B4J Question ["Solved"] Only a sad comment (obfuscation)

[LucaMs]

When you develop a client/server project (B4A - B4J) you cannot obfuscate the name of client's routines called by the server .



uhm... (thinking)... Maybe you can send ObfuscatorMap.tx to the server and then...

uhm... and then, if you update the client... (?).


I have to think more.

 

[LucaMs]

Well, first of all, I should ask to Erel to change the obfuscator so it can create prefixes to distinguish the names of the routines from variable names
(this would not be essential, just to avoid using all obfuscated names on server side).

Then, the server would need to distinguish between new and old versions of clients.
Yet to be studied

 

[Ed Brown]

Hmm, that is an interesting problem.

As both the client and server are two different programs/projects each would have its own obfuscator map. As you have already thought, you could pass the client's obfuscator map file to the server and the server's obfuscator map file to the client for each connection. That should take care of the versioning issue as you're able to lookup the name easily. What would make this easier is if the map file had the method name and the obfuscated name around the other way. ie. instead of having v5=appconnections it would have appconnections=v5. By doing this it would be a simple matter of loading a Map from the file.

Another way would be to obfuscate the method names yourself in your code. The issue with this is having to keep track and/or remember what each obfuscated method name is - ie. what each method's function/purpose is.

I think the first approach would be better. Just remember to encrypt the map files before sending them between the client and server.

 

[Erel]

You can add underscores to the subs that should be excluded from the obfuscator.

 

[LucaMs]

As both the client and server are two different programs/projects each would have its own obfuscator map

I thought just to the client's routines, given that I'll not sell my server, but it should be considered.


I'm thinking something like:

The Client will send its version code (only once, on connection, then the version will be stored in a websocket attribute session).

The Server will have a folder containing a file for each client version (I'm the devolper then I know and I have all the obfuscator map files).

So, the server will call client's routines in a way like:

' mapAllCLRoutines is a Map of Maps (mapVerCLRoutines)
Dim mapAllCLRoutines, mapVerCLRoutines As Map

'<omissis - code to read all map files>



Dim ClientVersion As Int = ws.Session.GetAttribute("ClientVersion")

mapVerCLRoutines = mapAllCLRoutines.Get(ClientVersion)

Dim RoutineObfName As String = mapVerCLRoutines.Get("RoutineToCall")

ws.RunFunction(RoutineObfName, Array As Object("Ciao"))
ws.Flush

Do you see any problems? Or have you better solutions?


Thank you


P.S. As I wrote, it should be better if I had files containing only name of routines; I have to search but I think that the Obfuscator is not an Anywhere Software... software, so I think it isn't possible.

 

[LucaMs]

P.S. As I wrote, it should be better if I had files containing only name of routines; I have to search but I think that the Obfuscator is not an Anywhere Software... software, so I think it isn't possible.

A solution could be prefix all routine's names (client): rtnRoutineName, for example.

Since you'll have to create a new "obfuscator map file" for the server, which will look like:

rtnRoutineName,vvv0
rtnOtherRoutine,vvv1
rtnThirdRoutine,vvvvv0

you will be able to filter the "original obfuscator map file" based on the prefix (rtn)

(file name: CLRoutineNames4, where 4 is the client version code; this will be used to fill mapAllCLRoutines)

 

[LucaMs]

Done

 

[LucaMs]

Now:

1) Client's routines names called by server start with a prefix ("rtn"); this is not mandatory, but in this way you get a shorter obfuscator map (file and in memory) for the server;
2) A my little tool (VB.Net) creates the "obfuscator map file for server" based on ObfuscatorMap.txt (client file) which I copy to a server folder
3) Client's app sends the app version name and a "flag" to inform the server if I'm using an obfuscated version (so the server will know if it have to call obfuscated client's routines names or not - this is useful when you're developing and running the client in debug mode)

All works well.

It is strange that no one has had this need.


[I used VB.Net only because I don't know how to implement the Drag&Drop with B4J To my knowledge this is only possible between two B4J applications]

 

[LucaMs]

[I used VB.Net only because I don't know how to implement the Drag&Drop with B4J To my knowledge this is only possible between two B4J applications]

Now I have developed the B4J version