Hide Strings Using NDK / JNI from Reverse Engineering

Related: How To Hide Your API Key

On this blog post you will know about how to reverse engineer an Android applications. It is very easy to extract hardcoded strings such as URL's, username, passwords, api keys and api secrets in your app using reverse engineering tools (even if R8 or proguard is enabled in your gradle build) .

Loosing those strings can cause serious privacy issues. The hacker can use this information to create scripts to modify the backend databases (if your backend api do not verify its client).

But there are many ways to make it hard to extract for hacker.

  1. Encrypted properties.
  2. Public / private API key exchange.
    • Digital signature
  3. NDK / JNI (safest).

Android NDK / JNI (Java Native Interface)

Using NDK / JNI is one of the difficult way for hacker to extract secret information. It is hard to reverse engineer a compiled C++ code.

For example projects, you can clone my Protect Strings Using NDK Project



Connect with me on LinkedIn: https://www.linkedin.com/in/ronillo-ang/

Comments

Post a Comment

Popular posts from this blog

How To Unit Test Android ViewModel With LiveData & Kotlin Coroutines

Image
In this blog posts, I will show you a project that demonstrate unit testing for ViewModel with LiveData with Kotlin Coroutines that follows a basic MVVM or MVI Architecture. We will write a unit tests for a ViewModel that makes a network call to validate if its behaving as expected or not. The implementation is already in my Bitbucket. Checkout this commit  You should go through the project and come back here. The project follows a basic MVVM architecture and has the full unit test implementation. Basically the unit tests mock, spy and observe the object and its dependencies and we'll use assertions and verifications methods. We never really uses production data in unit-tests. We never really uses actual objects in unit tests. Unit tests as its name implies `unit` is a test of smaller parts of a large system. Your project must be testable to begin with. The objects or classes in your system must be mockable. If not you should do some re-work. You can do some research on how to w...
Read more

CTF Practice - Reverse Engineering Android Apps 101

Image
Introduction On this blog we will crack some real world unsecured Android applications. For educational purpose only! Disclaimer:  This guide is provided "as is" with no warranties with regard to the accuracy and completeness of the information provided herein. I am not responsible for any bad outcomes you or anyone may have because you followed this guide. I expect you to have knowledge of some programming language (Java, Kotlin, C/C++, C#), an inquisitive mind to try things out, and the patience to first google and try to find answers to simple questions. Environment : OpenJDK 8 Android Studio SDK Visual Studio Code IDE with APKLab Reverse Engineering Android Apps - DEX Bytecode The goal of this exercise is to crack a real world Android apps to bypass the verification code to become a premium user. Step 0x1 Download the Apk . Step 0x2 Decompile the APK with Visual Studio Code. Step 0x3 Examine the manifest. We see that it only have one activity. Step 0x4 Look for if-else co...
Read more

Strengths and Weaknesses of iOS & Android

In the ever-evolving landscape of mobile technology, two giants stand at the forefront: iOS and Android. Each operating system boasts its own set of strengths and weaknesses, catering to different preferences and priorities of users worldwide. Let’s delve into the intricacies of both platforms to understand their distinct qualities. iOS: Unmatched Integration and Security iOS, the proprietary operating system developed by Apple, is renowned for its seamless integration of hardware and software. This cohesion ensures a consistently smooth user experience across various Apple devices such as the iPhone, iPad, and iPod Touch. The meticulous optimization of iOS for Apple’s hardware enhances performance and reliability, setting a high standard for user satisfaction. One of iOS’s standout features is the unparalleled quality of its applications. The rigorous review process enforced by Apple before apps are accepted into the App Store ensures a level of quality and security that users can tru...
Read more