Created
May 31, 2017 17:51
-
-
Save DejanEnspyra/80e259e3c9adf5e46632631b49cd1007 to your computer and use it in GitHub Desktop.
Obfuscation of hard-coded security-sensitive strings.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // | |
| // Obfuscator.swift | |
| // | |
| // Created by Dejan Atanasov on 2017-05-31. | |
| // | |
| import Foundation | |
| class Obfuscator: AnyObject { | |
| // MARK: - Variables | |
| /// The salt used to obfuscate and reveal the string. | |
| private var salt: String = "" | |
| // MARK: - Initialization | |
| init(withSalt salt: [AnyObject]) { | |
| self.salt = salt.description | |
| } | |
| // MARK: - Instance Methods | |
| /** | |
| This method obfuscates the string passed in using the salt | |
| that was used when the Obfuscator was initialized. | |
| - parameter string: the string to obfuscate | |
| - returns: the obfuscated string in a byte array | |
| */ | |
| func bytesByObfuscatingString(string: String) -> [UInt8] { | |
| let text = [UInt8](string.utf8) | |
| let cipher = [UInt8](self.salt.utf8) | |
| let length = cipher.count | |
| var encrypted = [UInt8]() | |
| for t in text.enumerated() { | |
| encrypted.append(t.element ^ cipher[t.offset % length]) | |
| } | |
| #if DEVELOPMENT | |
| print("Salt used: \(self.salt)\n") | |
| print("Swift Code:\n************") | |
| print("// Original \"\(string)\"") | |
| print("let key: [UInt8] = \(encrypted)\n") | |
| #endif | |
| return encrypted | |
| } | |
| /** | |
| This method reveals the original string from the obfuscated | |
| byte array passed in. The salt must be the same as the one | |
| used to encrypt it in the first place. | |
| - parameter key: the byte array to reveal | |
| - returns: the original string | |
| */ | |
| func reveal(key: [UInt8]) -> String { | |
| let cipher = [UInt8](self.salt.utf8) | |
| let length = cipher.count | |
| var decrypted = [UInt8]() | |
| for k in key.enumerated() { | |
| decrypted.append(k.element ^ cipher[k.offset % length]) | |
| } | |
| return String(bytes: decrypted, encoding: .utf8)! | |
| } | |
| } |
What license does this code have?
Question for steps 2 and 3, is it equally safe to replace with the following code ?
enum ObfuscatedConstants {
static let obfuscatedString = Obfuscator().reveal(key: [34, 17, 93, 37, 21, 28, 72, 23, 20, 22, 72, 127, 98, 123, 87, 94, 92, 83, 76, 113])
}
GADMobileAds.configure(withApplicationID: ObfuscatedConstants.obfuscatedString)
You can use: https://github.com/pjebs/Obfuscator-iOS
@thexande Don't you give a chance to init Obfuscator with an arbitrary salt (classes)?
This really helped thanks a ton!!!!
You can try: https://github.com/520coding/confuse
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Swift 4.2
if you are using swift 4.2, you should replace
AnyObjectwithAnyin line 19 like this:init(withSalt salt: [Any]) { self.salt = salt.description }