Merge pull request #10 from cruxprotocol/feature/insecure-environment…

…-security-fixes

Feature/insecure environment security fixes

app/build.gradle

@@ -13,7 +13,13 @@ android {
     }
     buildTypes {
         release {
-            minifyEnabled false
+            // Enables code shrinking, obfuscation, and optimization for only
+            // your project's release build type.
+            minifyEnabled true
+
+            // Enables resource shrinking, which is performed by the
+            // Android Gradle plugin.
+            shrinkResources true
             proguardFiles getDefaultProguardFile('proguard-android-optimize.txt'), 'proguard-rules.pro'
         }
     }

app/proguard-rules.pro

@@ -19,3 +19,8 @@
 # If you keep the line number information, uncomment this to
 # hide the original source file name.
 #-renamesourcefileattribute SourceFile
+
+# To fix errors and force R8 to keep certain code, add a -keep line in the ProGuard rules file. For example:
+# -keep public class MyClass
+-dontwarn com.crux.sdk.**
+-keep class com.crux.sdk.** {*;}

app/src/main/java/com/example/liquid_test_2/MainActivity.java

@@ -2,6 +2,7 @@
 
 import android.content.Context;
 import android.os.Bundle;
+import android.widget.Toast;
 
 import androidx.appcompat.app.AppCompatActivity;
 
@@ -38,7 +39,14 @@ public String runScript(final Context androidContextObject) throws IOException,
                 .setWalletClientName("cruxdev")
                 .setPrivateKey("cdf2d276caf0c9c34258ed6ebd0e60e0e8b3d9a7b8a9a717f2e19ed9b37f7c6f");
 
-        final CruxClient client = new CruxClient(configBuilder, androidContextObject);
+        CruxClient client;
+        try {
+            client = new CruxClient(configBuilder, androidContextObject);
+        } catch(CruxClientError e) {
+            Toast.makeText(androidContextObject, "Client caught and reraised:" + e.errorMessage, Toast.LENGTH_LONG).show();
+            System.out.println("use debug version for development");
+            return null;
+        }
 
         final String testAvailabilityCruxId = "yadu007";
         client.isCruxIDAvailable(testAvailabilityCruxId, new CruxClientResponseHandler<Boolean>() {

sdk/src/main/java/com/crux/sdk/CruxClient.java

@@ -1,17 +1,20 @@
 package com.crux.sdk;
 
 import android.content.Context;
+import android.os.Debug;
 
 import com.crux.sdk.bridge.CruxJSBridge;
 import com.crux.sdk.bridge.CruxJSBridgeAsyncRequest;
 import com.crux.sdk.bridge.handlerImpl.CruxJSBridgeResponseHandlerImpl;
+import com.crux.sdk.model.AndroidCruxClientErrorCode;
 import com.crux.sdk.model.CruxAddress;
 import com.crux.sdk.model.CruxClientError;
 import com.crux.sdk.model.CruxClientInitConfig;
 import com.crux.sdk.model.CruxClientResponseHandler;
 import com.crux.sdk.model.CruxIDState;
 import com.crux.sdk.model.CruxParams;
 import com.crux.sdk.model.CruxPutAddressMapSuccess;
+import com.crux.sdk.security.SdkSafety;
 import com.google.gson.Gson;
 import com.google.gson.reflect.TypeToken;
 
@@ -25,9 +28,15 @@ public class CruxClient {
     private final CruxJSBridge jsBridge;
 
     public CruxClient(CruxClientInitConfig.Builder configBuilder, Context androidContextObject) throws IOException, CruxClientError {
+
+        SdkSafety sf = new SdkSafety(androidContextObject);
+        if (sf.checkSafety()) {
+            throw CruxClientError.getCruxClientError(AndroidCruxClientErrorCode.runningInUnsafeEnvironment);
+        }
         this.jsBridge = new CruxJSBridge(configBuilder, androidContextObject);
     }
 
+
     public void getCruxIDState(final CruxClientResponseHandler<CruxIDState> handler) {
         CruxJSBridgeAsyncRequest bridgeRequest = new CruxJSBridgeAsyncRequest("getCruxIDState", new CruxParams(), new CruxJSBridgeResponseHandlerImpl(CruxIDState.class, handler));
         jsBridge.executeAsync(bridgeRequest);

sdk/src/main/java/com/crux/sdk/model/AndroidCruxClientErrorCode.java

@@ -5,6 +5,7 @@ public class AndroidCruxClientErrorCode {
     // 888s: Android Error Series
     public static Integer getCruxClientInitConfigStringFailed = 8881000;
     public static Integer cruxAddressMappingConversionFailed = 8881001;
+    public static Integer runningInUnsafeEnvironment = 8881002;
 
