The reasons those secret keys were so easily discovered is because they were hidden in software. Avoid hiding secrets in software at all cost – obfuscation will only get you so far. Ask yourself this: How well can I hide a key in software from someone with full access to the disassembly, user mode and … Read more
If you do obfuscate, stay away from obfuscators that modify the code by changing code flow and/or adding exception blocks and such to make it hard to disassemble it. To make the code unreadable it is usually enough to just change all names of methods, fields and classes. The reason to stay away from changing … Read more
Hiding internal names requires a few simple Xcode build settings, and it is not generally necessary to modify source or change the type of the built product. Eliminate any internal symbols required between modules by performing a single-object prelink. Set the Xcode build setting named “Perform Single-Object Prelink” to Yes (GENERATE_MASTER_OBJECT_FILE=YES). This causes ld to … Read more
Here is probably a more visual way to check. In the newer release of Android Studio, it comes with the APK Analyser that let user explore what is in the APK file and it is handy to check if your class has been obfuscated. Below image shows that both package and method name have been … Read more
The solution that fully meets my needs would be SHC – a free tool, or CCsh a commercial tool. Both compile shell scripts to C, which then can be compiled using a C compiler. Links about SHC: https://github.com/neurobin/shc http://www.datsi.fi.upm.es/~frosal/ http://www.downloadplex.com/Linux/System-Utilities/Shell-Tools/Download-shc_70414.html Links about CCsh: http://www.comeaucomputing.com/faqs/ccshlit.html
In a nutshell, the main difference between Dotfuscator Community Edition and the other “professional” editions is that Community Edition will only really obfuscate and change your namespaces, method names, and other “public” accessible aspects of your classes. It won’t delve into the functions themselves and obfuscate the “private” code within the function. Also, the Community … Read more
Seems like it’s a warning message coming from the new play console, you can solve it just by setting your minimum api level to 29 or even better by uploading the retrace mapping file as described here. Enable minify : buildTypes { release { minifyEnabled true proguardFiles getDefaultProguardFile(‘proguard-android-optimize.txt’), ‘proguard-rules.pro’ } } After building apk/app bundle … Read more
JavaScript remains one of the best mailto obfuscator. For users with JavaScript disabled you may want to substitute the mailto link with a link to a contact form. The following is a popular JavaScript anti spam email obfuscator: http://www.jottings.com/obfuscator/ There is also a php version of the above to be able to generate obfuscated emails … Read more
Yes, you can definitely hide/encode/encrypt the php source code and ‘others’ can install it on their machine. You could use the below tools to achieve the same. Zend Guard IonCube SourceGuardian phpSHIELD phpBolt (free) But these ‘others’ can also decode/decrypt the source code using other tools and services found online. So you cannot 100% protect … Read more
You can obfuscate it, but there’s no way of protecting it completely. example obfuscator: https://obfuscator.io