Wish More Security

chrjak

Active Member
Licensed User
Longtime User
In b4a apps you can read every password out of an apk... FTP, File encryption, etc

Could you make it harder to hack a password erel? For example a #Password# Command? That the string between this command will be encrypted in the apk or something like that?
 

DonManfred

Expert
Licensed User
Longtime User
Why are you storing unencrypted passwords in your code?
If you need safety; DO IT YOURSELF. Use encrypted passwords (and so on), compile your app obfuscated
 

chrjak

Active Member
Licensed User
Longtime User
is it possibile to encrypt your password in the b4a code?

If you code with java it is possible to hide your password... i know

But even in obfuscated mode the password is in the main.java file visible... the only changing is that the variable name is changed (thats what obfusacted mode does...)
 
Last edited:

Cableguy

Expert
Licensed User
Longtime User
You have the encryption lib, and you have code obfuscation.
General "good coding rules" say to never hard code passwords... encrypt them and save to a file. When needed, read the file and decrypt! Even assets can be encrypted now!
 

chrjak

Active Member
Licensed User
Longtime User
but then the password for the password file has to be hard coded!?
 

Cableguy

Expert
Licensed User
Longtime User
Give it a nonsense variable name and encrypt it to a file
 

chrjak

Active Member
Licensed User
Longtime User
hey cable,

how do you decrypt the asset files when you don't use a hard code password?
 

Cableguy

Expert
Licensed User
Longtime User
Search the forum, there are hundreds of examples... There is a tool to encript the assets folder and a tutorial on how to decrypt when needed. Just use "encrypt assets" in the search box, and guess what...!? Its the first result shown!!!!
 

chrjak

Active Member
Licensed User
Longtime User
Search the forum, there are hundreds of examples... There is a tool to encript the assets folder and a tutorial on how to decrypt when needed. Just use "encrypt assets" in the search box, and guess what...!? Its the first result shown!!!!
I know. I was there already. but that:

Private Sub UnpackEncryptedAssets(StoreName AsString, Password AsString, Version As Int)
....
end sub

Is hard code....
 

chrjak

Active Member
Licensed User
Longtime User
You should use Release obfuscated and set the string as a process global string. It will be obfuscated.
Thanks. I tested already. In the .java there is "" when you use obfuscated... Is there absolutely no way to make it visible? That is great :)
 
Top