 }
 

sdk/src/main/java/com/crux/sdk/model/AndroidCruxClientErrorString.java

@@ -9,6 +9,7 @@ public class AndroidCruxClientErrorString {
     static {
         errorCodeToErrorStringMap = new HashMap<Integer, String>();
         errorCodeToErrorStringMap.put(AndroidCruxClientErrorCode.getCruxClientInitConfigStringFailed, "Could not initialize cruxClientConfig");
+        errorCodeToErrorStringMap.put(AndroidCruxClientErrorCode.runningInUnsafeEnvironment, "CRUX SDK should not run in unsafe environment");
         errorCodeToErrorStringMap.put(AndroidCruxClientErrorCode.cruxAddressMappingConversionFailed, "Could not create CruxAddressMapping");
     }
 }

sdk/src/main/java/com/crux/sdk/security/AntiDebug.java

@@ -0,0 +1,118 @@
+package com.crux.sdk.security;
+
+import android.content.Context;
+import android.os.Debug;
+import android.content.pm.ApplicationInfo;
+
+import java.io.BufferedReader;
+import java.io.FileReader;
+import java.io.IOException;
+import java.net.InetAddress;
+import java.net.Socket;
+import java.net.UnknownHostException;
+
+public class AntiDebug {
+
+    private final Context mContext;
+
+    public AntiDebug(Context context) {
+        mContext = context;
+    }
+
+    public boolean isDebugging() {
+
+        if (Debug.isDebuggerConnected()) {
+            return true;
+        }
+
+        return (mContext.getApplicationContext().getApplicationInfo().flags & ApplicationInfo.FLAG_DEBUGGABLE) != 0;
+    }
+
+    //**************************************** TracerPid begin ************************************
+
+    public static boolean isTracerPid() {
+
+        if (isLocalPortUsing(23946)) {
+            return true;
+        }
+
+        String tracerPid = getTracerPid();
+        if (!"0".equals(tracerPid)) {
+            return true;
+        }
+
+        return false;
+    }
+
+    /***
+     *  true:already in using  false:not using
+     * @param port
+     */
+    private static boolean isLocalPortUsing(int port) {
+        boolean flag = true;
+        try {
+            flag = isPortUsing("127.0.0.1", port);
+        } catch (Exception e) {
+        }
+        return flag;
+    }
+
+    /***
+     *  true:already in using  false:not using
+     * @param host
+     * @param port
+     * @throws UnknownHostException
+     */
+    private static boolean isPortUsing(String host, int port) throws UnknownHostException {
+        boolean flag = false;
+        InetAddress theAddress = InetAddress.getByName(host);
+        try {
+            Socket socket = new Socket(theAddress, port);
+            flag = true;
+        } catch (IOException e) {
+        }
+        return flag;
+    }
+
+    private static String getTracerPid() {
+        BufferedReader bufferedReader = null;
+        String readLine = "";
+        try {
+            bufferedReader = new BufferedReader(new FileReader("/proc/self/status"));
+            do {
+                readLine = bufferedReader.readLine();
+                if (readLine == null) {
+                    break;
+                }
+
+            } while (!readLine.startsWith("TracerPid:"));
+            readLine = readLine.substring("TracerPid:".length()).trim();
+
+        } catch (Exception e) {
+            e.printStackTrace();
+        } finally {
+            if (bufferedReader != null) {
+                try {
+                    bufferedReader.close();
+                } catch (Exception e) {
+                    e.printStackTrace();
+                }
+            }
+        }
+        return readLine;
+    }
+    //**************************************** TracerPid end **************************************
+
+    //**************************************** network test begin *********************************
+    public static boolean checkGrabData() {
+        try {
+            String proxyHost = System.getProperty("http.proxyHost");
+            String proxyPort = System.getProperty("http.proxyPort");
+            return proxyHost != null || proxyPort != null;
+        } catch (Exception e) {
+            e.printStackTrace();
+            return false;
+        }
+    }
+    //**************************************** network test end ***********************************
+}

sdk/src/main/java/com/crux/sdk/security/AntiEmulator.java

@@ -0,0 +1,45 @@
+package com.crux.sdk.security;
+
+import android.os.Build;
+
+import androidx.core.os.EnvironmentCompat;
+
+public class AntiEmulator {
+    public static boolean isEmulator() {
+        int rating = 0;
+        if (Build.PRODUCT.equals("sdk") || Build.PRODUCT.equals("google_sdk") || Build.PRODUCT.equals(
+                "sdk_x86") || Build.PRODUCT.equals("vbox86p")) {
+            rating = 1;
+        }
+
+        if (Build.MANUFACTURER.equals(EnvironmentCompat.MEDIA_UNKNOWN) || Build.MANUFACTURER.equals(
+                "Genymotion")) {
+            rating++;
+        }
+
+        if (Build.BRAND.equals("generic") || Build.BRAND.equals("generic_x86")) {
+            rating++;
+        }
+
+        if (Build.DEVICE.equals("generic") || Build.DEVICE.equals("generic_x86") || Build.DEVICE.equals(
+                "vbox86p")) {
+            rating++;
+        }
+
+        if (Build.MODEL.equals("sdk") || Build.MODEL.equals("google_sdk") || Build.MODEL.equals(
+                "Android SDK built for x86")) {
+            rating++;
+        }
+
+        if (Build.HARDWARE.equals("goldfish") || Build.HARDWARE.equals("vbox86")) {
+            rating++;
+        }
+
+        if (Build.FINGERPRINT.contains("generic/sdk/generic") || Build.FINGERPRINT.contains(
+                "generic_x86/sdk_x86/generic_x86") || Build.FINGERPRINT.contains(
+                "generic/google_sdk/generic") || Build.FINGERPRINT.contains("generic/vbox86p/vbox86p")) {
+            rating++;
+        }
+        return rating >= 2;
+    }
+}