Ad

Is It Necessary To Secure The Secret (e.g., Key) In The .so File?

A private key has been #define in the C code of .so file. This key is used for the customized authentication process between client-server.

In some video and blog, people show how to disassemble .so file using IDA as well as extract function information. The output should be assembly language. How difficult to extract the key value from such output?

If the answer is the key defined in .so also needs protection, do I need to apply obfuscation on the C code before converting it to .so? Whether the normal algorithm will be affected for C?

Ad

Answer

It is possible and for skilled reverse engineer it is more or less easy. Obfuscating the secret key only slows down the hacker, but don't give you 100% protection. Consider using certificates signed by some authority.

Ad
source: stackoverflow.com
Ad