Auto-generated random secret key for encryption

packmad · packmad · commit 59d77ce8efac · 2019-09-03T17:37:27.000+02:00
diff --git a/src/obfuscapk/obfuscation.py b/src/obfuscapk/obfuscation.py
@@ -3,6 +3,8 @@
 
 import logging
 import os
+import secrets
+import string
 from typing import List, Union
 
 from . import util
@@ -27,6 +29,10 @@ def __init__(self, apk_path: str, working_dir_path: str = None, obfuscated_apk_p
         self.interactive: bool = interactive
         self.virus_total_api_key: List[str] = virus_total_api_key
 
+        # Random string (32 chars long) generation with ASCII letters and digits
+        self.encryption_secret = ''.join(secrets.choice(string.ascii_letters + string.digits) for _ in range(32))
+        self.logger.debug('Auto-generated random secret key for encryption: "{0}"'.format(self.encryption_secret))
+
         # The list of obfuscators already used on the application.
         self.used_obfuscators: List[str] = []
 
diff --git a/src/obfuscapk/obfuscators/asset_encryption/asset_encryption.py b/src/obfuscapk/obfuscators/asset_encryption/asset_encryption.py
@@ -19,12 +19,12 @@ class AssetEncryption(obfuscator_category.IEncryptionObfuscator):
     def __init__(self):
         self.logger = logging.getLogger('{0}.{1}'.format(__name__, self.__class__.__name__))
         super().__init__()
-
         self.encryption_secret = 'This-key-need-to-be-32-character'
 
     def obfuscate(self, obfuscation_info: Obfuscation):
         self.logger.info('Running "{0}" obfuscator'.format(self.__class__.__name__))
 
+        self.encryption_secret = obfuscation_info.encryption_secret
         try:
             # This instruction takes 2 registers, the latter contains the name of the asset file to load.
             open_asset_invoke_pattern = re.compile(r'\s+invoke-virtual\s'
@@ -127,7 +127,7 @@ def obfuscate(self, obfuscation_info: Obfuscation):
                     destination_dir = os.path.dirname(obfuscation_info.get_smali_files()[0])
                     destination_file = os.path.join(destination_dir, 'DecryptAsset.smali')
                     with open(destination_file, 'w', encoding='utf-8') as decrypt_asset_smali:
-                        decrypt_asset_smali.write(util.get_decrypt_asset_smali_code())
+                        decrypt_asset_smali.write(util.get_decrypt_asset_smali_code(self.encryption_secret))
                         obfuscation_info.decrypt_asset_smali_file_added_flag = True
 
             else:
diff --git a/src/obfuscapk/obfuscators/const_string_encryption/const_string_encryption.py b/src/obfuscapk/obfuscators/const_string_encryption/const_string_encryption.py
@@ -39,6 +39,7 @@ def encrypt_string(self, string_to_encrypt: str) -> str:
     def obfuscate(self, obfuscation_info: Obfuscation):
         self.logger.info('Running "{0}" obfuscator'.format(self.__class__.__name__))
 
+        self.encryption_secret = obfuscation_info.encryption_secret
         try:
             encrypted_strings: Set[str] = set()
 
@@ -187,7 +188,7 @@ def obfuscate(self, obfuscation_info: Obfuscation):
                 destination_dir = os.path.dirname(obfuscation_info.get_smali_files()[0])
                 destination_file = os.path.join(destination_dir, 'DecryptString.smali')
                 with open(destination_file, 'w', encoding='utf-8') as decrypt_string_smali:
-                    decrypt_string_smali.write(util.get_decrypt_string_smali_code())
+                    decrypt_string_smali.write(util.get_decrypt_string_smali_code(self.encryption_secret))
                     obfuscation_info.decrypt_string_smali_file_added_flag = True
 
         except Exception as e:
diff --git a/src/obfuscapk/obfuscators/lib_encryption/lib_encryption.py b/src/obfuscapk/obfuscators/lib_encryption/lib_encryption.py
@@ -25,6 +25,7 @@ def __init__(self):
     def obfuscate(self, obfuscation_info: Obfuscation):
         self.logger.info('Running "{0}" obfuscator'.format(self.__class__.__name__))
 
