Project

obfuskit

0.0
No release in over a year
obfuskitmgratzer/obfuskitHomepageDocumentationSource CodeBug TrackerWiki
Generate Swift and Kotlin files with obfuscated environment variables.
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
2025
2026
 Popularity
Downloads
14,302
Stars
3
Forks
0
Watchers
1
 Releases
Current version
0.4.0
Total releases
6
First release
2024-01-16
Latest release
2024-04-22
 Issues
Open Issues
2
Closed Issues
6
Total Issues
8
Issue Closure Rate
75%
 Pull Requests
Open Pull Requests
0
Closed Pull Requests
0
Merged Pull Requests
10
Pull Request Acceptance Rate
100%
 Development
Primary Language
Ruby
Licenses
MIT
Average date of last 50 commits
2024-02-22
Reverse Dependencies
0

 Dependencies
 Project Readme

ObfusKit

ObfusKit is a ruby script that generates obfuscated secrets for Swift and Kotlin.

Installation and usage

Install the latest version of the gem using:

gem install obfuskit

Call obfuskit -h for help.

Usage: obfuskit [options]

Specific options:
    -l, --language [LANGUAGE]        Output language (swift, kotlin). Kotlin requires a package parameter.
    -k SECRET_1,SECRET_2,SECRET_3,   List of environment variable keys
        --keys
    -p, --package [PACKAGE]          Package name for Kotlin
    -t, --type [TYPE]                Output type name. Defaults to `ObfusKit`
    -e, --env [PATH]                 Path to an alternative .env file

Common options:
    -h, --help                       Show this message
    -v, --version                    Show version

Swift

To generate Swift code, run the following command:

obfuskit -l swift -k SECRET_1,SECRET_2 > generated.swift

It will create the file generated.swift containing an obfuscated version of the environment variables SECRET_1 and SECRET_2. This file should be excluded from the git repository and generated at build time. The obfuscation salt is regenerated for each run.

import Foundation

enum ObfusKit {
	static let SECRET_1: String = _o.r([30, 113, 37, 119, 32, 37, 36])
	static let SECRET_2: String = _o.r([24, 117, 35, 119, 38, 33, 34])

	private class _3f3eccd2e5ea46b39738e5502bda6bef { }
	private static let _o = O(String(describing: _3f3eccd2e5ea46b39738e5502bda6bef.self))
}
// ...

Kotlin

The same concept applies to the Kotlin language using:

obfuskit -l kotlin -p com.myapp.configuration.environment -k SECRET_1,SECRET_2 > generated.kt

It will create the Kotlin version generated.kt.

package com.myapp.configuration.environment

object ObfusKit {
        private val _o = O(_6572131328ef462d9d4a05cf4b2a2516::class.java.simpleName)
        private class _6572131328ef462d9d4a05cf4b2a2516

        val SECRET_1: String = _o.r(byteArrayOf(30, 116, 118, 115, 119, 119, 116))
        val SECRET_2: String = _o.r(byteArrayOf(24, 112, 112, 115, 113, 115, 114))
}
// ...

Android Code shrinking and Obfuscation

Proguard/R8 changes class names and method names. This will break revealing secrets at run time. To prevent this, add the according rules to your proguard-rules.pro file or use the --keep-annotation parameter to inject a custom annotation like @androidx.annotation.Keep into the generated code.

For example:

obfuskit -l kotlin -p com.myapp.configuration.environment -k SECRET_1,SECRET_2 --keep-annotation @androidx.annotation.Keep > generated.kt

Use a custom .env file location

Use the -e option to define the path to a different .env file, e.g., if you want to reuse the fastlane/.env file.

obfuskit -l swift -k SECRET_3,SECRET_4 -e fastlane/.env > generated.swift

Features

  • Generate Swift
  • Generate Kotlin
  • Read Secrets from the Environment
  • Add dynamic salt for obfuscation
  • Support for .env files
  • Use template engine for code generation
  • Read secrets from 1Password CLI