Last active
January 9, 2023 20:26
-
-
Save pankaj89/326d26e615989ccf899b6288987f0168 to your computer and use it in GitHub Desktop.
Proguard & Encrypt - Secure Apk
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
package com.master.locationhelper; | |
import android.util.Base64; | |
import android.util.Log; | |
import java.io.UnsupportedEncodingException; | |
import java.security.GeneralSecurityException; | |
import java.security.MessageDigest; | |
import java.security.NoSuchAlgorithmException; | |
import javax.crypto.Cipher; | |
import javax.crypto.spec.IvParameterSpec; | |
import javax.crypto.spec.SecretKeySpec; | |
public class AESHelper { | |
private static final String TAG = "AESCrypt"; | |
//AESCrypt-ObjC uses CBC and PKCS7Padding | |
private static final String AES_MODE = "AES/CBC/PKCS7Padding"; | |
private static final String CHARSET = "UTF-8"; | |
//AESCrypt-ObjC uses SHA-256 (and so a 256-bit key) | |
private static final String HASH_ALGORITHM = "SHA-256"; | |
//AESCrypt-ObjC uses blank IV (not the best security, but the aim here is compatibility) | |
private static final byte[] ivBytes = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}; | |
//togglable log option (please turn off in live!) | |
public static boolean DEBUG_LOG_ENABLED = false; | |
/** | |
* Generates SHA256 hash of the password which is used as key | |
* | |
* @param password used to generated key | |
* @return SHA256 of the password | |
*/ | |
private static SecretKeySpec generateKey(final String password) throws NoSuchAlgorithmException, UnsupportedEncodingException { | |
final MessageDigest digest = MessageDigest.getInstance(HASH_ALGORITHM); | |
byte[] bytes = password.getBytes("UTF-8"); | |
digest.update(bytes, 0, bytes.length); | |
byte[] key = digest.digest(); | |
log("SHA-256 key ", key); | |
SecretKeySpec secretKeySpec = new SecretKeySpec(key, "AES"); | |
return secretKeySpec; | |
} | |
/** | |
* Encrypt and encode message using 256-bit AES with key generated from password. | |
* | |
* @param password used to generated key | |
* @param message the thing you want to encrypt assumed String UTF-8 | |
* @return Base64 encoded CipherText | |
* @throws GeneralSecurityException if problems occur during encryption | |
*/ | |
public static String encrypt(final String password, String message) | |
throws GeneralSecurityException { | |
try { | |
final SecretKeySpec key = generateKey(password); | |
log("message", message); | |
byte[] cipherText = encrypt(key, ivBytes, message.getBytes(CHARSET)); | |
//NO_WRAP is important as was getting \n at the end | |
String encoded = Base64.encodeToString(cipherText, Base64.NO_WRAP); | |
log("Base64.NO_WRAP", encoded); | |
return encoded; | |
} catch (UnsupportedEncodingException e) { | |
if (DEBUG_LOG_ENABLED) | |
Log.e(TAG, "UnsupportedEncodingException ", e); | |
throw new GeneralSecurityException(e); | |
} | |
} | |
/** | |
* More flexible AES encrypt that doesn't encode | |
* | |
* @param key AES key typically 128, 192 or 256 bit | |
* @param iv Initiation Vector | |
* @param message in bytes (assumed it's already been decoded) | |
* @return Encrypted cipher text (not encoded) | |
* @throws GeneralSecurityException if something goes wrong during encryption | |
*/ | |
public static byte[] encrypt(final SecretKeySpec key, final byte[] iv, final byte[] message) | |
throws GeneralSecurityException { | |
final Cipher cipher = Cipher.getInstance(AES_MODE); | |
IvParameterSpec ivSpec = new IvParameterSpec(iv); | |
cipher.init(Cipher.ENCRYPT_MODE, key, ivSpec); | |
byte[] cipherText = cipher.doFinal(message); | |
log("cipherText", cipherText); | |
return cipherText; | |
} | |
/** | |
* Decrypt and decode ciphertext using 256-bit AES with key generated from password | |
* | |
* @param password used to generated key | |
* @param base64EncodedCipherText the encrpyted message encoded with base64 | |
* @return message in Plain text (String UTF-8) | |
* @throws GeneralSecurityException if there's an issue decrypting | |
*/ | |
public static String decrypt(final String password, String base64EncodedCipherText) | |
