How to encrypt Android apk and Androidapk
After a busy week, I finally had time to wait and write something. We will continue to introduce another method to prevent decompilation of android apk. The first two articles we talked about shelling Technology (http://my.oschina.net/u/2323218/blog/393372) and runtime modification bytecode (http://my.oschina.net/u/2323218/blog/396203 ), if you do not understand, check the introduction of these two technologies in the first two articles of my blog. Next we will introduce another simple and applicable technology to prevent apk decompilation-pseudo encryption.
I. Principles of pseudo-Encryption
We know that android apkis essentially a zip package. We can change the android app extension .apkto. Zip to easily decompress the android app with the decompression software. In daily life or work, we usually encrypt our files to protect them in a compressed manner. This method is also applicable to android apk. The principle is very simple. There is a bit in the zip file format to indicate whether the files in the zip file are encrypted. We only need to set this flag bit to 1 to achieve our goal. Android PackageManagerService does not care about this encrypted Bit During apk installation (we will call it this for the time being) it can be installed normally without affecting the running of apk.
Ii. zip file format
The zip file format consists of three parts: compressed file source data, compressed directory source data, and directory end ID. The three parts are related to the encrypted bit, which is the compressed directory source data section. Next we will introduce this part in detail.
The compressed directory source data records all the compressed directory source data. Its structure is as follows:
Central directory file header |
|
Offset |
Bytes |
Description [18] |
Translation |
Limit 0 |
4 |
Central directory file header signature = 0x02014b50 |
Core directory file header id = (0x02014b50) |
Limit 4 |
2 |
Version made |
Pkware version used for compression |
Limit 6 |
2 |
Version needed to extract (minimum) |
Extract the minimum pkware version |
Listen 8 |
2 |
General purpose bit flag |
Common bits |
10 |
2 |
Compression method |
Compression Method |
12 |
2 |
File last modification time |
Last file modification time |
14 |
2 |
File last modification date |
Last file modification date |
16 |
4 |
CRC-32 |
6) CRC-32 Algorithm |
20 |
4 |
Compressed size |
Size after compression |
24 |
4 |
Uncompressed size |
Uncompressed size |
28 |
2 |
File name length (n) |
File Name Length |
30 |
2 |
Extra field length (m) |
Extended domain Length |
32 |
2 |
File comment length (k) |
File comment Length |
34 |
2 |
Disk number where file starts |
Disk number at the beginning of the file |
36 |
2 |
Internal file attributes |
Internal file attributes |
38 |
4 |
External file attributes |
External file attributes |
42 |
4 |
Relative offset of local file header. this is the number of bytes between the start of the first disk on which the file occurs, and the start of the local file header. this allows software reading the central directory to locate the position of the file inside the ZIP file. |
The relative displacement of the header of the local file. |
46 |
N |
File name |
Directory file name |
46 + n |
M |
Extra field |
Extended domain |
46 + n + m |
K |
File comment |
File comment content |
If the first bits of the General purpose bit flag part in this structure are set to 1, the compressed package is encrypted; if it is set to 0, the compressed package is not encrypted.
Iii. Implementation
We can use the jar package ZipCenOp. jar to encrypt and decrypt the apk (or use python to perform this operation. We will not introduce it here ).
(1) encrypt the apk
After encryption, we use the decompression software for decryption and will see the following prompt information:
If you use apktool for decompilation, the following error message is displayed:
The encrypted apk can be installed and run normally.
(2) decrypt the apk
Decryption is not very useful for us, just to understand.
I believe that you have some knowledge about the pseudo-encryption technology of apk, but this method is not applicable to android 4.2.x and later versions. It will reject the installation of this encrypted apk. In the next article, we will introduce another android apk anti-decompilation technology. We are looking forward to your support.
Thank you for reading this article. We look forward to seeing you next time:
If you have any questions about the technology mentioned in this article and want to obtain the technical tools described in this article, you will get the article updated immediately. Every day, you will publish an original article about the technology, share more technical information.
Welcome to personal public platform: programmer InterAction alliance, scan the QR code below or search for coder_onlineYou can pay attention to it and help you solve technical difficulties online and solve problems for Daniel..
From: http://my.oschina.net/u/2323218/blog/399326