Skip to content

Make safest code in Android. (ndk实现AES,key在native中,防止被二次打包){长期维护,请star,勿fork}

License

Notifications You must be signed in to change notification settings

15189611/AESJniEncrypt

Repository files navigation

English

中文

Reach high security in Android

  • Add AES algorithms to native code

  • Hide native function in JniOnload

  • Use signature verification to avoid being packaged again (It is prevents that hacker call your jni method directly.)

  • key exists in the symbol table, and hides the character table This scheme has been deprecated, discard reason issues5, please see the next

  • Get the key from a complex function, to hide the key, current function is a simple solution. (Complex solution: divide the Key into several pieces, store them in different C files, and finally splicing them together. This function should be complicated to write and increase the decompiling difficulty.)

  • Use "obfuscator" to confuse C code, how to deobfuscation?

  • Added support for x86 for obfucator. There is a link at the bottom of the tutorial for configuring obfucator.

  • Anti-debugging the so, the current code is a relatively simple solution, there are more complicated and more sophisticated solutions, such as: each time you perform encryption and decryption sign to determine whether it is traced, you want to write more complicated after your fork

  • Masking the simulator when the code is run: The code comes from my another repository Check_Emulator_In_NDK

  • TODO: Prevent SO file being code inject

Char * key = "NMTIzNDU2Nzg5MGFiY2RlZg"; / / Here is the key is processed and stored here, in fact the real key is: "1234567890abcdef"

Build & Integration

a. Set ndk.dir in local.properties Requires that the ndk version must be 11-13b. High version ndk has not been tested, and may doesn't compiled.

b. Integrate into the project, please modify the class name and method name, dont expose the encryption algorithm, modify the key storage program into the code.

c. Generate and modify signatures.

c.1.Generate keystore

/ / Then the current directory
$ mkdir keystore
$ cd keystore/
$ keytool -genkey -alias client1 -keypass 123456 -keyalg RSA -keysize 1024 -validity 365 -storetype PKCS12 -keystore ./androidyuan.keystore

...


c.2. Get the hash value of the current keystore and modify the package name and hash in the native code

At present, there seems to be no good way. I can only use java, **getSignature(Context context)** to log out, then write to the C file and rebuild the project.

Please integrate the keystore hashcode and package name into your own project to prevent the de-compilation from getting the SO file and use it for secondary packaging.

Thanks

Base64 algorithm from: https://github.com/willemt/pearldb

AES128 Algorithm From: https://github.com/kokke/tiny-AES128-C

Native code obfuscator: obfuscation-o-llvm-ndk

Remind: SO file will become bigger

unconfused so confused so

Contrast: So confused is three times the size before confusion.

PS:

Because you need to do signature verification, i cann't provide jcenter dependencies, pls forgive me!

Regardless of how secure the code, I still against that the key being stored in the code.

To compile a SO confused native code, you need to modify the externalNativeBuild in the aesjni/build.gradle file and configure the Obfuscator-LLVM under the NDK.

This is my NDK configuration obfuscator tutorial: Obfuscator-LLVM-4.0-BUILD-NDK

How do other languages ​​work together with encryption and decryption?


Contributing

In case you would like to add information to this repository or suggest some ideas, please use one of the following options:

About

Make safest code in Android. (ndk实现AES,key在native中,防止被二次打包){长期维护,请star,勿fork}

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages

  • C 92.1%
  • Java 5.4%
  • CMake 1.6%
  • Other 0.9%