1. Recently researched the protection of so file, found love encryption to support the protection of so files, and then contact the customer, would like to let customers protect a own so file to do the test, the results of a variety of customers do not want, said to sign what XX agreement can give so protection, a variety of egg pain. Finally the client gave me one of their protection after so and a pre-protection so with a documentation such as:
Today, we mainly analyze this encrypted so to see how it is protected and whether it has security.
2. According to the instructions in the. doc, "the size of the pre-encrypted so file is 14KB and the encrypted so file size is 9KB." The volume of so library can be reduced by about 40% after encryption. "such as
Speculation may be UPX protection, if the kind of words, we can use "upx.exe-d after the encryption of." To shelled it? Of course not, the test results (I use 3.92).
Cannot be shelled!! We use the 16 binary tool to open the encrypted. So found it put UPX after the sign "upx!" Changed to ajm! so as long as we change it back should be able to shelled. Isn't it very sexy!
As shown in the following:
It worked!! Then just change back to the original entry point!
Let's compare the next shelling with the original unencrypted so is those different!
Such as:
Only two bytes is not the same, that is the entrance, we can change back to normal use!!
Sample and document download
Http://yunpan.cn/cVKThr9uAH2za (Extract code: DFB4)
Love encryption so protection simple shelling test