B4J Question Any way to encrypt images in Assets folder? (for security reasons)

[MegatenFreak]

Hi.
Today I discovered (!!) that any user can extract my app's JAR, change any images or assets or whatever they like, and then recompress it as ZIP and rename it back to JAR, and voila! they've cracked it!
That is very inconvenient for me. Well, the code is compiled, thankfully, and there's not much they can do by altering the strings inside (they can decompile Java anyway), but is there a way I could prevent an easy modification of the images in the Assets (Files) folder? I have things like company logos in there!
Thanks in advance.

 

[Erel]

Note that the "hacker" will not be able to distribute your app with a modified assets as the APK signature will be invalid.

You can use B4XEncryption to encrypt the files with B4J and unencrypt them at runtime. This will however be slow (encryption must be slow) and will probably do no real good, especially with images.

 

[MegatenFreak]

Thanks. You're probably right. If they get into it, they're probably find a way anyway.
I didn't understand the thing about APK signature. Do Windows Java apps also have signatures? Because I had no problem running the repacked JAR file.

 

[Erel]

Sorry I was talking about Android. There is no such signature in the compiled jar.

 

[MegatenFreak]

It's ok! And I decided against the encryption thing, as I won't be able to output the decrypted file in the Assets folder, so it'll expose the image readily to any unsuspecting user!

 

[BeneBarros]

I use a small application that I created, I package all the images and some texts inside a file created with RandomAccessFile, also creating an index inside the file itself. I use this file in the same folder as the .jar
It's very fast and works great.

 

[MegatenFreak]

Do you then extract them at runtime in the application's folder? or do you read the files directly into memory?

 

[BeneBarros]

Do you then extract them at runtime in the application's folder? or do you read the files directly into memory?

runtime extraction

 

[udg]

If your sw needs Internet access anyway, you could store your images (and in general those files/resources you want to protect) on a remote server, then use SMM to download them at runtime.
Similar, but not adviced by Erel, would be to download your images the first time the app is run while storing them locally for any future reuse.

 

[MicroDrie]

Well, the code is compiled, thankfully, and there's not much they can do by altering the strings inside (they can decompile Java anyway), but is there a way I could prevent an easy modification of the images in the Assets (Files) folder?

There are two possible variation on the principle to move the images into the source code:

1. Move the image to the program source code with the use of the text based SVG image string into a webview
2. Or use a base64 text string into the ImageView

As always this secure solution has his price. With the first solution you have to rebuild or convert a bit image file to a SVG file. The pro is that one text string with the image text string can be easily scaled and after compression it can't be manipulated other then rebuild it.

The second solution doesn't need to rebuild it in a svg file format

By both solution's you can hit with a size limitation of the string length.

Security always has always its price and mostly a solution for the problem.

I have writing and read-back the string to a file commented out so you can use this B4J program to test your images and logo.

 

[MegatenFreak]

There are two possible variation on the principle to move the images into the source code:

1. Move the image to the program source code with the use of the text based SVG image string into a webview
2. Or use a base64 text string into the ImageView

As always this secure solution has his price. With the first solution you have to rebuild or convert a bit image file to a SVG file. The pro is that one text string with the image text string can be easily scaled and after compression it can't be manipulated other then rebuild it.

The second solution doesn't need to rebuild it in a svg file format

By both solution's you can hit with a size limitation of the string length.

Security always has always its price and mostly a solution for the problem.

I have writing and read-back the string to a file commented out so you can use this B4J program to test your images and logo.

Thanks. That will be the hacker's nightmare!

 

[MicroDrie]

That will be the hacker's nightmare!

Especially if you first run an SVG image through an online compressor, which converts the image into all points!

And it becomes your nightmare if you lose the original image and have to edit it!

 

[meysampro]

You can change file bytes and put that file in assets.

I use this solution.
It’s so easy

 

[MegatenFreak]

You can change file bytes and put that file in assets.

I use this solution.
It’s so easy

You mean something like encryption but much simpler and faster?

 

[meysampro]

Yes
Very very very faster

Can you change file bytes?

 

[MegatenFreak]

Yes
Very very very faster

Can you change file bytes?

I can write a function to do that. You'd need to load the "decrypted" data into memory to use it, right? Is it possible to set a node's background image not to an actual file on the disk but to the image raw data from memory?

 

[meysampro]

1- first, change byte of your image and put in assets.

Private bytess() As Byte

bytess= File2Byte(File.DirAssets , "image.jpg")
bytess(1) = bytess(1) + 2
bytess(2) = bytess(2) + 5
 Byte2File(bytess, File.DirInternal , "image.jpg")

2- finally you can convert your image and use it.

Private bytess() As Byte

bytess= File2Byte(File.DirAssets , "image.jpg")
bytess(1) = bytess(1) - 2
bytess(2) = bytess(2) - 5
Byte2File(bytess, File.DirInternal , "image.jpg")

Private Sub File2Byte(Dir As String, Filename As String) As Byte()
    Try
        Private input  As InputStream
        Private output As OutputStream
        Dim bu_ff() As Byte
        input = File.OpenInput(Dir,Filename)
        output.InitializeToBytesArray(100000)
        File.Copy2(input,output)
        bu_ff = output.ToBytesArray
        output.Close
        Return bu_ff
    Catch
        Log("a")
    End Try

End Sub


Private Sub Byte2File(Buffer() As Byte, Dir As String, Filename As String) As Boolean
    Try
        Dim output As OutputStream
        output = File.OpenOutput(Dir,Filename,False)
        output.WriteBytes(Buffer,0,Buffer.Length)
        output.Close
        Return True
    Catch
        Log("a")
    End Try

End Sub

 

[MegatenFreak]

Interesting method.
One thing is that there is no safe DirInternal in B4J, so the file will have to be extracted inside the app's folder. It still does the cracking protection, though, as even if the user alters the extracted image, they can't put it back inside the app's mechanism.
The downside is that the images will be readily exposed as image files, saving anyone the trouble of pulling them out of the app by taking screenshots or something.

 

[Magma]

simple thought: May be you can encrypt the files into a 7z (7zip) with cmd line... and extract them when you want to browse...

+I don't remember exactly the jpeg format but may be you can puzzle them (split 3-4 parts)... and merge them when need..
+or you can reverse the bytes.... simpler...

or mix-match... I think you can achieve your own way....

for example: Old days (1995) i was thinking how i will lock a software to run to a specific pc... i was getting the serial number of hdd (with dos vol)... quickbasic rulez

 

[AnandGupta]

the images will be readily exposed as image files, saving anyone the trouble of pulling them out of the app by taking screenshots or something.

This is the killer of all encryption on images.
If it can been seen on screen, it can be saved.