...
De-obfuscation enables mapping of the obfuscated classname a.a.g.a
to the original classname such as com.foo.bar
.
Instructions
In order to enable de-obfuscation of Android pre-prod app scan results, the following steps are necessary.
CI/CD should be enabled for your Android pre-prod build.
As part of the upload step, a mapping file should be included while uploading the app binary. This mapping file should be the same mapping file that was generated while building the
apk
binary in Android Studio. The location of the generated mapping file depends on your proguard settings in your Android project. The mapping file should be included as asourcemap
option in your CI/CD upload step as follows:Code Block language bash $ curl \ -F "file=@androidapp.apk" \ -F "sourcemap=@mapping.txt" \ -F "release_type=PRE_PROD" \ https://prod-dopinder-v2.securetheorem.com/_ah/upload/Aewsadw[...]/
Once a mapping file has been uploaded for a specific pre-prod app, all subsequent uploads will require a corresponding mapping file for scans to be completed. The mapping file requirement can be disabled by making a PATCH request with the requested setting as the body of the request to the Mobile Apps endpoint in the Results API v2 to disable it as follows:
Code Block language bash # Replace :mobile_app_id with the mobile app's ID from the portal or the Results API curl \ --request PATCH \ -H "Authorization: APIKey ..." \ --data '{"scans_require_mapping_file": false}' \ https://api.securetheorem.com/apis/mobile_security/results/v2/mobile_apps/:mobile_app_id
If you are running the above curl request on a Windows machine CLI, you would need to escape the quotes for the request body in order for the api call to succeed. For example:
Code Block ... --data '\"{\"scans_require_mapping_file\": false}' -H "Authorization: APIKey\" ..."
If there are no issues with the validation of the uploaded build and mapping file, the de-obfuscated scan results will show up in the portal. If there are any issues with the de-obfuscation, please reach out to support@datatheorem.com.
...
This would require your team’s Upload API key from the Data Theorem portal and used as follows:
Request
Code Block | ||
---|---|---|
| ||
curl \ -X POST \ -H "Authorization: APIKey YOUR_API_KEY" \ --data "" \ https://api.securetheorem.com/uploadapi/v1/upload_mapping_attachment_init |
Response
Code Block | ||
---|---|---|
| ||
{ "upload_url": "https://prod-dopinder-v2.securetheorem.com/api/v1/upload/sourcemap/2341c14f-c933-4a0b-v10b-bcfa1ad008d0" } |
...
Using the upload_url from the response in Step 1, perform the following request to upload the mapping file:
Request
Code Block | ||
---|---|---|
| ||
curl \ -F "file=@mapping.txt" \ -F "bundle_id=com.yourcompany.TestApp" \ -F "version=2.5" \ -F "release_type=APP_STORE" \ https://prod-dopinder-v2.securetheorem.com/_ah/upload/sourcemap/2341c14f-c933-4a0b-v10b-bcfa1ad008d0 |
...
Page Properties | ||
---|---|---|
| ||
|