I'm using Xamarin and I have all my API keys stored in my PCL in a file called appconfig.json
When the APK is generated, where are my API keys stored?
Can somebody take this APK and decompile to get the contents of this file?
I know is possible, but I'm on a mac and so don't have access to windows tools.
Can somebody walk me through these steps to read the contents of appconfig.json once its compiled? This is only so that I can prove it can be done -- which I know it can, its just taking me too long. Thanks!
So lets assume I have this json file flagged as EmbeddedResource within one of my application's assemblies (call SomeLibrary):
{
"Password": "SushiHangover",
"Logging": {
"Debug": {
"LogLevel": {
"Default": "Warning"
}
},
"Console": {
"LogLevel": {
"Default": "Warning"
}
}
}
}
I archive & publish an .apk.
unzip com.sushihangover.SomeApp.apk -d foobar
Use ikdasm to search for embedded resources:
find . -name "*.dll" -print0 | xargs -n 1 -0 -J % ikdasm % | grep .mresource
.mresource public charinfo.nlp
.mresource public collation.core.bin
.mresource public collation.tailoring.bin
.mresource public mscorlib.xml
.mresource public SomeLibrary.appconfig.json
Found the appconfig.json resource, so we can use ikdasm again to get from details.
ikdasm assemblies/SomeLibrary.dll
~~~~
69 62 72 61 72 79 00 00 ) // ...SomeLibrary..
.hash algorithm 0x00008004
.ver 1:0:0:0
}
.mresource public SomeLibrary.appconfig.json
{
// Offset: 0x00000000 Length: 0x00000116
// WARNING: managed resource file SomeLibrary.appconfig.json created
}
.module SomeLibrary.dll
// MVID: {3100E9F8-3BB0-4E49-ADC7-33B284FCCFAE}
.imagebase 0x00400000
~~~~
string the assemblies to get the details:cd foobar
find . -name "*.dll" -print0 | xargs -n 1 -0 -J % strings %
~~~
mscoree.dll
!This program cannot be run in DOS mode.
.text
`.rsrc
@.reloc
"Password": "SushiHangover",
"Logging": {
"Debug": {
"LogLevel": {
"Default": "Warning"
}
},
"Console": {
"LogLevel": {
"Default": "Warning"
}
}
}
BSJB
v4.0.30319
~~~~