search

MichaelRocks / paranoid

String obfuscator for Android applications.
Apache License 2.0
670 stars 79 forks source link

How to Randomly String in Every Build #34

Closed saleho27 closed 4 years ago

saleho27 commented 4 years ago

Hi, thanks for the plugin, it really useful for me. However, I'm cust curious, how to make the string obfuscator use a "random dictionary"?

I mean, if I compile an app-debug or app-release, then I rename it and build again without any change in the code, does the string obfuscator are the same between the old and new app?

If yes, how to make it always change in every single build even I don't change anything in the source code.

Sorry for a dumb question and my bad english...

MichaelRocks commented 4 years ago

Hi @saleho27, the obfuscator uses a random seed on every build by default but can be configured to use an explicitly specified seed:

paranoid {
  obfuscationSeed MY_SEED
}
saleho27 commented 4 years ago

Hi michael, sorry for bothering again... Does the plugin store dynamic string? For example, I create a fake application id namely application id com.fake.beforeSubmitted

In one of my activity, splash activity, I request json, and read the json, if json object equals application id, then do this.

Before submitted to store, I decompile my app, change the application id to real, com.games.sphereDroid for example.

I recompiled it, zip align it, sign it with my real jks, upload it to store to update the previous version.

Done. My updated app is live now. But here the problem, the method in splash activity read the json if equals com.fake.beforeSumbitted

The code is if jsonObj equals buildConfig.applicationId and I expect it reads if json equals app id (the new one after recompiling)

So the question, once I compile, so the string is static?

If you ask me why I decompile my self app before submitting, I did it to you know, avoid prior violations from the stupid trained google play bot when it is scan my apk.

saleho27 commented 4 years ago

Edited: since splashActivity use @Obfuscate, I then choose to use getPackageName() rather than buildConfig.applicationId because I have to change the app id before submitting to store.

MichaelRocks commented 4 years ago

Yep, you should use getPackageName() because BuildConfig.APPLICATION_ID is a compile time constant generated by the Gradle Android Plugin.

saleho27 commented 4 years ago

Hi Michael, in Google Play console I got so many error logs... mainly

java.lang.ClassNotFoundException in dalvik.system.BaseDexClassLoader.findClass when I click the details, it is 

java.lang.RuntimeException: 
  at android.app.LoadedApk.makeApplication (LoadedApk.java:979) 
  at android.app.ActivityThread.handleBindApplication (ActivityThread.java:6036) 
  at android.app.ActivityThread.-wrap1 (Unknown Source) 
  at android.app.ActivityThread$H.handleMessage (ActivityThread.java:1764) 
  at android.os.Handler.dispatchMessage (Handler.java:105) 
  at android.os.Looper.loop (Looper.java:164) 
  at android.app.ActivityThread.main (ActivityThread.java:6944) 
  at java.lang.reflect.Method.invoke (Method.java) 
  at com.android.internal.os.Zygote$MethodAndArgsCaller.run (Zygote.java:327) 
  at com.android.internal.os.ZygoteInit.main (ZygoteInit.java:1374)

Caused by: java.lang.ClassNotFoundException:  
  at dalvik.system.BaseDexClassLoader.findClass (BaseDexClassLoader.java:93) 
  at java.lang.ClassLoader.loadClass (ClassLoader.java:379) 
  at java.lang.ClassLoader.loadClass (ClassLoader.java:312) 
  at android.app.Instrumentation.newApplication (Instrumentation.java:1093) 
  at android.app.LoadedApk.makeApplication (LoadedApk.java:973) 
  at android.app.ActivityThread.handleBindApplication (ActivityThread.java:6036) 
  at android.app.ActivityThread.-wrap1 (Unknown Source) 
  at android.app.ActivityThread$H.handleMessage (ActivityThread.java:1764) 
  at android.os.Handler.dispatchMessage (Handler.java:105) 
  at android.os.Looper.loop (Looper.java:164) 
  at android.app.ActivityThread.main (ActivityThread.java:6944) 
  at java.lang.reflect.Method.invoke (Method.java) 
  at com.android.internal.os.Zygote$MethodAndArgsCaller.run (Zygote.java:327) 
  at com.android.internal.os.ZygoteInit.main (ZygoteInit.java:1374)

I enabled the multi dex which edited tha appjava to extends MultiDex and enabled it in gradle just as the official doc stated. Can you give me guidence what is that?

MichaelRocks commented 4 years ago

I believe the application class from your manifest doesn't exist. But this issue isn't related to the obfuscator so you'd better ask on stackoverflow.