Android APK self-protection technology-integrity check

About The technology that prevents Android APK from being recompiled we've talked about four of them before.

Shell-Adding technology

Modify bytecode at run time

Pseudo-Encryption

against Jd-gui

If you don't understand, you can check out the top four articles of my blog about these four technologies. Let's move on to another technology -integrity check that prevents APK decompile .

First, Integrity check principle

The so-called integrity check is that we use various algorithms to calculate the integrity of a file to prevent this file from being modified. One of the most common methods is to calculate a file'sCRC32Value or calculate the hash value of a file. We are preventingapkThis method can also be used in the anti-compilation method. We knowapkGenerated byClasses.dexMainly byJava file generated, it is the whole apk file integrity checks to ensure that the entire program's logic is not modified. If we want to guarantee the whole apkclasses.dexapk

Second, using CRC32 to verify the integrity of the Classes.dex file

(1) Can print out the value of the CRC32 of our apk live Classes.dex file, the code is as follows:

?

123456789101112131415161718192021222324252627282930313233343536373839404142434445

public class MainActivity extendsActivity {@Overrideprotected void onCreate(BundlesavedInstanceState) {    super.onCreate(savedInstanceState);    setContentView(R.layout.activity_main);    String apkPath = getPackageCodePath();    Long dexCrc = Long.parseLong(getString(R.string.classesdex_crc));    try    {         ZipFile zipfile = new ZipFile(apkPath);        ZipEntry dexentry = zipfile.getEntry("classes.dex");        Log.i("verification","classes.dexcrc="+dexentry.getCrc());         if(dexentry.getCrc() != dexCrc){        Log.i("verification","Dexhas been modified!");        }else{        Log.i("verification","Dex hasn‘t been modified!");        }    } catch (IOException e) {     // TODO Auto-generated catch block     e.printStackTrace();    }   }}

Note: The value of R.STRING.CLASSESDEX_CRC can now be a random number.

(2) Run the program print results, my apk program's Classes.dex CRC32 value is 713769644

(3) The above program's Classes.dex file CRC32 value, saved in the resource file string CLASSESDEX_CRC (of course, can also be saved on the server, and then the network to obtain the checksum), and then run the above APK program, printed as follows:

Dex hasn ' t beenmodified!

(4) At this point we add a line or a space in the above code, and then recompile the run will see our program's CRC32 value changed. The program prints as follows:

Dex has beenmodified!

Third, the entire APK integrity is verified with a hash value

because we want to verify the integrity of the entire apk , we can calculate the hash value cannot exist in the resource file because any changes in the APK will cause the hash value of the resulting apk to be different.

(1) First implement the code that computes its own hash value in the APK, as follows:

?

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849

public class MainActivity extendsActivity {@Overrideprotectedvoid onCreate(Bundle savedInstanceState) {     super.onCreate(savedInstanceState);     setContentView(R.layout.activity_main);     String apkPath = getPackageCodePath();     MessageDigest msgDigest = null;     try {        msgDigest = MessageDigest.getInstance("SHA-1");        byte[] bytes = new byte[1024];        int byteCount;        FileInputStream fis = new FileInputStream(new File(apkPath));         while ((byteCount = fis.read(bytes)) > 0)        {            msgDigest.update(bytes, 0, byteCount);        }         BigInteger bi = new BigInteger(1, msgDigest.digest());        String sha = bi.toString(16);        fis.close();        //这里添加从服务器中获取哈希值然后进行对比校验        } catch (Exception e) {            e.printStackTrace();        }    }}

(2) Use the Linux sha1sum command to calculate the hash value of our apk, the command is as follows:

sha1sum verification.apk

(3) The hash value generated in (2) is stored on the server, and the integrity comparison is obtained from the server in our code.

above, we used to calculate the Crc32 and hashes of the classes.dex file and the entire apk integrity is verified, of course, two calibration methods can also be used interchangeably. According to the above, I believe you have a certain understanding of the method of verifying file integrity, the next one we will explain another Android apk to prevent anti-compilation technology, look forward to everyone's support.

If you have any questions about this technology and want to get the engineering source of the technology that this article speaks about

Welcome to personal public platform : programmer interaction Alliance (coder_online) sweep the QR code below or search number coder_online can follow , we can communicate online.

Android APK self-protection technology-integrity check