First, the means of reinforcement

1. Anti-simulator

The core code is stopped when it is found to be an emulator. (Emulators can compile themselves and add a lot of stuff)

2. Code virtualization

Create a virtual execution engine, convert native executable code into custom instructions for virtual execution. (The code runs on its own virtual machine.)

3. The encryption

Encrypt the core code, and decrypt the non-core code when it runs.

Second, the overall framework of encryption and reinforcement

1. Isolate the core DEX. 2. Perform AES symmetric encryption on the core DEX. 3. Merge shell dex2(dex used to decrypt the core DEX) with the encrypted dex. 4. Re-pack the package as APK. 5.Copy the code

Three, the basic principle of encryption

Dex file structure

When the class definition of the data area exists, but the data area is encrypted, we decompilated method, there will be method name and definition, but there is no implementation.

The packaging process of APK

1. Use the AAPT tool to package the entire application's resource files as r.Java files. 2. Use the AIDL tool to generate Java interface files from all. Aidl files. 3. Use the Java compiler to compile the two files and the. Java file. The class files. 4. Use the dx.bat tool to generate a. Dex file from the class file. 5. Use aplBuilder to package resource files,. Dex files, and other resource files into APK.6. Sign through the keyStore(signature file) to become an executable APK.Copy the code

Third, realize the encryption process

1. Encrypt the dex in APK

1. Extract the APK.

2. Place all files except signature files in a new folder.

3. Use a file filter to remove the. Dex file.

 // Get all dex (need to deal with subcontracting)
        File[] dexFiles = dstApkFile.listFiles(new FilenameFilter() {
            @Override
            public boolean accept(File file, String s) {
                return s.endsWith(".dex"); }});Copy the code
  1. Read the. Dex file into memory as a byte stream.

 public static byte[] getBytes(File dexFile) throws Exception {
      RandomAccessFile fis = new RandomAccessFile(dexFile, "r");
      byte[] buffer = new byte[(int)fis.length()];
      fis.readFully(buffer);
      fis.close();
      return buffer;
  }
Copy the code
  1. Encrypt the byte stream of memory and write it back to a file.

2. Shell DEX is generated for decryption.

Shell code is written in module, so it generates. Aar aar and APK: 1) One without signature file, one with signature file. 2) A JAR and a dex file.Copy the code

1. Decompress the. Arr file to a folder.

2. Convert jar to dex(dx tool)

3. Write the dex of the shell to the encrypted dex file.

4. Compress shell dex, encryption dex, and resource files

5. Run the CMD command to add a signature.

3. Hulling process

  1. In the Attach method of application, find the corresponding APK.

  2. Decompress APK and screen out the dex file inside.

  3. Decrypt all dex files except the dex of application and write them to the folder.

  4. Through the principle of hot repair, load the DEX file into the pathClassLoader by hook technology.

Hook: Can be understood as, through reflection technology to modify the source code.