-
Welcome to B4X forum!
B4X is a set of simple and powerful cross platform RAD tools:
- B4A (free) - Android development
- B4J (free) - Desktop and Server development
- B4i - iOS development
- B4R (free) - Arduino, ESP8266 and ESP32 development
application protect
- Thread starter slowtime
- Start date
- Similar Threads Similar Threads
I have the same problem
data on my protected site can be located in clasess.dex file
because of the following
also username and password used by
httpClient1.ExecuteCredentials(request,MainRequestId,username,password)
and the url is visible
request.InitializeGet(MainUrl)
Advise is needed
data on my protected site can be located in clasess.dex file
because of the following
also username and password used by
httpClient1.ExecuteCredentials(request,MainRequestId,username,password)
and the url is visible
request.InitializeGet(MainUrl)
Advise is needed
Upvote
0
Hi,
While we wait for Erel to provide obfuscation options during compilation, one quick method is to turn off the "Project > Include Debug Information" option.
Not sure what the exact debugging function is supposed to be, but at least my scripts are not visibly seen in CLASSES.DEX when I uncheck the option.
While we wait for Erel to provide obfuscation options during compilation, one quick method is to turn off the "Project > Include Debug Information" option.
Not sure what the exact debugging function is supposed to be, but at least my scripts are not visibly seen in CLASSES.DEX when I uncheck the option.
Upvote
0
It provides the line number and code for display when a runtime error occurs, without it you will only get the Sub name displayed.
Upvote
0
Protect the app before distribute
Hi all,
From this I understand that the APP is protected if we don't use Debug info.
I hope so that my creation is save to give beta versions away without somebody can go to steal the APP.
Can somebody verify this.
Thanks in advance.
Hi all,
From this I understand that the APP is protected if we don't use Debug info.
I hope so that my creation is save to give beta versions away without somebody can go to steal the APP.
Can somebody verify this.
Thanks in advance.
Upvote
0
And How we Protect this
Hi Erel,
Is there a possiblity to protect this also that decompilers can not get the code anyhow the try.
:sign0137:
Hi Erel,
Is there a possiblity to protect this also that decompilers can not get the code anyhow the try.
:sign0137:
Upvote
0
Just a note: Unfortunatley, all Android apps are exposed to decompiliers, not just B4A compiled apps. It's best to encrypt any sensitive data in your app to help protect against this threat.
Upvote
0
Hi,
yes, I can encrypt any sensitive data but if I store the key in visible mode this will be visible for all disassemblers. Application users must enter for any launch a encrypt key but this is not always possible.
I tryed to use a very long static var(80 chars) but decompilers do not block and read the value stored in var.
I'll try to obfusc the code.... maybe ...
Any idea ?
Ciao
ps: Do you know an android compiler to recompile the decompilated source? I'd like to verify if the code changed run in Android Phones.
thank you.
yes, I can encrypt any sensitive data but if I store the key in visible mode this will be visible for all disassemblers. Application users must enter for any launch a encrypt key but this is not always possible.
I tryed to use a very long static var(80 chars) but decompilers do not block and read the value stored in var.
I'll try to obfusc the code.... maybe ...
Any idea ?
Ciao
ps: Do you know an android compiler to recompile the decompilated source? I'd like to verify if the code changed run in Android Phones.
thank you.
Last edited:
Upvote
0
I completely understand. What I did was make my own crazy encryption for strings that I did not want anyone who used a decompilier to be able to see what they are. It is not something that a bank would use to encrypt data, but it's good enough for hiding what the string actually has in it. Try making your own without a key and you may surprise yourself on how diificult it would be for someone to break it .
.
Upvote
0
Hi Rick,
I hope my English is good enought.
Your teory is very interesting, but I am hard to understand.
I think is possible to hide or to camouflage variables but I think - correct me if I'am wrong - somewhere in code must be a visible algorithm (after decompiling) able to change hide/encrypt var in usable var.
If you prefer do not disclose your method I can understand and then thank you for the idea .
Anyway, whatever suggestion is welcome.
Ciao.
I hope my English is good enought.
Your teory is very interesting, but I am hard to understand.
I think is possible to hide or to camouflage variables but I think - correct me if I'am wrong - somewhere in code must be a visible algorithm (after decompiling) able to change hide/encrypt var in usable var.
If you prefer do not disclose your method I can understand and then thank you for the idea .
Anyway, whatever suggestion is welcome.
Ciao.
Upvote
0
Hi Ciao,
Yes you are correct, there is an algorithm to decrypt, but it can be complex enough to not be obvious on how it works. Also the Sub can be named something simple like "English_to_French" that has nothing to do with what it actually is, to make it hard to follow the code. Anything that makes it more difficult to follow the code is what I'm trying to do. I also use the byteconverter lib, so someone would have to know how they work to understand the algorithm. Again, I'm not making an application for a Bank or financial data, I just don't want a curious programmer or engineer to look at my decompiled application and be easy to see what I did. Good Luck.
Rick
Yes you are correct, there is an algorithm to decrypt, but it can be complex enough to not be obvious on how it works. Also the Sub can be named something simple like "English_to_French" that has nothing to do with what it actually is, to make it hard to follow the code. Anything that makes it more difficult to follow the code is what I'm trying to do. I also use the byteconverter lib, so someone would have to know how they work to understand the algorithm. Again, I'm not making an application for a Bank or financial data, I just don't want a curious programmer or engineer to look at my decompiled application and be easy to see what I did. Good Luck.
Rick
Upvote
0
Similar Threads
- Question
Android Question
How can I make Protected-Materials (Documents, Videos)?
