Android Question Obfuscator - does it randomize?

73Challenger

Member
Licensed User
If we create a build with the obfuscator(Ver 1), then make a tiny change to the code like refactor a variable name. Will the next obfuscated build (Ver 2) be materially the same?

The practical reason for asking is this. Lets say someone cracks the obfuscation on Version 1 of an app. If the version 2 app code base is basically the same, would the obfuscation be mostly the same, making it very easy to re-crack version 2?

If so, would is it possible to randomize the obfuscation when an build is created? At least make them "re-crack" it every time a new version comes out.
In theory, a new version of an app, with a new obfuscation pattern, could be released monthly, weekly, daily ?? if someone were so inclined. Obviously, it wouldn't "prevent" cracking the code, but it could slow them down a bit.


I don't know much about this obfuscation "dark art" :p so this may already be the way it works. In that case, I might learn something LOL.
Thanks much!
 

epiCode

Active Member
Licensed User
If we create a build with the obfuscator(Ver 1), then make a tiny change to the code like refactor a variable name. Will the next obfuscated build (Ver 2) be materially the same?

The practical reason for asking is this. Lets say someone cracks the obfuscation on Version 1 of an app. If the version 2 app code base is basically the same, would the obfuscation be mostly the same, making it very easy to re-crack version 2?

If so, would is it possible to randomize the obfuscation when an build is created? At least make them "re-crack" it every time a new version comes out.
In theory, a new version of an app, with a new obfuscation pattern, could be released monthly, weekly, daily ?? if someone were so inclined. Obviously, it wouldn't "prevent" cracking the code, but it could slow them down a bit.


I don't know much about this obfuscation "dark art" :p so this may already be the way it works. In that case, I might learn something LOL.
Thanks much!

Obfuscation only replaces variable names with strings like vvvvv0 which makes it confusing and difficult for anyone to know what does the variable do.
So if you just change the name of variable in code, obfuscation will have no change.
It will only change if you change the order of variables or add new ones randomly (even if new ones do nothing)

check out this link from Erel to understand the not so "dark art" of obfuscation :)

Cheers!
 
Last edited:
Upvote 0

73Challenger

Member
Licensed User
Obfuscation only replaces variable names with strings like vvvvv0 which makes it confusing and difficult for anyone to know what does the variable do.
So if you just change the name of variable in code, obfuscation will have no change.
It will only change if you change the order of variables or add new ones randomly (even if new ones do nothing)

Check ObfuscatorMap.txt file which is created when you choose to compile with obfuscation option.

Cheers!

Thanks for the answer... I've got that part. What I meant by "randomization" was this. Lets say we have 2 functions add and subtract.
Each time a package is built these functions would get a different (randomized) obfuscated name. The hope would be to force someone to re-crack the obfuscation on every build.

B4X:
             Original Name    Obfuscated name in Version 1    Version 2                         Version 3     

Function     Add              vvv0                            vvvvvvvvvvvvvvvvvvvvv0            vvvvvvvvv0
Function     Subtract         vvvvvvvvvvvvvvv0                vv0                               vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv0

Would this be worth anything? Any thoughts @Erel ?
It wouldn't prevent cracking the obfuscation, but it would ensure a bad actor would have to re-crack it for every release.
It's just a random thought I had so thanks for the thoughts and conversation :)
 
Last edited:
Upvote 0

kimstudio

Active Member
Licensed User
Longtime User
The ObfuscatorMap.txt file will be generated each time in objects folder after your build with renamed and original names, it is easy to test whether they will change or not after changing func names or reorder them or do nothing (haven't tested it myself though), but only Erel can confirm whether it is randomized each time or not :)
 
Upvote 0

Bladimir Silva Toro

Active Member
Licensed User
Longtime User
Hello @73Challenger

Well, what obfuscation does is make the job a little difficult for the cracker.

That does not mean then that your APK application or its JAR cannot be decompiled in JAVA, it is not difficult to do that.

My advice is Update frequently at least 1 time a week. With this it prevents crackers from making a patch or a crack.

A practical example is to see how the most popular applications such as games, in my case Tennis Clash, this game makes updates every 5 days.
 
Upvote 0
Top