Geek Answers Handbook

What is the point of encrypting anyting in Android (or Java) if the source code can be programmed from the other side?

Android and Java provide a crypto API that is relatively easy to use for crypto experts.

But since we know that no code can really be protected from reverse engineering, especially string constants used as seeds or shared secrets, I wonder: what's the point of passing the encryption and decryption test in Android applications?

Did I miss something?

Trying to make my question more understandable and specific: Suppose I have an application in which certain lines used by code and code (i.e. not ) should be secret: one approach is to store them in an encrypted form in compiled .apk and decrypt them (using hard-coded password obfuscation) at runtime. Another approach would be to store them in encrypted form on a remote server, retrieve them (via the Internet) and decrypt them (using a common password) at run time.

I do not see much difference between the two, since both require that the "secret key" be present in the code (reverse engineer).

Is there a solution to this problem?

If there is no solution, why encrypt at all?

+8
java android encryption decompiling reverse-engineering
source share
5 answers

This is not a problem with Android or Java. Everything can be undone, it's just harder if it's native code. And keep in mind that they don’t even need to change it: you must ultimately decrypt the data in memory in order to manipulate it. For now, an attacker can just take a memory dump and they will get your data. If they have physical access to the device and you manage the data in the software, you really can't do anything to stop it. The solution for this is to use a special hardware module (HSM), which is protected from unauthorized access or at least tampering (if someone ruins it, it either deletes all the data, or at least saves some event logs) . They come in many shapes and sizes, from smart cards to networked devices that are expensive. It is currently unavailable for Android, but it may get something similar to TPM, so you can safely store your keys and perform cryptographic operations on the equipment.

So, consider how sensitive your data is and choose the appropriate level of protection.

You might want to download it via SSL (which will protect it along the way), making sure that you authenticate the server (so you know that you are receiving the correct data from a reliable place) and the client (so you can be sure that you are giving data only to the appropriate person). You can use SSL client authentication for this, and it will be much more secure than any ordinary encryption / key exchange scheme (or anyone who is not a specialist in cryptography).

+5
source share

The common secret in the crypto API is not what you would save in the application (as you say, it would be vulnerable to reverse engineering), although it may not be as vulnerable as you expected, obfuscation is quite simple).

Imagine that you wanted to create / read encrypted files on your phone (for your secret shopping list).

After creating it, you save it using the main password (which is immediately discarded by the program). Then, when you want to read it, you need to re-enter your master password. This is a shared secret referenced by the API, and it is completely tangential for reverse engineering.

+3
source share

The problem you are describing is somewhat similar to storing the master password for the problem with the password manager.

In this case, the proposed solution uses salt for password hashes .

+2
source share

ateiob Every time you store the main password in the application, you really just complicate the access of unauthorized users to encrypted data a little.

Firstly, we can agree that data encryption using the "master key" built into the application and saving data on the phone is open in order to have a "master key" with reverse processing and data decryption.

Secondly, I think we can agree that encrypting data with a secret password and then deleting the secret password should be quite secure using strong encryption, 256-bit keys and strong passwords. Both methods apply to programming on mobile devices. In fact, iOS supports BOTH needs out of the box.

 [keychainData setObject:@"password" forKey:(id)kSecValueData];

Perhaps a real example might help.

Let's say that if the temporary data field is to be stored and protected on low memory, it can be encrypted with the main password and cleared when the user clears the temporary data field. A temporary data field is never saved as plain text.

Thus, there are two passwords, a master password built into the application for temporary short-term encryption and a secret password, which should usually be entered by the user, for long-term stored encrypted data.

Finally, if you are encrypting files, consider adding a different level of indirection. So the current secret password is used to encrypt a random key, which is used to encrypt all user files. This allows the user to change the secret password without the need to decrypt, encrypt all encrypted files.

+1
source share

It is assumed that the attacker has a copy of your code. The confidentiality of your data should depend entirely on the key. See The Kerckhoffs Principle .

To keep the secret key, you must separate it from your code. Remember. Keep it on a piece of paper in your wallet. Store it on a USB drive, which is usually stored in a safe. Use a program such as PasswordSafe . There are many possibilities.

Of course, you can make any attacker work his way through many layers of keys to get to what she really needs. PasswordSafe and the like are one such option. You will notice that such programs do not provide you with the ability to “remember your password” for you.

-one
source share

More articles:


All Articles