Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Next »

Data Theorem currently supports de-obfuscating Android pre-prod apps scan results which have been obfuscated using the proguard tool. De-obfuscation is done via the retrace tool which requires the use of a corresponding mapping file for each uploaded build that requires de-obfuscation.

Obfuscated classnames are currently presented in the Data Theorem portal as follows:

Obfuscated class: a.a.g.a when connecting to tcp://foo.bar.com:8445/

De-obfuscation enables mapping of the obfuscated classname a.a.g.a to the original classname such as com.foo.bar.

Instructions

In order to enable de-obfuscation of Android pre-prod app scan results, the following steps are necessary.

  1. CI/CD should be enabled for your Android pre-prod build.

  2. As part of the upload step, a mapping file should be included while uploading the app binary. This mapping file should be the same mapping file that was generated while building the apk binary in Android Studio. The location of the generated mapping file depends on your proguard settings in your Android project. The mapping file should be included as a sourcemap option in your CI/CD upload step as follows:

    $ curl -F file=@androidapp.apk -F sourcemap=@mapping.txt https://prod-dopinder-v2.securetheorem.com/_ah/upload/Aewsadw[...]/

  3. Once a mapping file has been uploaded for a specific pre-prod app, all subsequent uploads will require a corresponding mapping file for scans to be completed. The mapping file requirement can be disabled by making a PATCH request with the requested setting as the body of the request to the Mobile Apps endpoint in the Results API v2 to disable it as follows:

    curl --request PATCH https://api.securetheorem.com/apis/mobile_security/results/v2/mobile_apps/:mobile_app_id --data '{"scans_require_mapping_file": true}' -H "Authorization: APIKey ..."

  4. If there are no issues with the validation of the uploaded build and mapping file, the de-obfuscated scan results will show up in the portal. If there are any issues with the de-obfuscation, please reach out to support@datatheorem.com.

De-obfuscation of App Store apps scan results is not supported at this time.

  • No labels