Android Question Development of obfuscator

carlos7000

Active Member
Licensed User
Hi all

Seeing the obfuscated code of other programs ...

An example:
B4X:
class C0124t {
    /* renamed from: a */
    final /* synthetic */ C0119p f3067a;
    /* renamed from: b */
    private final String f3068b;
    /* renamed from: c */
    private final float f3069c;
    /* renamed from: d */
    private final float f3070d;
    /* renamed from: e */
    private final C0120u f3071e;

    public C0124t(C0119p c0119p, String str, float f, float f2, C0120u c0120u) {
        this.f3067a = c0119p;
        this.f3068b = str;
        this.f3069c = f;
        this.f3070d = f2;
        this.f3071e = c0120u;
    }

    /* renamed from: a */
    public void m2469a() {
        this.f3067a.f3055W.m704a(0.8f, 0.8f, 0.8f, 1.0f);
        this.f3067a.f3055W.m701a(0.9f - (0.15f * MathUtils.m1317b(6.2831855f * ((0.5f * this.f3067a.f3040H) - this.f3070d))));
        this.f3067a.m2441a(this.f3068b, this.f3067a.f3055W, this.f3069c);
    }

    /* renamed from: a */
    public boolean m2470a(Vector2 vector2) {
        if (vector2.f1634g < 90.0f || vector2.f1634g > 150.0f || vector2.f1635h < this.f3069c - 10.0f || vector2.f1635h >= this.f3069c + 20.0f) {
            return false;
        }
        this.f3067a.f3056a.f2953y.m2388d();
        this.f3071e.mo393a();
        return true;
    }
}
... ask me, how good was the b4a obfuscation?

Decompile some of the programs that I have done and I am surprised that only the names of the functions and some variables were obfuscated, leaving the rest of the code completely exposed

An example of this is the following example project.

This is the sample source code

B4X:
#Region  Project Attributes
    #ApplicationLabel: B4A Example
    #VersionCode: 1
    #VersionName:
    'SupportedOrientations possible values: unspecified, landscape or portrait.
    #SupportedOrientations: unspecified
    #CanInstallToExternalStorage: False
#End Region

#Region  Activity Attributes
    #FullScreen: False
    #IncludeTitle: True
#End Region

Sub Process_Globals
    'These global variables will be declared once when the application starts.
    'These variables can be accessed from all modules.

End Sub

Sub Globals
    'These global variables will be redeclared each time the activity is created.
    'These variables can only be accessed from this module.

    Private EditText_eMail As EditText
    Private EditText_Password As EditText
    Private ButtonGetApiKeys As Button
    Private LabelApiKey As Label
    Private LabelApiSecret As Label
    
    Dim x_eMail As String
    Dim x_PassWord As String   
End Sub

Sub Activity_Create(FirstTime As Boolean)
    'Do not forget to load the layout file created with the visual designer. For example:
    Activity.LoadLayout("Layout1")

End Sub

Sub Activity_Resume

End Sub

Sub Activity_Pause (UserClosed As Boolean)

End Sub

Sub EditText_eMail_TextChanged (Old As String, New As String)
    Validate(New)
End Sub

Sub EditText_Password_TextChanged (Old As String, New As String)
    Validate(New)
End Sub

Sub ButtonGetApiKeys_Click
    LabelApiKey.Text = GetApiKey(EditText_eMail.Text)
    LabelApiSecret.Text = GetApiSecret(EditText_eMail.Text)
End Sub

Public Sub GetApiKey(eMail As String) As String
    Dim ApiKey As String   
    ApiKey = "928749823798472398"   
    Return ApiKey
End Sub

Public Sub GetApiSecret(eMail As String) As String
    Dim ApiSecret As String   
    ApiSecret = "89y54y9t845y98"       
    Return ApiSecret
End Sub

Public Sub Validate(Value As String) As Boolean
    Return True
End Sub
Attached obfuscated apk file. you will find it below.

By decompiling the attached file, you can clearly see the following:

B4X:
public static String _x_email = "";
public static String _x_password = "";
public ButtonWrapper _buttongetapikeys = null; 'button name is visible
public EditTextWrapper _edittext_email = null; 'editText name is visible
public EditTextWrapper _edittext_password = null; 'editText name is visible
public LabelWrapper _labelapikey = null; 'Label name is visible
public LabelWrapper _labelapisecret = null; 'Label name is visible
The name of the event that requests the keys is clearly legible

B4X:
public static String _buttongetapikeys_click() throws Exception {
      mostCurrent._labelapikey.setText(BA.ObjectToCharSequence(_v5(mostCurrent._edittext_email.getText())));
      mostCurrent._labelapisecret.setText(BA.ObjectToCharSequence(_v6(mostCurrent._edittext_email.getText())));
    return "";
}
B4X:
public static String _edittext_email_textchanged(String str, String str2) throws Exception {
   _v7(str2);
       return "";
}
B4X:
public static String _edittext_password_textchanged(String str, String str2) throws Exception {
   _v7(str2);
       return "";
}
The names of the other functions and variables, if they were obfuscated

I want to know if it is possible for someone to help me with the development of an obfuscator.

I do not know if it will be very difficult, but I want to develop an obfuscator that can rename all labels, buttons, listViews, functions, panels, etc.

I would greatly appreciate your help.

I also attach the source of the project, and the result of the decompilation of the apk.
 

Attachments

Last edited:

JohnK

Active Member
Licensed User
from what I have seen, the built-in obfuscator also obfuscates variables. Although, you are correct in that there are many things not being obfuscated.

Although, I think you may be better off to highlight what is not being obfuscated as a bug in the appropriate forum, rather than building one from scratch.
 

carlos7000

Active Member
Licensed User
from what I have seen, the built-in obfuscator also obfuscates variables. Although, you are correct in that there are many things not being obfuscated.

Although, I think you may be better off to highlight what is not being obfuscated as a bug in the appropriate forum, rather than building one from scratch.

I did not think that not to obfuscate the names of the buttons or labels could be an error. If there is a suitable forum, please provide me with the link.

Thanks.
 

Cableguy

Expert
Licensed User
I don't think this would be too difficult to pull of.
I mean, in my head, I see it working like this...
1. User creates a program, not obfuscated
2. Obfuscation program search for keywords like "as button" and add it to a map... Then generates as many random strings as needed, and finally replaces the values
3. User loads and tries out the obfuscated code and if all is ok, compile

Of course, this is a simplistic view of the process...
 

Computersmith64

Well-Known Member
Licensed User
Erel has written an obfuscation tutorial here that might help you better understand what does / doesn't get obfuscated in B4A.

- Colin.
 

carlos7000

Active Member
Licensed User
I don't think this would be too difficult to pull of.
I mean, in my head, I see it working like this...
1. User creates a program, not obfuscated
2. Obfuscation program search for keywords like "as button" and add it to a map... Then generates as many random strings as needed, and finally replaces the values
3. User loads and tries out the obfuscated code and if all is ok, compile

Of course, this is a simplistic view of the process...

Yes, that is more or less the idea that I have.

Thanks
 
Top