We know that using Apktool can be used to decompile the apk into a Smali file, and the Dex2jar can be used to decompile the APK as a jar file. In this case, the cracker can modify the code according to the key code (such as the string in the resource file), then re-compile with Apktool, and run the signapk.bat
re-signing package for himself, and you worked hard for months to go back to liberation!
Recently, after reading "Android software security and reverse analysis", there are a lot of gains.
So, how to prevent cracking it? In fact, previously introduced by the use of Proguard code obfuscation is a way, it can effectively increase the use of Dex2jar anti-compilation after the difficulty of cracking. It is also possible to determine the integrity of the APK file by detecting the debugger, the emulator, the hash value of the signature, and classes.dex
the CRC value of the file.
Detecting the debugger
When we publish, we set the properties of the AndroidManifest.xml
tags in the file application
android:debuggable
false
, and then we detect them when the program runs:
123)45 |
Publicvoidcheckdebug () { if ( getapplicationinfo (). &=applicationinfo. Flag_debuggable)!=0) { Android... (android. Os..} /span>
|
In addition, the Android SDK provides a way to specifically detect whether debugger is connected:
1 |
android.os.Debug.isDebuggerConnected();
|
So you don't have to AndroidManifest.xml
configure the fields in.
Detection simulator
dab shell getprop
These properties are inconsistent by the ability to discover the simulator's guest-Real machine:
ro.product.model
: In the simulator sdk
, the real machine is the specific model;
ro.build.tags
: In the simulator test-keys
, in the real machine release-keys
;
ro.kernel.qemu
: In the simulator 1
, the real machine does not exist;
The following is an example of a third field for testing:
123456789-ten-19 at a |
PublicBooleanIsrunninginemulator(){ BooleanQemukernel=False; ProcessProcess=Null; DataoutpusstreamOs=Null; Try{ Process=Runtime.GetRuntime().Exec("Get prop Ro.kernel.qemu"); Os=NewDataOutputStream(Process.Getoutputstream()); BufferedReaderInch=NewBufferedReader( NewInputStreamReader(Process.getInputStream(),"GBK")); Os.Writebytes("Exit\n"); Os.Flush(); Process.WaitFor(); Qemukernel=(Integer.ValueOf(Inch.ReadLine())==1); }Catch(ExceptionE){ E.Printstacktrace(); }Finally{ Try{ if (os!=< Span class= "KC" >null) { os. Close } }catch ( Exception e) { e. Printstacktrace } } return Qemukernel; /span>
|
Check the hash value of the signature
The Android PackageManager
class provides a way to read the signature information:
123456789 |
PublicIntGetsignature(ContextContext,StringPackageName){ PackagemanagerPm=Context.Getpackagemanager(); PackageInfoPi=Null; IntSig=0; Try{ Pi=Pm.Getpackageinfo(PackageName,Packagemanager.Get_signatures); Signature[]S=pi.; sig=s[0].< Span class= "NA" >hashcode () }catch (exception e ) { sig=0;< Span class= "line" > e. Printstacktrace } return sig; /span>
|
We save this hash value on the server side before the package is released, and then compare it when the program runs.
Check Classes.dex file CRC value
The apk file is essentially a zip archive, and the Android SDK comes with an API that reads the CRC value of the ZIP archive:
123456789 |
PublicLongGetdexcrc(ContextContext){ LongCrc=0; ZipFileZf; Try{ Zf=NewZipFile(Context.Getapplicationcontext().Getpackagecodepath()); zipentry ze=zf getentry ( "Classes.dex" span class= "n" >crc=ze. Getcrc }catch (exception e ) { e. Printstacktrace (); } return CRC } /span>
|
We can also save this CRC value on the server side before the package is released, and then compare it when the program runs.
Combine these several ways, you can greatly enhance the apk file to crack the difficulty.
Finally, some great gods on the web said that they could also use the Apktool and Dex2jar and other anti-compilation tools to get the error message, and these tools are open source, so that we can find the loopholes in these tools themselves, and then in our code to take advantage of, to achieve drastic role. For example, run this batch with Dex2jar:
1 |
for %%i in (*.apk) do dex2jar %%i
|
This kind of thinking is theoretically possible, but I did not close the test, there is no more to say.
Anti-cracking technology for Android programs