How hide source code and image of application. I see the thread of Erel (Relased obfusced) but I don't know how I do..
Sorry for my english
Sorry for my english
-
Welcome to B4X forum!
B4X is a set of simple and powerful cross platform RAD tools:
- B4A (free) - Android development
- B4J (free) - Desktop and Server development
- B4i - iOS development
- B4R (free) - Arduino, ESP8266 and ESP32 development
Android Question How hide source code ?
- Thread starter Matteo Granatiero
- Start date
- Similar Threads Similar Threads
Just select "Release (obfuscated)" from the dropdown list you see under the menu items row.
Anyway, don't waste your time. There are decompilers out there that will show your program to anybody willing to spend some time on it.
@Informatix used to distribute a PDF binded to a payed-for lib of his where directions on how to better hide your code were given. I didn't try it personally but often read good comments about it. Try searching the Forum.
Anyway, don't waste your time. There are decompilers out there that will show your program to anybody willing to spend some time on it.
@Informatix used to distribute a PDF binded to a payed-for lib of his where directions on how to better hide your code were given. I didn't try it personally but often read good comments about it. Try searching the Forum.
Upvote
0
Personally I do not understand a purpose of obfuscated.
At first, to hack a code is enough complex task for dilettantes.
1) Typically even author can't understand own logic since some monthes.
2) Java code generated by B4A even without "obfuscated" is more complex for understanding than "native" java code.
So, we need to worry about professionals only. But for this category "obfuscated" is not an obstacle. In run time all is visible anyway.
I think that alone protection is to move really secret algorithms to own webserver.
At first, to hack a code is enough complex task for dilettantes.
1) Typically even author can't understand own logic since some monthes.
2) Java code generated by B4A even without "obfuscated" is more complex for understanding than "native" java code.
So, we need to worry about professionals only. But for this category "obfuscated" is not an obstacle. In run time all is visible anyway.
I think that alone protection is to move really secret algorithms to own webserver.
Upvote
0
Compiling with obfuscation is a good option. It is very simple to do. Make sure to go over the pitfalls: Code Obfuscation
It is especially useful for hiding strings. Without obfuscation it is trivial to see the program strings. Obfuscation makes it more complicated (process global strings only).
It is especially useful for hiding strings. Without obfuscation it is trivial to see the program strings. Obfuscation makes it more complicated (process global strings only).
Upvote
0
Just because I don't understand or fully agree with something, does not mean it isn't a better method. For example, its common practice for people who want to succeed in other fields, to copy the methods of more successful people in the same field. I haven't checked, but I would say the big boys obfuscate, and I assume they know better than me, so I'll take their lead.
I know I have looked into APK's with a simple zip expander to check shell commands where scripts have been simply stored as text (superuser methods). What I am trying to give an example (as shell stuff is very different to java), is that I or others may simple wish to get a single line, not everything. ie a "leg up" on your competition
It may be more so, but when compared to other obfuscation, maybe not. I cant recall exactly, but when I have done some internal android shell dump on another APK compared to a B4A one, I can see all my class names un-obfuscated, with the method names obfuscated, but on another APK all the class names where a single letter, and appeared to somehow possess extra "depth" eg my code looked like:
B4X:
Class1.NK132SGW
B4X:
a.a.a.a.a.a.a.zBut lets not go out of our way to make it too easy for anyone
Its a sliding scale on how much you are ready to spend to protect what you do have. Maybe a small investment to make it a little less "enjoyable".
I guess in reality, the reason I obfuscate is to save any embarrassment from someone reading my code and seeing how bad it is, too easily.
Upvote
0
Ahh... I found it.
Here is the command to run in a shell
which produces
https://www.hastebin.com/momolanuto.cs
and when I run it against a B4A app (results altered to protect the guilty)
https://www.hastebin.com/xidogivona.java
If you look down at the class names the difference is clear.
Here is the command to run in a shell
B4X:
cmd package dump-profiles com.a1dev.sdbench;
cat "/data/misc/profman/com.a1dev.sdbench.txt";https://www.hastebin.com/momolanuto.cs
and when I run it against a B4A app (results altered to protect the guilty)
https://www.hastebin.com/xidogivona.java
If you look down at the class names the difference is clear.
Upvote
0
When it comes to security I strongly suggest that you use this https://www.b4x.com/android/forum/threads/probundle-chargeable.58754/
Also read post #169 and #209 in the link above.
You will not find many b4x users that knows more about security than Informatrix, he's proven many times over the years that he can easily intercept/get important info from APK/Apps. You should try to read his previous posts about the subject, you will learn a lot from what he says.
Anyway use the link above, oh yes and even though the Pro Bundle is now free to use, if you use it I would strongly suggest that you donate to it, even if only €10 for peace of mind.
Also read post #169 and #209 in the link above.
You will not find many b4x users that knows more about security than Informatrix, he's proven many times over the years that he can easily intercept/get important info from APK/Apps. You should try to read his previous posts about the subject, you will learn a lot from what he says.
Anyway use the link above, oh yes and even though the Pro Bundle is now free to use, if you use it I would strongly suggest that you donate to it, even if only €10 for peace of mind.
Last edited:
Upvote
0
Similar Threads
- Article
- Question
- Locked
- Sticky
- Question