throws GeneralSecurityException { | |
try { | |
final SecretKeySpec key = generateKey(password); | |
log("base64EncodedCipherText", base64EncodedCipherText); | |
byte[] decodedCipherText = Base64.decode(base64EncodedCipherText, Base64.NO_WRAP); | |
log("decodedCipherText", decodedCipherText); | |
byte[] decryptedBytes = decrypt(key, ivBytes, decodedCipherText); | |
log("decryptedBytes", decryptedBytes); | |
String message = new String(decryptedBytes, CHARSET); | |
log("message", message); | |
return message; | |
} catch (UnsupportedEncodingException e) { | |
if (DEBUG_LOG_ENABLED) | |
Log.e(TAG, "UnsupportedEncodingException ", e); | |
throw new GeneralSecurityException(e); | |
} | |
} | |
/** | |
* More flexible AES decrypt that doesn't encode | |
* | |
* @param key AES key typically 128, 192 or 256 bit | |
* @param iv Initiation Vector | |
* @param decodedCipherText in bytes (assumed it's already been decoded) | |
* @return Decrypted message cipher text (not encoded) | |
* @throws GeneralSecurityException if something goes wrong during encryption | |
*/ | |
public static byte[] decrypt(final SecretKeySpec key, final byte[] iv, final byte[] decodedCipherText) | |
throws GeneralSecurityException { | |
final Cipher cipher = Cipher.getInstance(AES_MODE); | |
IvParameterSpec ivSpec = new IvParameterSpec(iv); | |
cipher.init(Cipher.DECRYPT_MODE, key, ivSpec); | |
byte[] decryptedBytes = cipher.doFinal(decodedCipherText); | |
log("decryptedBytes", decryptedBytes); | |
return decryptedBytes; | |
} | |
private static void log(String what, byte[] bytes) { | |
if (DEBUG_LOG_ENABLED) | |
Log.d(TAG, what + "[" + bytes.length + "] [" + bytesToHex(bytes) + "]"); | |
} | |
private static void log(String what, String value) { | |
if (DEBUG_LOG_ENABLED) | |
Log.d(TAG, what + "[" + value.length() + "] [" + value + "]"); | |
} | |
/** | |
* Converts byte array to hexidecimal useful for logging and fault finding | |
* | |
* @param bytes | |
* @return | |
*/ | |
private static String bytesToHex(byte[] bytes) { | |
final char[] hexArray = {'0', '1', '2', '3', '4', '5', '6', '7', '8', | |
'9', 'A', 'B', 'C', 'D', 'E', 'F'}; | |
char[] hexChars = new char[bytes.length * 2]; | |
int v; | |
for (int j = 0; j < bytes.length; j++) { | |
v = bytes[j] & 0xFF; | |
hexChars[j * 2] = hexArray[v >>> 4]; | |
hexChars[j * 2 + 1] = hexArray[v & 0x0F]; | |
} | |
return new String(hexChars); | |
} | |
private AESHelper() { | |
} | |
public static String suffle(String key, String message) { | |
try { | |
String decodedKey = decrypt(message, key); | |
return decrypt(decodedKey, message); | |
} catch (GeneralSecurityException e) { | |
e.printStackTrace(); | |
} | |
return null; | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#################################################################################################### | |
#################################################################################################### | |
#################################################################################################### | |
######################################### PROGUARD ################################################# | |
#################################################################################################### | |
#################################################################################################### | |
#################################################################################################### | |
# This is a configuration file for ProGuard. | |
# http://proguard.sourceforge.net/index.html#manual/usage.html | |
-dontusemixedcaseclassnames | |
-dontskipnonpubliclibraryclasses | |
-verbose | |
# Optimization is turned off by default. Dex does not like code run | |
# through the ProGuard optimize and preverify steps (and performs some | |
# of these optimizations on its own). | |
#-dontoptimize | |
#-dontpreverify | |
# If you want to enable optimization, you should include the | |
# following: | |
-optimizations !code/simplification/arithmetic,!code/simplification/cast,!field/*,!class/merging/* | |
-optimizationpasses 5 | |
