuscation. Also do not be lazy to read, in English StackOverFlow asked the same questions. - PavelD
- If you yourself watched your link, you can select the main ideas from there and transfer them to your answer. This is not prohibited and, on the contrary, it will be much more useful than your current answer-link. - eugeneek
|
2 answers
There is no way to determine that the application is being decompiled. The decompiler works with code as a stream of bytes , rather than an executable entity.
Nothing. See answer 1.
It will not help. Most decompilers read the byte code in parts, so it is impossible to overflow the stack by loading extra code. Moreover, as mentioned above, such "dummies" are easily determined.
Want to protect the app? [Obfuscate] [1] him. On Android, in particular, there is a utility [ProGuard] [2].
Trashbox Bobylev Trashbox Bobylev
274 3 12
- on all three points I agree with the author of the answer, but I strongly recommend obfuscation. First, there is a non-zero probability that the code passed through the obfuscator will not work at all (for example, class calls by name may be incorrectly handled). secondly, such code is more difficult to maintain, especially with frequent deployments and short cycles of android development. I recommend not to bother with the client code at all, it is easily opened. just transfer the most important algorithms and significant code to the server and call them by API. - Dmitry Maslennikov
- @Trashbox Bobylev Thank you for the answer. On account of the first point I was intuitively sure that this is happening, as you wrote. And about the 3rd item, but what if you create a large chain of functions and classes that are used in the application itself, but there is no sense from them, is it just to confuse burglars? I know about obfuksator, but it seems like any code passed through any obfuksator is successfully decompiled? - lamerboy
- @Dmitry Maslennikov Thank you for the answer. In my case, the logic cannot be removed from the application to the server, since it should work without connecting to the Internet. - lamerboy
- @lamerboy Successfully, of course, but the result, to put it mildly, will be useless for the decompiler: D. - Trashbox Bobylev
- @lamerboy if without an internet connection, then you can only increase the labor costs for reverse engineering (decompilation, etc.). the question is that this will also proportionally increase your effort to support the application. how much it is needed - decide for yourself. - Dmitry Maslennikov
|
The best protection - do not store logic, algorithms and important data on your mobile device.
dSH dSH
1,031 four 17
- I agree with you, but in this particular case, the application should work without connecting to the Internet. But thank you for the answer. - lamerboy
|