https://stackoverflow.com/questions/19968385
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianWithout looking at your code, no amount of obfuscation is going to 100% hide an "in the clear" private key.
Is ProGuard or JNI capable of protecting assets stored in Android apk file?
-
30-07-2022 - |
Question
I've tried to package the apk with encrypted assets(image, text, etc.).
When it's run on Android the assets will be decrypted and then displayed (of course I hard-coded the decryption key in the source code).
I guess: as long as the source code is protected, then the decryption key will also be protected, which means the assets is finally protected?
Questions:
1. If ProGuard is used to obfuscate the apk, is the decryption key safe?
2. If I code the decryption key in JNI(C++) and let JNI do the decryption, is the decryption key safer?
I've also made 2 demo Android apps with encrypted assets that you can try hacking.
The first one uses obfuscated Java to decrypt the assets with AES key (hard-coded in Java):
https://drive.google.com/file/d/0B9O3ChlSQJL1dVZUZmFtWlRyMXc/edit?usp=sharing
The second one uses JNI to decrypt the assets with AES key (hard-coded in JNI):
https://drive.google.com/file/d/0B9O3ChlSQJL1UWU0VlprcXdVUjg/edit?usp=sharing
If you are able to get the original assets in the first demo, please let me know.
If you are able to get the original assets in the second demo, please also let me know.
Any suggestions about better solutions for assets protection are appreciated!
Solution
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
