Android Security Tour---get you to confuse apk into Chinese language code

Source: Internet
Author: User

First, preface

Recently want to explode an app, no shell, simple to use JADX Open View source code, the results amused me, since it is all Chinese, and some of the more wonderful Chinese words:


Instantly feel confused, the app is really playing, we know because the Java language is supported by two characters, so you can define the package name, class name, variable name, method name into Chinese, or other countries of the language can be . Therefore, this practice does not run the error, such as below we create a new Java project to look at the effect:


There is no problem with running. See here when feel very curious, so first didn't go to see his source, but think how to realize this confusion function. Here's a brief introduction to this highly confusing principle:


second, the analysis of the source of confusion tools

First of all we know that every official app before the release of code confusion, and about the confusion of knowledge points can be self-search to understand, confusion has a lot of benefits, optimize code, increase security, etc., and confusion is generally using the Proguard.jar tool , This tool confuses the code by default to 26 uppercase and lowercase letters, so if you want to confuse the code into Chinese, then you need to do this tool. Fortunately this tool is open source, so from the Internet search his source download down, import project can:


Find the Entrance class Proguard, here for the convenience of demonstration, we directly simulate a command directly run to see the effect, about the command will be said later. Here is a class function for parsing commands:


Here you can see the obfuscation rules, which are the proguard.cfg files that we generally use, and the contents of this file are described later. Then let's not go into the code, directly find the confusing code place, you can quickly find this class by obfuscate in the package name: Simplenamefactory


Entering this class to view content, there is a way to generate a confusing name:


Here character_count=26, that is, the number of letters, and then look at the Charat method:


This method is also very simple, is to take 52 characters in the order of one. So the implementation logic of the NewName method is: Remove the character from 52 characters in turn, if the character is found to be used, take down one, if a single character is used up, double character, and so on, and so on multi-character. So there's also a global name character cache pool:


To record whether the character name has been used, so read through the code, no difficulty, and this class has a test method:


Run directly to see the effect:


See, a different character name is generated.


Third, modify the obfuscation tool

So after knowing the above code logic, we can start to modify the class, let him create Chinese words, first go to the Internet to search the range of characters, and then define a word method to generate five words:


Here you can see the range of Korean, Japanese, so we can not only change into Chinese, can also be modified to other countries of the language, and then define a random five words of the method:


After generating irregular words, modify the NewName method implementation:


Then we run the test method:


See the result, we have achieved success. In fact, we have proguard.jar the success of the transformation, the following to demonstrate the results of the changes, we need an apk to do the test, we randomly get an apk, because here do not want to write a project script, Then replace the system's Proguard.jar tool with our modified Proguard.jar. So just get the Classes.dex file in the APK and convert it to a Classes.jar file. Then put it directly into the Proguard project to run .


Iv. running the obfuscation tool

Here's a quick look at what you need to prepare to run the Proguard project:


Because we operate on Android apps that need to refer to the system API, we need to import Android.jar and then confuse the rule file Proguard.pro:


Here to illustrate is to refer to the third-party jar, and the input and output jar file path settings, the other settings are normal confusion rules, not much explanation, the following directly with the application of the Dex file after the conversion of the jar file as a case, run the Proguard project:


See the mix after the jar file, and confuse the map file out. Next we pack the confusing JAR file back, first using the DX command to convert the jar file into a classes.dex file, and then replace the original Dex file in the APK with a re-signature. Finally, we are using the JADX tool to open this apk view content:


See, we succeeded in confusing the original apk into the Chinese language code, and for this confusion can also increase the difficulty of reading. Of course, this APK installation run will not be error, here is not demonstrated.


v. Technical Summary

Here we have achieved success, how to confuse an apk to the success of the Chinese language code function. Here are a few things to summarize:

1, this article mainly uses Proguard is the open source project, modifies his confusing code to achieve our goal.

2, this article is to change its code into Chinese language, and from the process of our analysis can be known, can become the language of other countries can be.

3, in order to facilitate the random generation of a five word words, and if you want to generate some rules have personality words, you can customize a word library, and then randomly take.

4, in order to demonstrate convenience, there is no formal writing a compilation script, but through a simple and rough way to confuse the jar way to operate.

5, this height confusion for the anti-compilation code after reading difficulty has a certain enhancement, because look accustomed to English, suddenly look at Chinese instead of accustomed to.


Project: because the Proguard tool is open source, so I do not need to upload, you can search the project by themselves.


Vi. Summary

This article simply introduces a highly confusing technique in Android that makes our code harder to read and more secure. The obfuscation tool was mainly modified to achieve this function. If you read the article, you can define your own personal obfuscation strategy for your project. Finally, if you have finished reading the article, be sure to remember more praise to share, if there is a reward that the best!


Click here for more information:

Focus on the public, the latest technology dry real-time push

Coding Beautiful Technology Circle sweep into my "tech circle" World

Sweep and make a small series
please specify when adding: "Code Beautiful" Thank you very much!


Android Security Tour---take you to confuse apk into Chinese language code

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.