Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

An exercise to research and explore the best ways to hide a secret in the code of a mobile app. Article:https://blog.approov.io/how-to-extract-an-api-key-from-a-mobile-app-with-static-binary-analysis

NotificationsYou must be signed in to change notification settings

approov/android-hide-secrets

Repository files navigation

A quick demo to show several ways of hiding secrets in a mobile app, like in:

  • source code
  • manifest file
  • gradle file
  • JNI/NDK

SETUP

To set the API key forGRADLE_ENV_API_KEY:

$export GRADLE_ENV_API_KEY=$(echo"api-key-for-gradle-file-from-env"| openssl dgst -binary -sha256| openssl enc -base64)$echo$GRADLE_ENV_API_KEYsrqGFqMm23R6A7YJbAEmKRuSQ6TWnLq3YNtAWbEoSuE=

To set the API key forJNI_API_KEY:

$  cp -v app/src/main/cpp/api_key.h.example app/src/main/cpp/api_key.h'app/src/main/cpp/api_key.h.example' ->'app/src/main/cpp/api_key.h'

Now edit the fileapp/src/main/cpp/api_key.h and look for the palce holderANDROID_HIDE_SECRETS_API_KEY_H and replace its dummy valueplace-the-api-key-here with your desired API key, maybe like:

echo"api-key-for-the-jni-file"| openssl dgst -binary -sha256| openssl enc -base64yDbx5R+a6zJ3H76iU9YB9U0GY6DjZ4FiWFb8vCMCdLg=

RUN

Just start your Android Studio and build and run this project as usual for anyother mobile app.

The app is a dummy one that only shows in the main screen all API keys hidden inthe code, just to prove that we can retrieve them.

[8]ページ先頭
©2009-2025 Movatter.jp