简体中文(ZH-CN) English(EN) 繁体中文(ZH-TW) 日本語(JA) 한국어(KO) Melayu(MS) Français(FR) Deutsch(DE)
Home > Java > javaTutorial > body text

How can I effectively hide sensitive strings in obfuscated Android code after decompilation?

DDD
Release: 2024-10-28 11:41:02
Original
423 people have browsed it

How can I effectively hide sensitive strings in obfuscated Android code after decompilation?

Hiding Secrets in Obfuscated Android Code

When obfuscating Android code with tools like ProGuard, it's common to discover that sensitive strings remain visible after decompilation. To address this concern, here are some strategies for concealing strings from prying eyes:

Encoding and Encryption

ProGuard does not provide mechanisms for hiding strings. Instead, consider implementing your own encoding or encryption methods. For basic obscurity, encoding using methods like Base64 can suffice. For more rigorous protection, encrypt the strings using symmetric ciphers like AES through classes like javax.crypto.Cipher.

Remember that encrypting strings requires storing the encryption key in the application, which can compromise security.

Example:

Before:

<code class="java">public class Foo {
    private String mySecret = "http://example.com";
}</code>
Copy after login

After:

<code class="java">public class Foo {
    private String encrypted = "<manually created encrypted string>";
    private String key = "<key used for encryption";
    private String mySecret = MyDecryptUtil.decrypt(encrypted, key);
}</code>
Copy after login

R Class Strings

The R class strings you mention (e.g., 2130903058) are references to resource IDs. They are not random numbers but rather point to resources such as layout files. During obfuscation, references to resources are replaced with these IDs to reduce code size.

When decompiling the code, the R class may not be present because its internal structure is mangled by obfuscators. However, the IDs still represent the original resource references.

Third-Party DRM

Consider using a dedicated Digital Rights Management (DRM) solution instead of implementing your own protection measures. Google provides a licensing service for Android that can be more secure than custom solutions.

The above is the detailed content of How can I effectively hide sensitive strings in obfuscated Android code after decompilation?. For more information, please follow other related articles on the PHP Chinese website!

source:php.cn
Previous article:Cracking OOP in Java: A PIE You’ll Want a Slice Of Next article:Here are a few question-based article titles that fit the provided content: Directly addressing the problem: * Java Annotations: How to Dynamically Generate Values for Runtime Annotations? * Can Yo
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Latest Articles by Author
Latest Issues
function_exists() cannot determine the custom function Function test () {return true;} if (function_exists ('test')) {echo "test is function...
From 2024-04-29 11:01:01
0
2
1695
How to display the mobile version of Google Chrome Hello teacher, how can I change Google Chrome into a mobile version?
From 2024-04-23 00:22:19
0
10
1858
The child window operates the parent window, but the output does not respond. The first two sentences are executable, but the last sentence cannot be implemented.
From 2024-04-19 15:37:47
0
1
1572
There is no output in the parent window document.onclick = function(){ window.opener.document.write('I am the output of the child ...
From 2024-04-18 23:52:34
0
1
1484
Where is the courseware about CSS mind mapping? Courseware
From 2024-04-16 10:10:18
0
0
1530
Related Topics
More>
Popular Recommendations
Popular Tutorials
More>
Related Tutorials
Popular Recommendations
Latest courses
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template
About us Disclaimer Sitemap
php.cn:Public welfare online PHP training,Help PHP learners grow quickly!