How to protect source code in electron project

自古美人都是妖i 提交于 2019-12-22 04:33:18

问题


I build my first electron app but now I wonder how to protect the source code to be view by other developers.

The official doc says :

To protect your app's resources and source code from the users, you can choose to package your app into an asar archive with little changes to your source code.

So far the best I can think of is uglyfy the source-code and package it into a asar file, but the asar file is just an archive and can be easily be extracted. I don't see how having that make your code "protected from the user"

Any ideas ?


回答1:


There is no official way to copy-protect your code at the moment, sorry - if you want to do this, you'll have to invent your own way (or just not worry about it)




回答2:


It's impossible to fully protect the code, no matter how you package it, in order for it to be run it has to be accessible and decrypted which means the key has to be stored locally.

Consider this scenario;

The authors of the electron system and asar file format implement encryption similar to a password protected zip, and give you the ability to specify the archive password at compile time so that it is 'safely' stored inside the .exe and the asar file can't be opened/read without it.

A hacker could still figure out the key by compiling electron themselves with some test keys, for instance AAAA and AAAB, then comparing the resultant binary file to determine the location of the key string inside it. Once they know how to extract the key from the exe it's game over.

I guess the strongest protection you can make is if you modify the electron source code yourself to store and retrieve the key, but even then an attacker can decompile the code, compare it with a decompiled standard version of electron, figure out where your code modifications start and reverse engineer it until they figure out how you are storing the key.

Again, the moment they have the key, it's game over, and in order for electron to run any code it has to be able to read it which means it has to have the key available locally. Catch 22.



来源:https://stackoverflow.com/questions/30167226/how-to-protect-source-code-in-electron-project

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!