幹貨|加密shared_prefs/xml中的内容防竊取

Secure Preferences用來加密Android上的Shared Preferences防止安全防護不足的情況下被竊取

https://github.com/scottyab/secure-preferences
https://github.com/scottyab/secure-preferences/releases
git clone https://github.com/scottyab/secure-preferences.git
           

編譯secure-preferences源碼中的library子產品生成了library-debug.aar

secure-preferences\library\build\outputs\aar\library-debug.aar
           

Android項目中引用secure-preferences加密子產品

library-debug.aar
或
implementation 'com.scottyab:secure-preferences-lib:0.1.7'
           

@DebugLog
public SharedPreferences getSharedPreferences() {
  if(mSecurePrefs==null){
    mSecurePrefs = new SecurePreferences(this, "", "my_prefs.xml");
    SecurePreferences.setLoggingEnabled(true);
  }
  return mSecurePrefs;
}

@DebugLog
public SharedPreferences getSharedPreferences1000() {
  try {
    AesCbcWithIntegrity.SecretKeys myKey = AesCbcWithIntegrity.generateKeyFromPassword(Build.SERIAL,AesCbcWithIntegrity.generateSalt(),1000);
    return new SecurePreferences(this, myKey, "my_prefs_1000.xml");
  } catch (GeneralSecurityException e) {
    Log.e(TAG, "Failed to create custom key for SecurePreferences", e);
  }
  return null;
}
           

@DebugLog
public SharedPreferences getDefaultSharedPreferences() {
  return PreferenceManager.getDefaultSharedPreferences(this);
}

@DebugLog
public SecurePreferences getUserPinBasedSharedPreferences(String password){
  if(mUserPrefs==null) {
    mUserPrefs = new SecurePreferences(this, password, "user_prefs.xml");
  }
  return mUserPrefs;
}

@DebugLog
public boolean changeUserPrefPassword(String newPassword){
  if(mUserPrefs!=null){
    try {
      mUserPrefs.handlePasswordChange(newPassword, this);
      return true;
    } catch (GeneralSecurityException e) {
      Log.e(TAG, "Error during password change", e);
    }
  }
  return false;
}
           

Android系統本地/data/data/XXXXXX/shared_prefs目錄裡xml檔案加密後的效果圖

XML using Standard Android SharedPreferences

<map>
    <int name="timeout" value="500" />
    <boolean name="is_logged_in" value="true" />
</map>
           

XML with SecurePreferences

<map>
    <string name="TuwbBU0IrAyL9znGBJ87uEi7pW0FwYwX8SZiiKnD2VZ7">
        pD2UhS2K2MNjWm8KzpFrag==:MWm7NgaEhvaxAvA9wASUl0HUHCVBWkn3c2T1WoSAE/g=rroijgeWEGRDFSS/hg
    </string>
    <string name="8lqCQqn73Uo84Rj">k73tlfVNYsPshll19ztma7U">
        pD2UhS2K2MNjWm8KzpFrag==:MWm7NgaEhvaxAvA9wASUl0HUHCVBWkn3c2T1WoSAE/g=:jWm8KzUl0HUHCVBWkn3c2T1WoSAE/g=
    </string>
</map>
           

implementation 'com.scottyab:secure-preferences-lib:0.1.7'
           

幹貨|Android免Root最全Hook插件(Hook任意App)