obfuscation name changes bypass

monove · Sep 20, 2018 · 139740c · 139740c
1 parent 17db7c5
commit 139740c
Showing 1 changed file with 24 additions and 10 deletions.
diff --git a/src/android/FirebasePlugin.java b/src/android/FirebasePlugin.java
@@ -728,13 +728,24 @@ public void onVerificationCompleted(PhoneAuthCredential credential) {
 
                             JSONObject returnResults = new JSONObject();
                             try {
-                                String verificationId = getPrivateField(credential, "zzfc");
-                                String code = getPrivateField(credential, "zzfd");
-
-                                returnResults.put("verificationId", verificationId);
-                                returnResults.put("code", code);
+                                String verificationId = null;
+                                String code = null;
+
+                                Field[] fields = credential.getClass().getDeclaredFields();
+                                for (Field field : fields) {
+                                    Class type = field.getType();
+                                    if(type == String.class){
+                                        String value = getPrivateField(credential, field);
+                                        if(value == null) continue;
+                                        if(value.length() > 100) verificationId = value;
+                                        else if(value.length() >= 4 && value.length() <= 6) code = value;
+                                    }
+                                }
+
+                                returnResults.put("verificationId", verificationId != null ? verificationId : false);
+                                returnResults.put("code", code != null ? code : false);
                                 returnResults.put("instantVerification", true);
-                            } catch(Exception e){ // JSONException | IllegalAccessException | NoSuchFieldException
+                            } catch(JSONException e){
                                 Crashlytics.logException(e);
                                 callbackContext.error(e.getMessage());
                                 return;
@@ -800,10 +811,13 @@ public void onCodeSent(String verificationId, PhoneAuthProvider.ForceResendingTo
         });
     }
 
-    private static String getPrivateField(PhoneAuthCredential credential, String field) throws NoSuchFieldException, IllegalAccessException {
-        Field credentialField = credential.getClass().getDeclaredField(field);
-        credentialField.setAccessible(true);
-        return (String) credentialField.get(credential);
+    private static String getPrivateField(PhoneAuthCredential credential, Field field) {
+        try {
+            field.setAccessible(true);
+            return (String) field.get(credential);
+        } catch (IllegalAccessException e) {
+            return null;
+        }
     }
 
     //