Open headsvk opened 4 years ago
Hi Marek,
Thank you so much for these guidelines. I'll add it to README.md if you don't mind.
And I'd still like to implement caching because there're other scenarios when you may want to obfuscate string literals in a class. For example one may want to hide inlined log tags or http headers to make reverse engineering of particular classes more difficult.
Yeah sure, pick what makes sense, I'm not skilled in writing documentation.
Okay yes if you don't store the string literal in a variable, then it's useful to cache it.
@MichaelRocks the R8 stuff hasn't found its way into the README yet. Any reason for that? Did you encounter cases in where the suggested solutions don't work?
Hi Micheal! Thanks for the neat project. It took me a while to test it with R8 and BuildConfig and I'd like to contribute back by writing these guidelines. Do they make sense? Do you use it in any other way?
I would say issue #11 is not necessary to do if obfuscation is used like in my example.
Usage with R8 and BuildConfig
A common use case is to have configuration specific variables in the generated
BuildConfig
class which cannot be obfuscated by adding@Obfuscate
, for example:Instead of using the variables directly, we can define another class that will wrap the
BuildConfig
fields and optionally add its own.If you are using R8, it's important that the fields are NOT
const val
as they would get moved to usage sites and not obfuscated. That also means that R8 will remove allpublic static final String
fields from the compiledBuildConfig
class, so they only have to be obfuscated where they are used.Decompiled
Secrets.kt
with R8 enabled shows thatDeobfuscator
is called in the constructor to initializeAPI_SECRET
andAPI_URL
fields and the generated getter functions can access them afterwards without calling Deobfuscator again.