Coder Social home page Coder Social logo

xcjking / aesjniencrypt Goto Github PK

View Code? Open in Web Editor NEW

This project forked from brucewind/aesjniencrypt

0.0 1.0 0.0 261 KB

Reach high security in Android. (ndk实现AES,key在native中,防止被二次打包){长期维护,请star,勿fork}

License: Other

CMake 1.65% Java 5.17% C 92.30% Makefile 0.79% Shell 0.09%

aesjniencrypt's Introduction

English

中文

Reach high security in Android

  • Add AES algorithms to native code

  • Hide native function in JniOnload

  • Use signature verification to avoid being packaged again (It is prevents that hacker call your jni method directly.)

  • key exists in the symbol table, and hides the character table This scheme has been deprecated, discard reason issues5, please see the next

  • Get the key from a complex function, to hide the key, current function is a simple solution. (Complex solution: divide the Key into several pieces, store them in different C files, and finally splicing them together. This function should be complicated to write and increase the decompiling difficulty.)

  • Use "obfuscator" to confuse C code, how to deobfuscation?

  • Added support for x86 for obfucator. There is a link at the bottom of the tutorial for configuring obfucator.

  • Anti-debugging the so, the current code is a relatively simple solution, there are more complicated and more sophisticated solutions, such as: each time you perform encryption and decryption sign to determine whether it is traced, you want to write more complicated after your fork

  • Masking the simulator when the code is run: The code comes from my another repository Check_Emulator_In_NDK

  • TODO: Prevent SO file being code inject

Char * key = "NMTIzNDU2Nzg5MGFiY2RlZg"; / / Here is the key is processed and stored here, in fact the real key is: "1234567890abcdef"

Build & Integration

a. Set ndk.dir in local.properties Requires that the ndk version must be 11-13b. High version ndk has not been tested, and may doesn't compiled.

b. Integrate into the project, please modify the class name and method name, dont expose the encryption algorithm, modify the key storage program into the code.

c. Generate and modify signatures.

c.1.Generate keystore

/ / Then the current directory
$ mkdir keystore
$ cd keystore/
$ keytool -genkey -alias client1 -keypass 123456 -keyalg RSA -keysize 1024 -validity 365 -storetype PKCS12 -keystore ./androidyuan.keystore

...


c.2. Get the hash value of the current keystore and modify the package name and hash in the native code

At present, there seems to be no good way. I can only use java, **getSignature(Context context)** to log out, then write to the C file and rebuild the project.

Please integrate the keystore hashcode and package name into your own project to prevent the de-compilation from getting the SO file and use it for secondary packaging.

Thanks

Base64 algorithm from: https://github.com/willemt/pearldb

AES128 Algorithm From: https://github.com/kokke/tiny-AES128-C

Native code obfuscator: obfuscation-o-llvm-ndk

Remind: SO file will become bigger

unconfused so confused so

Contrast: So confused is three times the size before confusion.

PS:

Because you need to do signature verification, i cann't provide jcenter dependencies, pls forgive me!

Regardless of how secure the code, I still against that the key being stored in the code.

To compile a SO confused native code, you need to modify the externalNativeBuild in the aesjni/build.gradle file and configure the Obfuscator-LLVM under the NDK.

This is my NDK configuration obfuscator tutorial: Obfuscator-LLVM-4.0-BUILD-NDK

How do other languages ​​work together with encryption and decryption?


Contributing

In case you would like to add information to this repository or suggest some ideas, please use one of the following options:

Contributor

https://github.com/larry19840909

https://github.com/zxp0505

https://github.com/baoyongzhang

aesjniencrypt's People

Contributors

baoyongzhang avatar brucewind avatar

Watchers

 avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.