Obfuscation of hard-coded security-sensitive strings.

Obfuscator.swift

//
//  Obfuscator.swift
//
//  Created by Dejan Atanasov on 2017-05-31.
//

import Foundation

class Obfuscator: AnyObject {
    
    // MARK: - Variables
    
    /// The salt used to obfuscate and reveal the string.
    private var salt: String = ""
    
    
    // MARK: - Initialization
    
    init(withSalt salt: [AnyObject]) {
        self.salt = salt.description
    }
    
    
    // MARK: - Instance Methods
    
    /**
     This method obfuscates the string passed in using the salt
     that was used when the Obfuscator was initialized.
     
     - parameter string: the string to obfuscate
     
     - returns: the obfuscated string in a byte array
     */
    func bytesByObfuscatingString(string: String) -> [UInt8] {
        let text = [UInt8](string.utf8)
        let cipher = [UInt8](self.salt.utf8)
        let length = cipher.count
        
        var encrypted = [UInt8]()
        
        for t in text.enumerated() {
            encrypted.append(t.element ^ cipher[t.offset % length])
        }
        
        #if DEVELOPMENT
        print("Salt used: \(self.salt)\n")
        print("Swift Code:\n************")
        print("// Original \"\(string)\"")
        print("let key: [UInt8] = \(encrypted)\n")
        #endif
    
        return encrypted
    }
    
    /**
     This method reveals the original string from the obfuscated
     byte array passed in. The salt must be the same as the one
     used to encrypt it in the first place.
     
     - parameter key: the byte array to reveal
     
     - returns: the original string
     */
    func reveal(key: [UInt8]) -> String {
        let cipher = [UInt8](self.salt.utf8)
        let length = cipher.count
        
        var decrypted = [UInt8]()
        
        for k in key.enumerated() {
            decrypted.append(k.element ^ cipher[k.offset % length])
        }
        
        return String(bytes: decrypted, encoding: .utf8)!
    }
}

Swift 4 Implementation

I might be missing something massive, but here is the Swift 4 implementation. Classes cannot conform to AnyObject in swift 4, so I standardized the initialization with a convenience init. @DejanEnspyra please correct me if I am wrong:

import Foundation

class Obfuscator {
    
    // MARK: - Variables
    
    /// The salt used to obfuscate and reveal the string.
    private var salt: String    
    
    // MARK: - Initialization
    
    init() {
        self.salt = "\(String(describing: AppDelegate.self))\(String(describing: NSObject.self))"
    }
    
    init(with salt: String) {
        self.salt = salt
    }
    
    
    // MARK: - Instance Methods
    
    /**
     This method obfuscates the string passed in using the salt
     that was used when the Obfuscator was initialized.
     
     - parameter string: the string to obfuscate
     
     - returns: the obfuscated string in a byte array
     */
    func bytesByObfuscatingString(string: String) -> [UInt8] {
        let text = [UInt8](string.utf8)
        let cipher = [UInt8](self.salt.utf8)
        let length = cipher.count
        
        var encrypted = [UInt8]()
        
        for t in text.enumerated() {
            encrypted.append(t.element ^ cipher[t.offset % length])
        }
        
        #if DEVELOPMENT
        print("Salt used: \(self.salt)\n")
        print("Swift Code:\n************")
        print("// Original \"\(string)\"")
        print("let key: [UInt8] = \(encrypted)\n")
        #endif
        
        return encrypted
    }
    
    /**
     This method reveals the original string from the obfuscated
     byte array passed in. The salt must be the same as the one
     used to encrypt it in the first place.
     
     - parameter key: the byte array to reveal
     
     - returns: the original string
     */
    func reveal(key: [UInt8]) -> String {
        let cipher = [UInt8](self.salt.utf8)
        let length = cipher.count
        
        var decrypted = [UInt8]()
        
        for k in key.enumerated() {
            decrypted.append(k.element ^ cipher[k.offset % length])
        }
        
        return String(bytes: decrypted, encoding: .utf8)!
    }
}

Usage

1. Add the class to your project, init the object and call func bytesByObfuscatingString(string: String) -> [UInt8]

final class ViewController: UIViewController {
    override func viewDidLoad() {
        super.viewDidLoad()
        let obfuscator = Obfuscator()
        print(obfuscator.bytesByObfuscatingString(string: "your_secret_string_here"))
    }
}

2. Retrieve your secret byte array from the console, and create a static container to hold it (enum to prevent init):

enum ObfuscatedConstants {
    static let obfuscatedString: [UInt8] = [34, 17, 93, 37, 21, 28, 72, 23, 20, 22, 72, 127, 98, 123, 87, 94, 92, 83, 76, 113]
}

3. Call and use (example with Google Ad SDK here).

GADMobileAds.configure(withApplicationID: Obfuscator().reveal(key: ObfuscatedConstants.obfuscatedString))

4. Party

Dear Dejan Enspyra,
Can you let me know if your codes follows APACHE license or not?
I would like to use your source code.

Swift 4.2
if you are using swift 4.2, you should replace AnyObject with Any in line 19 like this:
init(withSalt salt: [Any]) { self.salt = salt.description }

What license does this code have?

Question for steps 2 and 3, is it equally safe to replace with the following code ?

enum ObfuscatedConstants {
static let obfuscatedString = Obfuscator().reveal(key: [34, 17, 93, 37, 21, 28, 72, 23, 20, 22, 72, 127, 98, 123, 87, 94, 92, 83, 76, 113])
}
GADMobileAds.configure(withApplicationID: ObfuscatedConstants.obfuscatedString)

You can use: https://github.com/pjebs/Obfuscator-iOS

@thexande Don't you give a chance to init Obfuscator with an arbitrary salt (classes)?

This really helped thanks a ton!!!!

You can try: https://github.com/520coding/confuse