Android prevents decompilation and Android Decompilation

Android prevents decompilation and Android Decompilation

<Strong> <span style = "font-size: 24px;"> as we all know, Android is easily decompiled, even though it prevents many code decompiling, currently, the most widely used method is jni, which puts the core code in c ++ and then makes the so library. In this way, the security is improved a lot, however, if you do not perform any special processing on the so library, you can view the decompiled java code to deduce the interface you have defined to call the so library, and others can mimic your interface, then, call your so library. In fact, every time we call the so library, we can use the function in the so library to determine whether the android Public Key is yours and prevent them from using your so library, the specific code and project are as follows </span> </strong>

# Include "com_example_singjni_MainActivity.h" # include <stdio. h> # include <stdlib. h> //// obtain the java code for the public Key // public void getSingInfo () {// try {// String pn = getPackageName (); /// PackageInfo packageInfo = getPackageManager (). getPackageInfo (// pn, PackageManager. GET_SIGNATURES); // Signature [] signs = packageInfo. signatures; // Signature sign = signs [0]; // parseSignature (sign. toByteArray (); //} catch (Exception E) {// e. printStackTrace (); //} // public void parseSignature (byte [] signature) {// ByteArrayInputStream bi = new ByteArrayInputStream (signature ); // try {// CertificateFactory certFactory = CertificateFactory //. getInstance ("X.509"); // X509Certificate cert = (X509Certificate) certFactory //. generateCertificate (new ByteArrayInputStream (signature); // String pubKey = cert. getPublicKey (). toString (); // String signNumber = cert. getSerialNumber (). toString (); // System. out. println ("signName:" + cert. getSigAlgName (); // System. out. println ("pubKey:" + pubKey); // System. out. println ("signNumber:" + signNumber); // System. out. println ("subjectDN:" + cert. getSubjectDN (). toString (); //} catch (Exception e) {// e. printStackTrace (); //} // The core code is as follows. You can ignore JNIEXPORT jstring JNICALL Java_com_example_singj. Json__ construct (JNIEnv * env, jobject ob1, jobject thiz) {jclass thisClass = env-> GetObjectClass (thiz); jmethodID getPNId = env-> GetMethodID (thisClass, "getPackageName", "() Ljava/lang/String;"); jstring packName = (jstring) env-> CallObjectMethod (thiz, getPNId ); jmethodID getPMId = env-> GetMethodID (thisClass, "getPackageManager", "() Landroid/content/pm/PackageManager;"); jobject pack Manger = env-> CallObjectMethod (thiz, getPMId); jmethodID getPIId = env-> GetMethodID (env-> GetObjectClass (packManger), "getPackageInfo", "(Ljava/lang/String; i) Landroid/content/pm/PackageInfo; "); jobject packageInfo = env-> CallObjectMethod (packManger, getPIId, packName, 0x00000040 ); jfieldID signaturesId = env-> GetFieldID (env-> GetObjectClass (packageInfo), "signatures", "[Landroid/content/pm/Signature;"); jobject signatu Res = env-> GetObjectField (packageInfo, signaturesId); jobjectArray signaturesArray = (jobjectArray) signatures; // signature = signs [0] jobject signature = env-> terminate (signaturesArray, 0); jmethodID signatureBytesMId = env-> GetMethodID (env-> GetObjectClass (signature), "toByteArray", "() [B"); // sign. toByteArray () jobject signatureBytes = env-> CallObjectMethod (signature, signatureBytesMId); // pu Blic void parseSignature (byte [] signature) {}////////////////////////////////////// //// // jclass certificateFactoryClass = env-> FindClass ("java/security/ cert/CertificateFactory "); jmethodID getInstanceMId = env-> GetStaticMethodID (certificateFactoryClass, "getInstance", "(Ljava/lang/String;) Ljava/security/cert/CertificateFactory ;"); jobject certFactory = env-> CallStaticObjectMethod (certif IcateFactoryClass, getInstanceMId, env-> NewStringUTF ("X.509 ")); /// // jclass byteInStreamClass = env-> FindClass ("java/io/ByteArrayInputStream "); jmethodID response = env-> GetMethodID (byteInStreamClass, "<init>", "([B) V"); jobject byteArrayInStream = env-> NewObject (byteInStreamClass, response, signatureBytes ); jmethodID generateCertificateMId = env-> GetMeth OdID (response, "generateCertificate", "(Ljava/io/InputStream;) Ljava/security/cert/Certificate;"); jobject certificate = env-> CallObjectMethod (certFactory, response, byteArrayInStream); jmethodID getPKMId = env-> GetMethodID (env-> GetObjectClass (certificate), "getPublicKey", "() Ljava/security/PublicKey ;"); jobject publicKey = env-> CallObjectMethod (certificate, getPKMId); jmethodID toStrin GMId = env-> GetMethodID (env-> GetObjectClass (publicKey), "toString", "() Ljava/lang/String;"); jstring publickeyStr = (jstring) env-> CallObjectMethod (publicKey, toStringMId ); //////////// // jmethodID inclusmid = env-> GetMethodID (env-> GetObjectClass (publickeyStr ), "equals", "(Ljava/lang/Object;) Z"); jboolean isCorrect = env-> CallBooleanMethod (publickeyStr, callback SMID, env-> NewStringUTF ("OpenSSLRSAPublicKey {modul Us = 123... your public key..., publicExponent = 10001} "); if (! IsCorrect) return env-> NewStringUTF ("wrong"); jstring jstr = env-> NewStringUTF ("correct"); return jstr;} JNIEXPORT jstring JNICALL encode (JNIEnv * env, jobject thiz) {jstring jstr = env-> NewStringUTF (""); return jstr ;}

