Tool Secured Assets - Encrypt your assets files

This tool allows you to encrypt a set of files on the desktop and then add them to your project instead of the regular assets files. The problem with regular assets files is that it is very simple to extract them from the APK file as the APK file is just a standard zip file.

SS-2013-12-11_11.24.37.png



In the B4A program we need to unpack and decrypt the files. This is only done once. Unfortunately this step (deciphering) is quite slow. You should only use this solution with small files. It will be too slow for larger files.

The sub signature is:
B4X:
Private Sub UnpackEncryptedAssets(StoreName As String, Password As String, Version As Int)
The StoreName is the name of the database file.
Whenever you modify the store files you need to increase the version. Otherwise the store will not be unpacked. You can see the code in the attached example.

How to use

- Create the store file with the desktop tool and add it to the Files tab.
- Make sure that the Files folder only includes files that are not in the store. Remember that all files in this folder will be added to the APK.
- Add the UnpackEncryptedAssets sub, KeyValueStore class and the following libraries: SQL, RandomAccessFile.
- Call UnpackEncryptedAssets in your main activity when FirstTime is True.
- You will need to use Main.UpdatedAssetsFolder instead of File.DirAssets to access the unpacked files.
- The files names are case sensitive and are all lower cased. You should change the existing references accordingly.
- Make sure to use a process global variable for the password. The string will be obfuscated.

This tool is a bit of an overkill in most cases. A hacker with a rooted device can fetch the files from the internal folder after they are unpacked.

You can modify the code to delete the files after they are used. In that case you should also delete store.db that is created in the "version folder" (see the code).

The compiled tool can be downloaded here: www.b4x.com/b4j/files/SecuredAssets.jar
To build the B4J tool you will need to download the bouncy castle library: Share encrypted data with B4A
 

Attachments

  • B4J-SecuredAssets.zip
    4 KB · Views: 863
  • Asteroids_Encrypted.zip
    311.4 KB · Views: 940

Ydm

Active Member
Licensed User
Longtime User
I encrypt Zip files with Secured Assets.
No problem up to 2Mb.
I can encrypt files over 2Mb but I can not read them.
KVS gives an error on this line. (result = ser.ConvertBytesToObject(rs.GetBlob2(0)))
I created split zip files for large files.
In this case, unzip does not work correctly.
What can I do?
 

Ydm

Active Member
Licensed User
Longtime User
Sql does not give an error when I create split zip files. (File sizes are 1Mb.)
But I can not open siplited zip files with Archiver. Application is crashing.
It does not give an error, but it does not continue.
I use unzip method.
How can I unzip it?
 

Ydm

Active Member
Licensed User
Longtime User
I just need to encrypt Sqlite.
Size is 20Mb. Zip format 5Mb.
If I use Zip the APK will be smaller.
SQLCipher is very slow in queries. There are 50,000 records.
Can I do something with the JAR and JAVAOBJECT method? (Sample: #AdditionalJar: zip4j_1.3.2...)
Can I use zip4j? (For password and unzip)
 

Erel

B4X founder
Staff member
Licensed User
Longtime User
Decrypting a 5mb file will probably take too much time. Test it.

Another option is to only encrypt the sensitive data in the SQLite database.

Can I do something with the JAR and JAVAOBJECT method? (Sample: #AdditionalJar: zip4j_1.3.2...)
Can I use zip4j? (For password and unzip)
Please start a new thread for this in the questions forum.
 
Top