Android Question Obfuscator - does it randomize?

73Challenger

73Challenger

Active Member
Licensed User
If we create a build with the obfuscator(Ver 1), then make a tiny change to the code like refactor a variable name. Will the next obfuscated build (Ver 2) be materially the same?

The practical reason for asking is this. Lets say someone cracks the obfuscation on Version 1 of an app. If the version 2 app code base is basically the same, would the obfuscation be mostly the same, making it very easy to re-crack version 2?

If so, would is it possible to randomize the obfuscation when an build is created? At least make them "re-crack" it every time a new version comes out.
In theory, a new version of an app, with a new obfuscation pattern, could be released monthly, weekly, daily ?? if someone were so inclined. Obviously, it wouldn't "prevent" cracking the code, but it could slow them down a bit.


I don't know much about this obfuscation "dark art" :p so this may already be the way it works. In that case, I might learn something LOL.
Thanks much!
 
Sort by date Sort by votes
epiCode

epiCode

Active Member
Licensed User
73Challenger said:
If we create a build with the obfuscator(Ver 1), then make a tiny change to the code like refactor a variable name. Will the next obfuscated build (Ver 2) be materially the same?

The practical reason for asking is this. Lets say someone cracks the obfuscation on Version 1 of an app. If the version 2 app code base is basically the same, would the obfuscation be mostly the same, making it very easy to re-crack version 2?

If so, would is it possible to randomize the obfuscation when an build is created? At least make them "re-crack" it every time a new version comes out.
In theory, a new version of an app, with a new obfuscation pattern, could be released monthly, weekly, daily ?? if someone were so inclined. Obviously, it wouldn't "prevent" cracking the code, but it could slow them down a bit.


I don't know much about this obfuscation "dark art" :p so this may already be the way it works. In that case, I might learn something LOL.
Thanks much!
Click to expand...

Obfuscation only replaces variable names with strings like vvvvv0 which makes it confusing and difficult for anyone to know what does the variable do.
So if you just change the name of variable in code, obfuscation will have no change.
It will only change if you change the order of variables or add new ones randomly (even if new ones do nothing)

check out this link from Erel to understand the not so "dark art" of obfuscation :)

Code Obfuscation

This tutorial is relevant for B4A and B4J. During compilation B4A generates Java code which is then compiled with the Java compiler and converted to Dalvik (Android byte code format). There are tools that allow decompilation of Dalvik byte code into Java code. The purpose of obfuscation is to...
www.b4x.com www.b4x.com

Cheers!
 
Last edited:
Upvote 0
73Challenger

73Challenger

Active Member
Licensed User
HZZ said:
Obfuscation only replaces variable names with strings like vvvvv0 which makes it confusing and difficult for anyone to know what does the variable do.
So if you just change the name of variable in code, obfuscation will have no change.
It will only change if you change the order of variables or add new ones randomly (even if new ones do nothing)

Check ObfuscatorMap.txt file which is created when you choose to compile with obfuscation option.

Cheers!
Click to expand...

Thanks for the answer... I've got that part. What I meant by "randomization" was this. Lets say we have 2 functions add and subtract.
Each time a package is built these functions would get a different (randomized) obfuscated name. The hope would be to force someone to re-crack the obfuscation on every build.

B4X: 
             Original Name    Obfuscated name in Version 1    Version 2                         Version 3     

Function     Add              vvv0                            vvvvvvvvvvvvvvvvvvvvv0            vvvvvvvvv0
Function     Subtract         vvvvvvvvvvvvvvv0                vv0                               vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv0

Would this be worth anything? Any thoughts @Erel ?
It wouldn't prevent cracking the obfuscation, but it would ensure a bad actor would have to re-crack it for every release.
It's just a random thought I had so thanks for the thoughts and conversation :)
 
Last edited:
Upvote 0
kimstudio

kimstudio

Active Member
Licensed User
Longtime User
The ObfuscatorMap.txt file will be generated each time in objects folder after your build with renamed and original names, it is easy to test whether they will change or not after changing func names or reorder them or do nothing (haven't tested it myself though), but only Erel can confirm whether it is randomized each time or not :)
 
Upvote 0
Bladimir Silva Toro

Bladimir Silva Toro

Active Member
Licensed User
Longtime User
Hello @73Challenger

Well, what obfuscation does is make the job a little difficult for the cracker.

That does not mean then that your APK application or its JAR cannot be decompiled in JAVA, it is not difficult to do that.

My advice is Update frequently at least 1 time a week. With this it prevents crackers from making a patch or a crack.

A practical example is to see how the most popular applications such as games, in my case Tennis Clash, this game makes updates every 5 days.
 
Upvote 0
You must log in or register to reply here.

Similar Threads

walterf25
  • Question
Android Question API_KEY obfuscation
Replies
5
Views
562
Erel
Erel
J
  • Question
Android Question How can i achieve better obfuscation?
Replies
0
Views
972
jackm
J
StephenRM
  • Question
Android Question Code Obfuscation and WebView - Advantages and Disadvantages?
Replies
0
Views
665
StephenRM
StephenRM
C
  • Question
Android Question SubExists, CallSub and Obfuscation
Replies
18
Views
2K
Erel
Erel
Erel
  • Article
Android Tutorial Code Obfuscation
2 3 4
Replies
60
Views
61K
vvg
vvg
Top