Java code package com. example. singjni; import java. io. byteArrayInputStream; import java. io. file; import java. lang. reflect. constructor; import java. lang. reflect. field; import java. lang. reflect. method; import java. security. cert. certificate; import java. security. cert. certificateFactory; import java. security. cert. x509Certificate; import java. text. simpleDateFormat; import java. util. date; import android. app. activity; import android. app. application; import android. content. context; import android. content. pm. packageInfo; import android. content. pm. packageManager; import android. content. pm. signature; import android. OS. bundle; import android. util. displayMetrics; import android. widget. editText; import android. widget. textView; import android. widget. toast; public class MainActivity extends Activity {static {System. loadLibrary ("jniso");} EditText et; @ Overrideprotected void onCreate (Bundle savedInstanceState) {super. onCreate (savedInstanceState); setContentView (R. layout. activity_main); et = (EditText) findViewById (R. id. et); String s = sing (this); et. setText (s); System. out. println (s);} public native String sing (); public native String sing (Context context );}

Project click to open the link
How does android prevent decompilation and protect its own resource images? Please.

1. Perform source code protection detection. Detects DEX file protection and checks whether DEX files are protected. This prevents attackers from decompiling program source code to prevent malicious advertisement insertion and malicious fee deduction code implantation, ensure the user experience and complete functions of the APP. 2. source code obfuscation protection detection. This project is mainly used to make up for program developers to exploit obfuscation source code for program vulnerabilities, because obfuscation source code is not strict as a common basic protection measure. If it is used by professionals, it will still cause considerable damage. 3. Resource file protection detection. If there is a lack of effective protection for audio, video, images, text, and other files in the APP, they are easily tampered with, replaced, and stolen. For example, if the audio format or text content in the program is tampered with into an advertisement image or a prohibited pornographic image, it is also a violation of the rights and interests of developers and users. 4. Android primary file protection detection. This free source code detection platform can effectively protect the security of each component in the main configuration file of Android, prevent other people from inserting code in the XML file, and destroy and steal relevant information, tampered with the function settings of the application. 5. APK secondary protection detection. During the second packaging, the program personnel decompress the Downloaded Program, delete the original signature, and set a signature tool to sign the installation package. This is a type of theft, infringing the rights and interests of the original program designer. Through the free detection platform, you can effectively check whether the signature of the installation package has been changed, which can effectively prevent the appearance of secondary packaging. 6. so file protection to prevent APP applications from being modified and packaged by a third party. 7. Love encryption www.ijiami.cn/

How does Android prevent the apk program from being decompiled?

The following describes how to enable proguard under SDK2.3. the cfg file works. Let's take a look at android-sdk-windows \ tools \ lib \ proguard. cfg content:-optimizationpasses 5-dontusemixedcaseclassnames-dontskipnonpubliclibraryclasses-dontpreverify-verbose-optimizations! Code/simplification/arithmetic ,! Field /*,! Class/merging/*-keep public class * extends android. app. activity-keep public class * extends android. app. application-keep public class * extends android. app. service-keep public class * extends android. content. broadcastReceiver-keep public class * extends android. content. contentProvider-keep public class * extends android. app. backup. backupAgentHelper-keep public class * extends android. prefer Ence. preference-keep public class com. android. vending. licensing. ILicensingService-keepclasseswithmembernames class * {native <methods >;}-keepclasseswithmembernames class * {public <init> (android. content. context, android. util. attributeSet);}-keepclasseswithmembernames class * {public <init> (android. content. context, android. util. attributeSet, int);}-keepclassmembers enum * {public static ** [] Values (); public static ** valueOf (java. lang. string);}-keep class * implements android. OS. parcelable {public static final android. OS. parcelable $ Creator *;} from the script, the obfuscation retains basic components inherited from Activity, Service, Application, BroadcastReceiver, ContentProvider, and com. android. vending. licensing. ILicensingService, retains all Native variable names and class names, And some of all classes Use constructors with fixed parameter formats, enumerations, and so on .) It is very easy to make proguard. cfg take effect, that is, the default. p... automatically generated by eclipse.