B4J Question Encryption Passphrase can be viewed by a simple decompile.

[Nokia]

So for some reason I was curious to see if I can view the Jar code. Downloaded a simple decompile tool and yep.. can view the java code. But what I was afraid of.. is my java code has an encryption passphrase to encrypt and decrypt for software use.. and yep.. I can view my passphrase plain as day as well as some other global items.



I have two software that communicate with encrypted info.. is there no way to hide the passphrase better than that?

 

[EnriqueGonzalez]

There may be a lot of ways to hide the passphrase, but the truth is that any hacker that wants that key will not take longer than 5 mins to take it, you just used a decompiler for that, but if you use a debugger, it will be even easier.

Usually the best way to encrypt some information is to use a user-made password for it.

 

[Erel]

Process global strings are obfuscated (in release - obfuscated mode). This will make it a bit more difficult for a hacker to get the secret value.

 

[Nokia]

Process global strings are obfuscated (in release - obfuscated mode). This will make it a bit more difficult for a hacker to get the secret value.

I was wondering what that release mode was for..

Do I need to keep that ObfuscatorMap.txt?

 

[Erel]

Do I need to keep that ObfuscatorMap.txt?

It is not a must. See the tutorial: https://www.b4x.com/android/forum/threads/code-obfuscation.13773/