Android APK Prevent anti-compilation technology fifth-integrity check

Source: Internet
Author: User
Tags crc32

on preventing Android apk we've talked about four of the technologies that we've been deserializing before.

Shell-Adding technology

Modify bytecode at run time

Pseudo-Encryption

Confrontation Jd-gui

If you don't understand, you can check out the top four articles of my blog about these four technologies. Let's move on to another technology - Integrity check that prevents apk decompile .

First, Integrity check principle

The so-called integrity check is that we use various algorithms to calculate the integrity of a file to prevent this file from being modified. One of the most common methods is to calculate a file'sCRC32value or calculate the hash value of a file. We are preventingapkThis method can also be used in the anti-compilation method. We knowapkgenerated byClasses.dexmainly byJavafile generated, it is the entireapklogical implementation of the. So we canClasses.dexfile integrity checks to ensure that the entire program's logic is not modified. If we want to guarantee the entireapkThe integrity of the file, or to the entireapkfile for integrity checking. Let's do the following separately.Classes.dexfiles andapkthe integrity check of the file.

Second, using CRC32 to verify the integrity of the Classes.dex file

(1) Can print out the value of the CRC32 of our apk live Classes.dex file, the code is as follows:

?
123456789101112131415161718192021222324252627282930313233343536373839404142434445 public class MainActivity extendsActivity {@Overrideprotectedvoid onCreate(BundlesavedInstanceState) {    super.onCreate(savedInstanceState);    setContentView(R.layout.activity_main);     String apkPath = getPackageCodePath();    Long dexCrc = Long.parseLong(getString(R.string.classesdex_crc));    try    {        ZipFile zipfile =new ZipFile(apkPath);         ZipEntry dexentry = zipfile.getEntry("classes.dex");        Log.i("verification","classes.dexcrc="+dexentry.getCrc());        if(dexentry.getCrc() != dexCrc){         Log.i("verification","Dexhas been modified!");        }else{        Log.i("verification","Dex hasn‘t been modified!");        }    }catch (IOException e) {     // TODO Auto-generated catch block     e.printStackTrace();    }    }}




Note: The value of R.STRING.CLASSESDEX_CRC can now be a random number.

(2) Run the program print results, my apk program's Classes.dex CRC32 value is 713769644

(3) The above program's Classes.dex file CRC32 value, saved in the resource file string CLASSESDEX_CRC (of course, can also be saved on the server, and then the network to obtain the checksum), and then run the above APK program, printed as follows:

Dex hasn ' t beenmodified!

(4) At this point we add a line or a space in the above code, and then recompile the run will see our program's CRC32 value changed. The program prints as follows:

Dex has beenmodified!

Third, the entire APK integrity is verified with a hash value

as we are going to the whole apk integrity, so we can't have the hash value in the resource file because apk any changes will cause the final apk The resulting hash value is different.

(1) First implement the code that computes its own hash value in the APK, as follows:

?
12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849 public class MainActivity extendsActivity {@Overrideprotectedvoid onCreate(Bundle savedInstanceState) {     super.onCreate(savedInstanceState);     setContentView(R.layout.activity_main);     String apkPath = getPackageCodePath();     MessageDigest msgDigest =null;     try{        msgDigest = MessageDigest.getInstance("SHA-1");        byte[] bytes =new byte[1024];        intbyteCount;        FileInputStream fis =new FileInputStream(newFile(apkPath));        while((byteCount = fis.read(bytes)) > 0)        {            msgDigest.update(bytes,0, byteCount);        }        BigInteger bi =new BigInteger(1, msgDigest.digest());        String sha = bi.toString(16);        fis.close();        //这里添加从服务器中获取哈希值然后进行对比校验        }catch (Exception e) {            e.printStackTrace();        }    }}




(2) Use the Linux sha1sum command to calculate the hash value of our apk, the command is as follows:

Sha1sum verification.apk

(3) The hash value generated in (2) is stored on the server, and the integrity comparison is obtained from the server in our code.

above we use the calculation CRC32 and hash values are respectively used for the Classes.dex files and the entire apk integrity is verified, of course, two calibration methods can also be used interchangeably. According to the above, I believe you have a certain understanding of the method of verifying file integrity, the next one we will explain another android apk to prevent anti-compilation technology, look forward to everyone's support.

If you have any questions about this technology and want to get the engineering source of the technology that this article speaks about

Welcome to personal public platform : programmer interaction Alliance (coder_online) Sweep the QR code below or search number coder_online we can communicate online.

Android APK Prevent anti-compilation technology fifth-integrity check

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.