native_armor_vault 2.0.2

native_armor_vault: ^2.0.2 copied to clipboard

CRITICAL SECURITY FIXES & NEW FEATURES

🚨 Critical Security Fixes: #

• Compiler Constant Folding Prevention: Fixed critical vulnerability where compiler optimization (-O3) would decrypt secrets at compile-time and embed plaintext in binary

  • Added __attribute__((noinline)) to prevent function inlining
  • Implemented volatile operations to prevent optimization
  • Split session key into 4 parts with runtime reconstruction
  • Result: Secrets are now truly encrypted in the binary!

• Thread Safety: Fixed race condition in static buffer usage with thread_local storage

• Symbol Visibility: Fixed FFI symbol export issues

  • Only exported FFI functions are visible
  • Internal security functions remain hidden
  • Proper -fvisibility=hidden with selective exports

✨ New Features: #

• Configurable Security Checks: New security section in native_vault.yaml

  security:
    enable_checks: false  # true for production, false for development
    violation_mode: 'fake'  # 'throw', 'fake', or 'empty'
  

  • Allows development/testing on emulators without security warnings
  • Full security can be enabled for production builds

• Enhanced Encryption:

  • Runtime key reconstruction prevents compile-time decryption
  • Multi-layer encryption maintained at runtime
  • No plaintext secrets in binary (verified with strings/hexdump)

🔧 Bug Fixes: #

• Encryption/Decryption Mismatch: Fixed critical bug with __TIME__ macro instability
• S-box Synchronization: Fixed 16-byte vs 256-byte S-box mismatch
• Memory Management: Removed incorrect calloc.free() on static buffers
• iOS Symbol Export: Fixed undefined symbol errors on iOS builds

📈 Improvements: #

• Better error messages during generation
• Security status clearly indicated in generated code
• Improved documentation with configuration examples

⚠️ Breaking Changes: #

• native_vault.yaml now supports optional security section
• Generated code structure changed (still backward compatible)

Action Required:

flutter pub upgrade native_armor_vault
dart run native_armor_vault:generate
flutter clean
flutter build apk --release  # or ios

Security Level: ⭐⭐⭐⭐ (4/5) - Production Ready!

Critical Hotfix - Build compatibility fixes

Fixed:

• Removed hardcoded CMake version (3.18.1) - now auto-detects from SDK
• Disabled LLVM obfuscation flags by default
• Added stack protection (-fstack-protector-strong)

Maximum Security Release

New Features:

• Multi-layer encryption
• Runtime key derivation
• Anti-debugging protection
• Root/jailbreak detection
• Function name obfuscation