Destringcare

Latest version: v0.0.5

Safety actively analyzes 682471 Python packages for vulnerabilities to keep your Python projects secure.

Scan your dependencies

0.0.5

0.0.4

Removed `pycrypto` due to security issue
This is due to:
* [CVE-2018-6594](https://nvd.nist.gov/vuln/detail/CVE-2018-6594) Moderate severity
* [CVE-2013-7459](https://nvd.nist.gov/vuln/detail/CVE-2013-7459) Moderate severity

More information: https://github.com/dlitz/pycrypto/issues/253

Replacing StringCare secrets
Added `replaced` argument for replacing Stringcare secrets.

bash
destringcare --resign Appname_v1.0.2494.apk mapped.json


where `mapped.json` is a key-value dictionary in JSON:
json
{
"firebase_database_url": "https://some-path.somewhere.io",
"google_storage_bucket": "another-path.appspot.com"
}


Printing out common plaintext properties
This is done by using `--other` argument.

bash
destringcare --other Appname_v1.0.2494.apk

0.0.3

Not secure
When rebuilding an Android application, the 'res/values/strings.xml' needs to be replaced with the resigned xml version `resigned-strings.xml`.

Then the application can be rebuilt with `apktool`:
bash
$ apktool b -d apk -o app-unsigned.apk


In v0.0.2 this failed to work due to invalid symbols in the produced xml file. With v0.0.3 it works.

Another issue is that the original xml file may contain a string value which contains `in <font color="'`, which does not appear in the decoded output due to `pyaxmlparser` Python package. If this is a big issue, a workaround is to add an option to `DeStringCare` to use an already decoded xml input from `apktool`.

0.0.2

Not secure
Now all you need is just an APK file. This tool will extract the secrets from it automatically.

Sample usage:
bash
destringcare Appname_v1.0.2494.apk


Sample output:
json
{
"mixpanel_api_key": "7b23daa71cdbb9e6d07f29a36de960f3"
}


Previously it was also necessary to add path to an XML file containing the string resources. That's no longer needed.

0.0.1

Not secure

Links

Releases

© 2024 Safety CLI Cybersecurity Inc. All Rights Reserved.