Task #13209
Task #13202: Huawei Pentest Remidiation
HUAWEI - L5 - Partial Source Code Obfuscation
Status: | Closed - End of life cycle | Start date: | September 06, 2022 | |
---|---|---|---|---|
Priority: | Normal | Due date: | September 16, 2022 | |
Assignee: | MUHAMMAD IHSAN | % Done: | 100% | |
Category: | PCI DSS - Pentest | Spent time: | - | |
Target version: | - |
Description
Desription :
Obfuscation is a technique employed to hide the intent of an application. The techniques used to obscure the intent of an application can vary widely. The most effective techniques can increase the effort of reverse engineering and hinder cracking, and theft of intellectual property.
LGMS Solution :
Ensure that source code is always being obfuscated to deter malicious users from accessing the application code and business logic.
There are a number of obfuscating tools available for programmers to obfuscate the source code; however, these tools are hardware dependent.
Penril Plan :
To check the complication.
History
#1 Updated by Nurul Athira Abdul Rahim about 2 years ago
- Parent task set to #13202
#2 Updated by MUHAMMAD IHSAN about 2 years ago
- File Caller.png added
- File Android build gradle.png added
- Status changed from New - Begin Life Cycle to Finished Development
- % Done changed from 0 to 100
The team tested the application to check the code obfuscation. Using Java Decompiler allows the team to read the source code of each class file. The team found Caller class file is obfuscated, compared to the pentest finding. However, the team make a slight change to use 'proguard-android-optimize.txt' to replace 'proguard-android.txt', as it's the setting recommended by Android to enable shrinking, obfuscation, and optimization.
#3 Updated by Binti Marobi Athirah Umairah over 1 year ago
- Status changed from Finished Development to Closed - End of life cycle
Deployed to SIT on 15/4/22
Deployed to UAT on 18/4/22
Confirmed by azyan on 23/3/23, now pending LGMS feedback and new testing cycle result.