Encrypting strings in a java class or in the resources files

ClaudiuGeorgiu / Obfuscapk

An automatic obfuscation tool for Android apps that works in a black-box fashion, supports advanced obfuscation features and has a modular architecture easily extensible with new techniques

MIT License

1.09k stars 285 forks source link

Encrypting strings in a java class or in the resources files #164

Closed danilobatistaqueiroz closed 9 months ago

danilobatistaqueiroz commented 1 year ago

Doesn't ResStringEncryption encrypt resources files? Why can I open it?
Doesn't ConstStringEncryption encrypt my strings inside java class files?

docker run --rm -it -v "/home/oy/tutorials/Obfuscapk/src":"/workdir" obfuscapk -p -d /workdir/ee.apk -o Nop -o Goto -o Rebuild -o AssetEncryption -o ClassRename -o DebugRemoval -o FieldRename -o LibEncryption -o MethodRename -o ResStringEncryption -o ConstStringEncryption /workdir/app-debug.apk

In Android-Studio, menu Build->Analyze APK...

analyze-apk

I unzipped the ee.apk file and decompiled some classes and I found the raw strings
dexdump-grep

danilobatistaqueiroz commented 1 year ago

It's an Ionic app.

ClaudiuGeorgiu commented 1 year ago

Hi, you are using the encryption obfuscators after rebuilding the app, so they will be ignored, see FAQ. Put -o Rebuild after all the other obfuscators. ResStringEncryption will encrypt only some strings inside resources, not the whole file, so you will still be able to open the file.

danilobatistaqueiroz commented 1 year ago

Now it works:
docker run --rm -it -v "/home/yo/tutorials/Obfuscapk/src":"/workdir" obfuscapk -p -d /workdir/ee.apk -o Nop -o Goto -o AssetEncryption -o ClassRename -o DebugRemoval -o FieldRename -o LibEncryption -o MethodRename -o ResStringEncryption -o Rebuild -o NewAlignment -o NewSignature /workdir/app-debug.apk

But strings in resource aren't encrypted:

resource-secret

strong-secret

println-secret