From ca9eff5efe56e4ac1d65fda6e3d91dc6235986ac Mon Sep 17 00:00:00 2001
From: theopensourceguy <dev@theopensourceguy.de>
Date: Tue, 13 Aug 2019 11:12:57 +0200
Subject: Obfuscate window tags for JS injection

* Generates a random prefix at startup
* Obfuscates tags based on their hashCode and a salt
  generated at startup as well as the generated prefix
* Name mappings are logged in debug mode
---
 .../com/pitchedapps/frost/injectors/JsInjector.kt  | 40 +++++++++++++++++++++-
 1 file changed, 39 insertions(+), 1 deletion(-)

diff --git a/app/src/main/kotlin/com/pitchedapps/frost/injectors/JsInjector.kt b/app/src/main/kotlin/com/pitchedapps/frost/injectors/JsInjector.kt
index 13032479..5d8c55e6 100644
--- a/app/src/main/kotlin/com/pitchedapps/frost/injectors/JsInjector.kt
+++ b/app/src/main/kotlin/com/pitchedapps/frost/injectors/JsInjector.kt
@@ -16,10 +16,14 @@
  */
 package com.pitchedapps.frost.injectors
 
+import android.util.Log
 import android.webkit.WebView
+import com.pitchedapps.frost.BuildConfig
+import com.pitchedapps.frost.utils.L
 import com.pitchedapps.frost.web.FrostWebViewClient
 import org.apache.commons.text.StringEscapeUtils
 import java.util.Locale
+import kotlin.random.Random
 
 class JsBuilder {
     private val css = StringBuilder()
@@ -38,7 +42,7 @@ class JsBuilder {
     }
 
     fun single(tag: String): JsBuilder {
-        this.tag = "_frost_${tag.toLowerCase(Locale.CANADA)}"
+        this.tag = TagObfuscator.obfuscateTag(tag)
         return this
     }
 
@@ -106,4 +110,38 @@ fun FrostWebViewClient.jsInject(vararg injectors: InjectorContract) = web.jsInje
 class JsInjector(val function: String) : InjectorContract {
     override fun inject(webView: WebView) =
         webView.evaluateJavascript(function, null)
+}
+
+/**
+ * Helper object to obfuscate window tags for JS injection.
+ */
+private object TagObfuscator {
+
+    fun obfuscateTag(tag: String) : String {
+        val rnd = Random(tag.hashCode() + salt)
+        val obfuscated = StringBuilder()
+            .append(prefix)
+            .append(randomChars(rnd, tag.length))
+        L._d { "TagObfuscator: Obfuscating tag '$tag' to '$obfuscated'" }
+        //if (BuildConfig.DEBUG) {
+        //    return "_frost_${tag.toLowerCase(Locale.CANADA)}"
+        //} else
+        return obfuscated.toString()
+    }
+
+    private val salt by lazy { System.currentTimeMillis() }
+
+    private val prefix by lazy {
+        val rnd = Random(System.currentTimeMillis())
+        val length = rnd.nextInt(10, 16)
+        randomChars(rnd, length)
+    }
+
+    private fun randomChars(random: Random, count: Int) : String {
+        val result = StringBuilder()
+        for (i in 1..count) {
+            result.append('a' + random.nextInt(0, 26))
+        }
+        return result.toString()
+    }
 }
\ No newline at end of file
-- 
cgit v1.2.3