Can WinRT application use obfuscation?

2020-07-10 19:54发布

问题:

All Metro applications must be inspected before distribution through Windows 8 AppStore. Does this mean it will not be allowed to use code obfuscation? Or it is still possible, and only some specific aspects are going to be monitored during such inspection?

回答1:

Here are some facts:

  • Marketplace for WP7 allows C# apps be obfuscated (even MS he advises doing so) and I don't see any reason why Windows AppStore would ban such apps.
  • It is almost certain that some vendors will provide compatible C++ obfuscator.
  • You should care about your clients not crackers. :)
  • a lot of hacks for code obfuscation will be banned.

Remember, if you have some logic that you want to hide, make a webservice and consume it in your client app. Better spend your time building better app, fixing bugs etc.

No dice, if someone has access to the binaries is just a matter of time when someone cracks it.



回答2:

This is an armchair answer with some things that come to mind:

  1. Even a C++ application can still be anazlyed if it depends on dynamic linking to a runtime or API, which is the case with WinRT applications. Microsoft approval can in theory include automated or human guided testing of your app using a special sandbox and/or OS hooks capable of detecting if your application attempts certain prohibited operations.

  2. Under the hood, C++ apps for WinRT are more like native C++ apps than C++/CLI, so obfuscation is not needed to the degree that it is for C#, all things being equal.

  3. You can still build C# apps that target WinRT, but your code will still be compiled to CIL and run within the CLR (more or less), invoking WinRT through wrappers that Microsoft provides. Because it's CIL, the question of obfuscation should be equivalent to that of C#/.NET obfuscation in general.



回答3:

Obfuscation is still possible for WinRT. The inspection made by the Application Certification Kit cover lot of aspects including metadata and IL verification. Just like the old peverify did.