Unveiling Hidden Strings in Obfuscated Code

Obfuscators like ProGuard can enhance code security by obfuscating visible strings, but they may not suffice for sensitive information such as URLs or licensing data.

Hiding Sensitive Strings

To conceal sensitive strings effectively, consider the following techniques:

• Encoding: Encode strings using methods like Base64 to make them appear scrambled.
• Encryption: Encrypt strings using algorithms like AES to render them unintelligible without the encryption key.

To implement these techniques, you can:

1. Manually encrypt the string using a known key.
2. Adjust your code to use the decrypted version of the string. For example:

// Before encryption
public class Foo {
    private String mySecret = "http://example.com";
}

// After encryption
public class Foo {
    private String encrypted = "";
    private String key = "";
    private String mySecret = MyDecryptUtil.decrypt(encrypted, key);
}

Locating the R Class

During decompilation, the R class is not always readily visible due to obfuscation. However, the ProGuard mapping file can provide insights into its location:

• Locate the "classes" section in the mapping file.
• Search for "R.java" to find the original path of the R class.
• Navigate to that path in the decompiled code directory to access the R class.

Understanding R Class Numbers

Numbers like "2130903058" in decompiled code represent resource IDs. These numbers refer to resources in your project, such as layout files.

To find the corresponding resources:

• Decompile the R.java file from the mapping file.
• Search for the resource ID in the decompiled R.java file.
• The corresponding resource (e.g., layout file) will be specified in the search results.