+        self.encryption_secret = obfuscation_info.encryption_secret
         try:
             native_libs = obfuscation_info.get_native_lib_files()
 
@@ -133,7 +134,7 @@ def obfuscate(self, obfuscation_info: Obfuscation):
                     destination_dir = os.path.dirname(obfuscation_info.get_smali_files()[0])
                     destination_file = os.path.join(destination_dir, 'DecryptAsset.smali')
                     with open(destination_file, 'w', encoding='utf-8') as decrypt_asset_smali:
-                        decrypt_asset_smali.write(util.get_decrypt_asset_smali_code())
+                        decrypt_asset_smali.write(util.get_decrypt_asset_smali_code(self.encryption_secret))
                         obfuscation_info.decrypt_asset_smali_file_added_flag = True
 
                 # Remove the original native libraries (the encrypted ones will be used instead).
diff --git a/src/obfuscapk/obfuscators/res_string_encryption/res_string_encryption.py b/src/obfuscapk/obfuscators/res_string_encryption/res_string_encryption.py
@@ -70,6 +70,7 @@ def encrypt_string_array_resources(self, string_array_resources_xml_file: str,
     def obfuscate(self, obfuscation_info: Obfuscation):
         self.logger.info('Running "{0}" obfuscator'.format(self.__class__.__name__))
 
+        self.encryption_secret = obfuscation_info.encryption_secret
         try:
             string_res_field_pattern = re.compile(r'\.field\spublic\sstatic\sfinal\s(?P<string_name>\S+?):I\s=\s'
                                                   r'(?P<string_id>[0-9a-fA-FxX]+)', re.UNICODE)
@@ -303,7 +304,7 @@ def obfuscate(self, obfuscation_info: Obfuscation):
                 destination_dir = os.path.dirname(obfuscation_info.get_smali_files()[0])
                 destination_file = os.path.join(destination_dir, 'DecryptString.smali')
                 with open(destination_file, 'w', encoding='utf-8') as decrypt_string_smali:
-                    decrypt_string_smali.write(util.get_decrypt_string_smali_code())
+                    decrypt_string_smali.write(util.get_decrypt_string_smali_code(self.encryption_secret))
                     obfuscation_info.decrypt_string_smali_file_added_flag = True
 
         except Exception as e:
diff --git a/src/obfuscapk/util.py b/src/obfuscapk/util.py
@@ -19,7 +19,6 @@
 random_seed = 42
 random.seed(random_seed)
 
-
 ##########################################################################################
 #                                 Common regex patterns.                                 #
 ##########################################################################################
@@ -70,6 +69,7 @@
 const_string_pattern = re.compile(r'\s+const-string(/jumbo)?\s(?P<register>[vp0-9]+),\s'
                                   r'"(?P<string>.+)"', re.UNICODE)
 
+
 ##########################################################################################
 
 
@@ -176,14 +176,16 @@ def get_smali_method_overload() -> str:
                                            'resources', 'smali', 'overloaded_method_body.smali'))
 
 
-def get_decrypt_asset_smali_code() -> str:
+def get_decrypt_asset_smali_code(encryption_secret: str) -> str:
     return get_text_from_file(os.path.join(os.path.dirname(__file__),
-                                           'resources', 'smali', 'DecryptAsset.smali'))
+                                           'resources', 'smali', 'DecryptAsset.smali'
+                                ).replace('This-key-need-to-be-32-character', encryption_secret))
 
 
-def get_decrypt_string_smali_code() -> str:
+def get_decrypt_string_smali_code(encryption_secret: str) -> str:
     return get_text_from_file(os.path.join(os.path.dirname(__file__),
-                                           'resources', 'smali', 'DecryptString.smali'))
+                                           'resources', 'smali', 'DecryptString.smali')
+                                ).replace('This-key-need-to-be-32-character', encryption_secret)
 
 
 def get_api_reflection_smali_code() -> str:
