native_armor_vault 2.0.2 copy "native_armor_vault: ^2.0.2" to clipboard
native_armor_vault: ^2.0.2 copied to clipboard

Production-ready native secret storage for Flutter. Multi-layer encryption, compiler optimization protection, configurable security checks, and function obfuscation. No plaintext in binary!

2.0.2 🛡️ - Maximum Security Update #

CRITICAL SECURITY FIXES & NEW FEATURES

🚨 Critical Security Fixes: #

  • Compiler Constant Folding Prevention: Fixed critical vulnerability where compiler optimization (-O3) would decrypt secrets at compile-time and embed plaintext in binary

    • Added __attribute__((noinline)) to prevent function inlining
    • Implemented volatile operations to prevent optimization
    • Split session key into 4 parts with runtime reconstruction
    • Result: Secrets are now truly encrypted in the binary!
  • Thread Safety: Fixed race condition in static buffer usage with thread_local storage

  • Symbol Visibility: Fixed FFI symbol export issues

    • Only exported FFI functions are visible
    • Internal security functions remain hidden
    • Proper -fvisibility=hidden with selective exports

✨ New Features: #

  • Configurable Security Checks: New security section in native_vault.yaml

    security:
      enable_checks: false  # true for production, false for development
      violation_mode: 'fake'  # 'throw', 'fake', or 'empty'
    
    • Allows development/testing on emulators without security warnings
    • Full security can be enabled for production builds
  • Enhanced Encryption:

    • Runtime key reconstruction prevents compile-time decryption
    • Multi-layer encryption maintained at runtime
    • No plaintext secrets in binary (verified with strings/hexdump)

🔧 Bug Fixes: #

  • Encryption/Decryption Mismatch: Fixed critical bug with __TIME__ macro instability
  • S-box Synchronization: Fixed 16-byte vs 256-byte S-box mismatch
  • Memory Management: Removed incorrect calloc.free() on static buffers
  • iOS Symbol Export: Fixed undefined symbol errors on iOS builds

📈 Improvements: #

  • Better error messages during generation
  • Security status clearly indicated in generated code
  • Improved documentation with configuration examples

⚠️ Breaking Changes: #

  • native_vault.yaml now supports optional security section
  • Generated code structure changed (still backward compatible)

Action Required:

flutter pub upgrade native_armor_vault
dart run native_armor_vault:generate
flutter clean
flutter build apk --release  # or ios

Security Level: ⭐⭐⭐⭐ (4/5) - Production Ready!


2.0.1 🔧 #

Critical Hotfix - Build compatibility fixes

Fixed:

  • Removed hardcoded CMake version (3.18.1) - now auto-detects from SDK
  • Disabled LLVM obfuscation flags by default
  • Added stack protection (-fstack-protector-strong)

2.0.0 🔥 #

Maximum Security Release

New Features:

  • Multi-layer encryption
  • Runtime key derivation
  • Anti-debugging protection
  • Root/jailbreak detection
  • Function name obfuscation
4
likes
140
points
532
downloads

Publisher

unverified uploader

Weekly Downloads

Production-ready native secret storage for Flutter. Multi-layer encryption, compiler optimization protection, configurable security checks, and function obfuscation. No plaintext in binary!

Homepage
Repository (GitHub)
View/report issues

Documentation

API reference

License

MIT (license)

Dependencies

ffi, flutter, path, yaml

More

Packages that depend on native_armor_vault

Packages that implement native_armor_vault