Android APK Prevent anti-compilation technology fifth-integrity check

on preventing Android apk we've talked about four of the technologies that we've been deserializing before.

Shell-Adding technology

Modify bytecode at run time

Pseudo-Encryption

Confrontation Jd-gui

If you don't understand, you can check out the top four articles of my blog about these four technologies. Let's move on to another technology - Integrity check that prevents apk decompile .

First, Integrity check principle

The so-called integrity check is that we use various algorithms to calculate the integrity of a file to prevent this file from being modified. One of the most common methods is to calculate a file'sCRC32value or calculate the hash value of a file. We are preventingapkThis method can also be used in the anti-compilation method. We knowapkgenerated byClasses.dexmainly byJavafile generated, it is the entireapklogical implementation of the. So we canClasses.dexfile integrity checks to ensure that the entire program's logic is not modified. If we want to guarantee the entireapkThe integrity of the file, or to the entireapkfile for integrity checking. Let's do the following separately.Classes.dexfiles andapkthe integrity check of the file.

Second, using CRC32 to verify the integrity of the Classes.dex file

(1) Can print out the value of the CRC32 of our apk live Classes.dex file, the code is as follows:

?

123456789101112131415161718192021222324252627282930313233343536373839404142434445

public class MainActivity extendsActivity {@Overrideprotectedvoid onCreate(BundlesavedInstanceState) {    super.onCreate(savedInstanceState);    setContentView(R.layout.activity_main);     String apkPath = getPackageCodePath();    Long dexCrc = Long.parseLong(getString(R.string.classesdex_crc));    try    {        ZipFile zipfile =new ZipFile(apkPath);         ZipEntry dexentry = zipfile.getEntry("classes.dex");        Log.i("verification","classes.dexcrc="+dexentry.getCrc());        if(dexentry.getCrc() != dexCrc){         Log.i("verification","Dexhas been modified!");        }else{        Log.i("verification","Dex hasn‘t been modified!");        }    }catch (IOException e) {     // TODO Auto-generated catch block     e.printStackTrace();    }    }}

Note: The value of R.STRING.CLASSESDEX_CRC can now be a random number.

(2) Run the program print results, my apk program's Classes.dex CRC32 value is 713769644

(3) The above program's Classes.dex file CRC32 value, saved in the resource file string CLASSESDEX_CRC (of course, can also be saved on the server, and then the network to obtain the checksum), and then run the above APK program, printed as follows:

Dex hasn ' t beenmodified!

(4) At this point we add a line or a space in the above code, and then recompile the run will see our program's CRC32 value changed. The program prints as follows:

Dex has beenmodified!

Third, the entire APK integrity is verified with a hash value

as we are going to the whole apk integrity, so we can't have the hash value in the resource file because apk any changes will cause the final apk The resulting hash value is different.

(1) First implement the code that computes its own hash value in the APK, as follows:

?

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849

public class MainActivity extendsActivity {@Overrideprotectedvoid onCreate(Bundle savedInstanceState) {     super.onCreate(savedInstanceState);     setContentView(R.layout.activity_main);     String apkPath = getPackageCodePath();     MessageDigest msgDigest =null;     try{        msgDigest = MessageDigest.getInstance("SHA-1");        byte[] bytes =new byte[1024];        intbyteCount;        FileInputStream fis =new FileInputStream(newFile(apkPath));        while((byteCount = fis.read(bytes)) > 0)        {            msgDigest.update(bytes,0, byteCount);        }        BigInteger bi =new BigInteger(1, msgDigest.digest());        String sha = bi.toString(16);        fis.close();        //这里添加从服务器中获取哈希值然后进行对比校验        }catch (Exception e) {            e.printStackTrace();        }    }}

(2) Use the Linux sha1sum command to calculate the hash value of our apk, the command is as follows:

Sha1sum verification.apk

(3) The hash value generated in (2) is stored on the server, and the integrity comparison is obtained from the server in our code.

above we use the calculation CRC32 and hash values are respectively used for the Classes.dex files and the entire apk integrity is verified, of course, two calibration methods can also be used interchangeably. According to the above, I believe you have a certain understanding of the method of verifying file integrity, the next one we will explain another android apk to prevent anti-compilation technology, look forward to everyone's support.

If you have any questions about this technology and want to get the engineering source of the technology that this article speaks about

Welcome to personal public platform : programmer interaction Alliance (coder_online) Sweep the QR code below or search number coder_online we can communicate online.

Android APK Prevent anti-compilation technology fifth-integrity check