What is code obfuscation?
Code obfuscation is the act of converting application binaries into functionally equivalent files that are difficult for humans to read and understand. When compiling Dart code, obfuscation hides the names of functions and classes and replaces each symbol with another symbol, making it difficult for an attacker to reverse engineer.
Flutter's code obfuscation function only takes effect onIPA files and does not require source code.
limitation
Please note that obfuscating your code does not encrypt the resources and does not prevent reverse engineering. It just renames the symbols with more obscure names.
info
Storing important and private information (such as passwords, keys, etc.) in an application is a very unsafe practice.
Supported build targets
The following build goals support the obfuscation process described in this article:
aarapkappbundleiosios-frameworkipalinuxmacosmacos-frameworkwindows
info
Web applications do not support obfuscation. Because when you build a Flutter web application release version, the web application has already been compressed . Web compression provides a similar effect to obfuscation.
Obfuscate your application
To obfuscate your application, use the flutter build command in release mode and use --obfuscate and --split-debug-info options. The --split-debug-info option specifies the directory where Flutter outputs debugging files. In the case of obfuscation, it outputs a symbol table. Please refer to the following commands:
$ flutter build apk --obfuscate --split-debug-info=/<project-name>/<directory>
Once you have obfuscated the binary, be sure to save the symbol table file. You will need this file if you need to parse obfuscated stack traces in the future.
tips_and_updates 小提示:
--split-debug-info The option can also be used without using --obfuscate to extract Dart program symbols to reduce code size. For more information about application volume, check out Measure your application volume.
For more information about these flags, run the help command for your specific build target type, for example:
$ flutter build apk -h
If these flags are not listed in the output, run the flutter --version command to check your Flutter version.
Reinforcement process:
ipaguard interface overview
The ipaguard interface is divided into two parts: the left menu navigation bar and the right functional area
The left menu: divided into startup interface, code module, file module, re-signing and testing by module Module
The main functional area on the right will change with the function, but it is divided into three parts. The top displays the filter area, the middle main content display area, and the bottom switch control and intensity control
The following introduces the ipaguard functional interface in modules.
ipaguard startup interface
In this interface, you can select to open files, load files from configuration, switch the language displayed by the software, log in to your account, view the version information of the software, etc.
ipaguard code obfuscation interface
The code obfuscation interface is slightly different depending on the menu on the left. But the overall thing is that the macho file that needs to be processed is selected at the top, and then there is a row of filtering control functions.
Resource file obfuscation interface
The resource file module includes functions such as file name modification, web resource compression, image watermarking, etc. The interface is divided into display control at the top, intermediary file list, and processing or not switch at the bottom.
Re-signature interface
The signature configuration interface can configure the signature certificate, description file, set the app's permissions (this function is not used by most apps), and set whether to install it directly to the device after obfuscation encryption.
The bottom is also the main switch for signing or not