-allowaccessmodification | |
# | |
# Note that you cannot just include these flags in your own | |
# configuration file; if you are including this file, optimization | |
# will be turned off. You'll need to either edit this file, or | |
# duplicate the contents of this file and remove the include of this | |
# file from your project's proguard.config path property. | |
-keep public class * extends android.app.Activity | |
-keep public class * extends android.app.Application | |
-keep public class * extends android.app.Service | |
-keep public class * extends android.content.BroadcastReceiver | |
-keep public class * extends android.content.ContentProvider | |
-keep public class * extends android.app.backup.BackupAgent | |
-keep public class * extends android.preference.Preference | |
-keep public class * extends android.support.v4.app.Fragment | |
-keep public class * extends android.support.v4.app.DialogFragment | |
-keep public class * extends com.actionbarsherlock.app.SherlockListFragment | |
-keep public class * extends com.actionbarsherlock.app.SherlockFragment | |
-keep public class * extends com.actionbarsherlock.app.SherlockFragmentActivity | |
-keep public class * extends android.app.Fragment | |
-keep public class com.android.vending.licensing.ILicensingService | |
# For native methods, see http://proguard.sourceforge.net/manual/examples.html#native | |
-keepclasseswithmembernames class * { | |
native <methods>; | |
} | |
-keep public class * extends android.view.View { | |
public <init>(android.content.Context); | |
public <init>(android.content.Context, android.util.AttributeSet); | |
public <init>(android.content.Context, android.util.AttributeSet, int); | |
public void set*(...); | |
} | |
-keepclasseswithmembers class * { | |
public <init>(android.content.Context, android.util.AttributeSet); | |
} | |
-keepclasseswithmembers class * { | |
public <init>(android.content.Context, android.util.AttributeSet, int); | |
} | |
-keepclassmembers class * extends android.app.Activity { | |
public void *(android.view.View); | |
} | |
# For enumeration classes, see http://proguard.sourceforge.net/manual/examples.html#enumerations | |
-keepclassmembers enum * { | |
public static **[] values(); | |
public static ** valueOf(java.lang.String); | |
} | |
-keep class * implements android.os.Parcelable { | |
public static final android.os.Parcelable$Creator *; | |
} | |
-keepclassmembers class **.R$* { | |
public static <fields>; | |
} | |
-keep class android.support.v4.app.** { *; } | |
-keep interface android.support.v4.app.** { *; } | |
-keep class com.actionbarsherlock.** { *; } | |
-keep interface com.actionbarsherlock.** { *; } | |
# The support library contains references to newer platform versions. | |
# Don't warn about those in case this app is linking against an older | |
# platform version. We know about them, and they are safe. | |
-dontwarn android.support.** | |
-dontwarn com.google.ads.** |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
public static String getUrl() { | |
try { | |
//**Comment 7 lines on release** | |
String key = "com.location"; | |
String value = "https://security.stackexchange.com/questions"; | |
String encryptMessage = AESHelper.encrypt(key, value); | |
String encryptedKey = AESHelper.encrypt(encryptMessage, key); | |
Log.i("URL", "Encrypted Key : " + encryptedKey); | |
Log.i("URL", "Encrypted Value : " + encryptMessage); | |
Log.i("URL", "Decrypted Value : " + AESHelper.suffle(encryptedKey, encryptMessage)); | |
String decryptedMessage = AESHelper.suffle("Yx4Bwd4VpgcdROpHBQm4nX4fPYhZyL9CbCzfyxyo4HU=", "R6sjhLA6/LyyffJBAOlawXxuielwQ+F380CdTf7YXWC/PZc3kt8uBH3ORtjZTIh4"); | |
Log.i("URL", "Decrypted Url : " + decryptedMessage); | |
return decryptedMessage; | |
} catch (Exception e) { | |
e.printStackTrace(); | |
} | |
return ""; | |
} | |
**********build.gradle************* | |
android { | |
buildTypes { | |
release { | |
minifyEnabled true | |
proguardFiles getDefaultProguardFile('proguard-android.txt'), | |
'proguard-rules.pro' | |
} | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Nendhd