Comments (7)
We can compare application signature at runtime inside JNI. If signature is matching then only return key else don't return key.
from hidden-secrets-gradle-plugin.
Hello @Irineu333 ,
1/ the app you are showing does not look obfuscated ? It will be much harder to do the same in a production's app.
2/ If you run a libsecrets.so in another app it won't have the correct key and package name to read the hidden keys.
from hidden-secrets-gradle-plugin.
- obfuscation would make it difficult, but it would still be possible
- i didn't understand what this key would be, but as for the package, what prevents someone from creating an application with the same package? in fact, it wouldn't even be necessary, since the package is passed as an argument, an app with package x could code a package y
I think a more robust way to check the package would be to pass a context and call getPackageName, rather than relying on what the bytecode passed
from hidden-secrets-gradle-plugin.
@ben-j69 what would this "correct key" be? did i miss something? 🤔
from hidden-secrets-gradle-plugin.
@ben-j69 I can't run the libsecrets.so files in an app other than the one they were compiled, but I don't know if it's my lack of knowledge or it's really not possible, but there's still the issue of tampering with the app
I'm trying to code a signature check but it's too complicated
from hidden-secrets-gradle-plugin.
@Irineu333 as said in Readme:
⚠️ Nothing on the client-side is unbreakable. So generally speaking, keeping a secret in a mobile package is not a smart idea. But when you absolutely need to, this is the best method we have found to hide it.
You should try to investigate with real obfuscated code, it is much more difficult to get what you want. It will be long and difficult to find the necessary info to reveal the hidden keys.
from hidden-secrets-gradle-plugin.
@kalpesh2704 It's a great solution!
from hidden-secrets-gradle-plugin.
Related Issues (20)
- UnsatisfiedLinkError when package name has underscores HOT 2
- How to remove a key HOT 1
- Segmentation violation (invalid memory reference) on Android 7 HOT 2
- Obfuscator not using full 256 bits of each byte HOT 3
- UnsatisfiedLinkError: dlopen failed: library "libsecrets.so" not found HOT 1
- Could not find com.android.tools.build:gradle:4.2.2.
- hideSecretFromPropertiesFile not working! HOT 1
- Gradle build failed HOT 1
- Is it possible to directly use libsecrets.so and get the key? HOT 1
- hideSecret Generating Files in Root 's`src/main/` HOT 1
- how to fix this ? HOT 1
- Crashes when secret names have underscores
- Got error HOT 2
- try hideSecretFromPropertiesFile error
- Can't declare plugin on Android Studio Flamingo with AGP 8.0.1 and Kotlin build configuration HOT 9
- Flutter integration HOT 1
- java.lang.UnsatisfiedLinkError: dlopen failed: library "libsecrets.so" not found HOT 14
- How to add the native lib to JUnit tests
- How to get secret key from Groovy HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from hidden-secrets-gradle-plugin.