"if you don't know what you're doing, your enemies won't either" - confucius
This is a string obfuscator for strings in Android Applications based on a encrypted strings that I have seen in a malware.
- Import the
DontLookHereclass located in the Android Application folder above - For every string, wrap your string with
DontLookHere.decrypt("<encryptme> *original string* </encryptme>")- You can refer to the
MainActivity.class
- You can refer to the
- Build a signed APK of your application
- Use
apktoolto decompile the.apkfile to get the.smalicodeapktool ./<apk_file>
- Locate the
.smalifile that contains your strings - Run
./srintgofcasbuter.py <.smali_file> - Recompile the folder back into an
.apkfile usingapktoolapktool b --use-aapt2 <folder>
- Re-sign the
.apkusingapksigner.\apksigner.bat sign --ks <.jks_file> <apk>
- Should be all done!
- Looks for
<encryptme> arbitrary string </encryptme>in.smalicode - Generates a random 16-character key
- Generates a random 16-character IV
- Encrypts with AES CFB
- Base64 encodes the result of (in order): Key + IV + Base64-encoded Cipher
- Replaces the
<encryptme>string with the result