Android beat, non-encrypted app will die

My topic is a bit of attention, and of course there are spray uneven people think I am alarmist, then listen to what I say is not so little truth.

The app in the title excludes the niche developers who just want to push ads on the app, but these developers don't have a high starting point, they just want to rely on the Android platform's easy-to-use app development to earn two small ads (including myself, of course), and their goal is not to develop a high-quality, creative, Condensation of painstaking efforts of the app, if an app is filled with blood, enthusiastic entrepreneurship and condensation of countless efforts of the entrepreneurial team, companies or individuals developed, then I can be very responsible to tell you if your app is not encrypted that there are only three kinds of endings:

The first kind of outcome: Although your app is your day and night development, but its quality is not high, no new or the homogeneity of itself is very serious, then you this app into the market is like a stone thrown out of the sea, and no more return, encryption does not matter, really so-called dead regret ah.

The second outcome: novel, creative, the current software market almost no similar products, and can quickly be accepted by the public, if you do not encrypt, do not apply for a patent, the unencrypted app will die.

Because people in the cottage country, small team plan, not be acquired is directly by an identical alternative to eat dead!!!

So if you surrender don't want to be bought and you don't want to be eaten by an identical substitute, your app has to be encrypted, because without encrypting your app is being researched, it doesn't take days for you to discover your good idea that your efforts are all gone.

Third outcome: There is no need to cottage your app, but you provide services I am very interested in Oh, if not to register it good? If you can provide resources directly all take out to share the good, Hee ~ ~ Oh, yes, I will crack: Hee ~ ~ If not encrypted, the consequences are also very serious ah, to the content of the King's app, you have to be careful.

Let's talk About love encryption provides services: Love encryption launched "APK source code Security" Platform, the current three layer encryption protection: DEX Shell Protection, DEX instruction dynamic load protection, advanced obfuscation protection. Can effectively prevent the app's dynamic crack and static crack, hackers will not have the opportunity to do any hack. Love encryption introduced so library protection more than a year ago, so that the C + + layer of code is also protected.

Or a combination of examples to talk about these three need to protect the place, if not to protect what happens:

Dex command rewrite, hack your program, no discussion.

The android DEX directive (which is more appropriate for the Dalvik Directive) is similar to the Smali file format, and you can use Baksmali and smail to rewrite your Android directly:

Here, using the HELLOOURANDROID.APK program as sample, we can use Baksmali to decompile the Dex file to generate the Smali file, as follows:

1walfred@ubuntu:reserve$ unzip-q helloourandroid.apk-d helloourandroid

2walfred@ubuntu:reserve$ Java-jar Baksmali-1.4.2.jar Helloourandroid/classes.dex

This will generate an out directory in the current directory, the Out directory:

1walfred@ubuntu:reserve$ ls Out/org/ourunix/helloourandroid/

2buildconfig.smali R$attr.smali R$id.smali R$menu.smali R$string.smali

3mainactivity.smali R$drawable.smali R$layout.smali R.smali R$style.smali

Of course, if you are familiar with the Smali grammar rules, you will be free to modify these Smali files and then regenerate the Dex files through the Smali tool:

1walfred@ubuntu:reserve$ Java-jar smali-1.4.2.jar out/-o classes.dex

As long as the Smali format is aware of, then crack your program really did not discuss:

Here is a demonstration of the integration of Smali and Baksmail tools Apktool, if you already have an Android development environment can quickly use the Apktool, this assumes that you can already use Apktool directly.

Anti-compilation decode

1walfred@ubuntu: ~/lab/apktool$ apktool D helloourandroid.apk

Http://ourunix.b0.upaiyun.com/2013/12/apktool1.png

At this point we can see that the Helloourandroid/folder has been generated under the current directory, and we will look at the following anti-compiled androidmanifest.xml and Strings.xml files:

The Androidmanifest.xml file is almost exactly the same after it was recompiled and works, so we can check all the permissions for that Android app.

You can also view the contents of these hardcode:

Rebuild re-packing

To repack the helloourandroid.apk we just modified, we will modify the "Hello" in the Strings.xml directory as: hello,ourunix!

Then use Apktoo to repackage the command as follows:

[Email protected]:~/lab/apktool$ apktool b helloourandroid

Finally the recompiled APK will be signed to run, after Dex is cracked, it is possible

1 Modify the ad serving code in the Androidmanifest.xml file;

2 Modify the registration conditions, strong heart login and so on.

Dex2jar your Dex is sweeping.

If the program's Dex is not protected by the shell, your Dex is not confused, your Dex will be sweeping, your logic, your idea, your efforts, God, will be naked to be seen by others!

Dex2jar I think Android developers know it, I'm proud of this tool developer and I am a colleague.

So library is not protected, you are making a wedding dress for others

Dex risk is too big, many people have turned to use native code to write the key code, feel so bad to crack at the same time can improve performance is not constrained by memory, what Ida what Elf and other tools can not easily look at the code, so it became the best policy. But I think your jni once by others attack, then congratulate you so, I directly to use!!

Before cracked a one of the top anti-virus software, its code confusion is high, the key code is used so, but this JNI interface information is I find out, with these interfaces, your so is my, I can also cottage A and you the same program!

Above these three kinds of Android program development commonly used cracking means, I see love encryption have mentioned, but do not know their treatment effect is how, really want to experience under.

Another topic also improve the dynamic crack, I slightly lower, after all, this use way higher, crack easier, run your app, your behavior, your debug log (oh, I change your smali open your debug switch), of course, if you want to get network resources, use Tcpdump, Wireshark to capture and analyze Android apps. Really easy.

Android beat, non-encrypted app will die