2

I'm working on a project and I need specific URL calls to be hidden; I don't want this URL to be visible. Here's an example of how the URL call would look.

public void example(View view) {
    goToUrl("example.com");
}
Improve this question

4 Answers 4

Reset to default
4

You really can't. You can obfuscate method names because in the end the original method name never needs to be known. You can just work with the obfuscation. Here you do eventually need to know the real URL. So there would need to be an unobfuscate function. Which means you could trivially get the result from there. Or you know, just track what url outgoing HTTP requests use via a proxy.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

I can't obfuscate the string url to Array data? I saw someone obfuscate string links with It.
You could- and it would stop anyone who knew anything about reverse engineering for about a minute and a half. If he was tired and not trying too hard. If the original needs to be known by the system (like it does here), then you're wasting your time by obfuscating.
3

One possibility is to use the array of integers with some shift operation for the strings which needs to be obfuscated. But as others already mentioned, this is just a mechanism to hide the plain string. With some effort, it can be decoded easily.

Gettign int array code

public static String getIntArrayCode(String string) {
  int[] result = new int[string.length()];
  for (int i = 0; i < string.length(); i) {
    int numericValue = Character.codePointAt(string, i);
    result[i] = numericValue << 3;
  }
  StringBuffer arrayCode = new StringBuffer();
  arrayCode.append("new int[]{");
  for (int i = 0; i < result.length; i) {
    arrayCode.append(result[i]);
    if (i < result.length - 1) {
      arrayCode.append(",");
    }
  }
  arrayCode.append("}");
  return arrayCode.toString();
}

This int array needs to be copied to the code.

To unobfuscate, use the method

public static String getString(int[] data) {
  StringBuffer test = new StringBuffer();
  for (int i = 0; i < data.length; i) {
    int t = data[i] >> 3;
    test.append((char) t);
  }
  return test.toString();
}

Usage :

//"Hello12345&%$";
int []data1 = new int[]{1152,1616,1728,1728,1776,784,800,816,832,848,608,592,576};
System.out.println(getString(data1));

Obfuscating the application (eg : using Proguard ) would help to hide the decode function to some extend.

Improve this answer

Comments

2

Taking a look back at this question after almost 2 years, This question has gotten quite a lot of attention, I have found some obfuscators that I ended up using for String obfuscation but every Obfuscation can be broken. This is my List of obfuscators that encrypts Strings I will start of by listing paid obfuscators.

1. Zelix Klass Master

Their official website is https://zelix.com

This is one of the best java obfuscators for either jar or android in my opinion. How ever It's not cheap as expected because of how good the obfuscator is.

A single license can cost you $239 If you are a small developer or $479 if you are a team of developer (Comapany).

You can see the list of features here

2. DexGuard

Their official website is https://www.guardsquare.com/en

DexGuard is an Obfuscator made by the people who are behind Proguard

This is the second best obfuscator in my opinion. The name obfuscation is way better then the name obfuscation on Zelix.

I am not sure about their pricing since I have never used it but I have seen it being used on applications. How ever you can request a pricing here

Free Obfuscators.

You can find free alternative's such as StringCare and Paranoid

They aren't as good as the one's I listed above, It would take at most 5 seconds for someone with basic knowledge of java to crack your program with these two tools.

Improve this answer

1 Comment

Why would the free tools be so easy to crack compared to the others? What do the paid ones do that the free ones don't?
-1

For obfuscating Strings you can now use a new gradle plugin + library, Please check it here

https://github.com/MichaelRocks/paranoid

Also now there is a new plugin which can obfuscate resources also, please check it below

https://github.com/shwenzhang/AndResGuard

share so more developers can use it and thus more and more developers will contribute to the further development of these plugins, and thus we can collectively improve these plugins.

Improve this answer

1 Comment

Does AndResGuard obfuscate strings values ? It seems Paranoid wasn't updated in a while, and it has serious build-time issues and won't be able to build at all on gradle plugin v8 : github.com/MichaelRocks/paranoid/issues/65

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.