Skip to content

Commit

Permalink
[native]:{add shell script for building libsodium static library.}
Browse files Browse the repository at this point in the history
in addition,some useless codes I removed.
  • Loading branch information
bruce committed Feb 22, 2021
1 parent 26c9b87 commit e5f8089
Show file tree
Hide file tree
Showing 34 changed files with 171 additions and 2,409 deletions.
14 changes: 9 additions & 5 deletions FigureOutJNICrash.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,13 +2,16 @@ How to locate where native crash at?
------------
1.ensure you ndk is set into environment.

2.run **ndk-stack** to analyze logcat which code crash printed.
2.run **ndk-stack** to analyze logcat and **symbol file** to find where crash printed.
```
adb logcat | ndk-stack -sym ../obj/local/armeabi-v7a/
//or
adb logcat | ndk-stack -sym ../obj/local/x86/
//or you use gradlew build command:
adb logcat | ndk-stack -sym ./aesjni/build/intermediates/ndkBuild/debug/obj/local/arm64-v8a/objs-debug/
//or you using ndk-build command:
adb logcat | ndk-stack -sym ./aesjni/src/main/obj/local/x86/
```
> **../obj/local/x86/** and **../obj/local/armeabi-v7a/** is symbol file directory.

### Example:

I got crash logs:
Expand Down Expand Up @@ -61,7 +64,8 @@ Stack frame #05 pc 0000113d /data/local/tmp/test: Routine main at /Users/bruce/
```

My conclusion: `/Users/******/git/AESJniEncrypt/aesjni/src/main/jni/main_unit_test.c:146` is where the executable file crash at.
`/Users/******/git/AESJniEncrypt/aesjni/src/main/jni/main_unit_test.c:146` show me that
executable file crash at `line 146 from main_unit_test.c`.

## Remind
*ndk-stack* of NDK-R13 **only supports** symbol file of armeabi-v7a.
Expand Down
15 changes: 11 additions & 4 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,8 @@


# Reach high security in Android
- [x] Add AES algorithms to native code
- [x] ~~AES algorithms~~,it is low-performance,so it has been deprecated.
- [x] use chacha20 instead of AES. TLS1.3 used chacha20 on mobile device too,it is high-performance for arm.
- [x] Hide native function in JniOnload
- [x] Use signature verification to avoid being packaged again (It is prevents that hacker call your jni method directly.)
- [x] ~~key exists in the symbol table, and hides the character table~~ This scheme has been deprecated, [discard reason issues5](https://github.com/weizongwei5/AESJniEncrypt/issues/5), please see the next
Expand All @@ -16,9 +17,10 @@
- [x] Masking the simulator when the code is run: The code comes from my another repository [Check_Emulator_In_NDK](https://github.com/Scavenges/Check_Emulator_In_NDK)
- [ ] TODO: Prevent SO file being code inject

```
Char * key = "NMTIzNDU2Nzg5MGFiY2RlZg"; / / Here is the key is processed and stored here, in fact the real key is: "1234567890abcdef"
```

## Before you clone
install GIT-LFS: https://git-lfs.github.com/

## Build & Integration

a. Set ndk.dir in local.properties Requires that the ndk version must be 11-13b. High version ndk has not been tested, and may doesn't compiled.
Expand Down Expand Up @@ -90,3 +92,8 @@ In case you would like to add information to this repository or suggest some ide
[https://github.com/zxp0505](https://github.com/zxp0505)

[https://github.com/baoyongzhang](https://github.com/baoyongzhang)


## Legal
If you live in China, you should take care about [checking apk signature](https://github.com/BruceWind/AESJniEncrypt/blob/master/aesjni/src/main/cpp/check_emulator.c#L43).
I have called PackageManger ,it might be thought to read installed apps list,look at [工信部整治八项违规](http://www.miit.gov.cn/n1146295/n7281315/c7507241/part/7507297.docx).
13 changes: 6 additions & 7 deletions README_zh.md
Original file line number Diff line number Diff line change
Expand Up @@ -3,8 +3,8 @@
[中文](https://github.com/BruceWind/AESJniEncrypt/blob/master/README_zh.md)

# 追求极致的代码安全性保障
- [x] ~~ndk实现AES加密~~,性能不佳,已废弃此方式,TLS1.3
- [ ] 使用chacha20加密,TLS1.3在移动端都用了chacha20了
- [x] ~~ndk实现AES加密~~,性能不佳,已废弃此方式
- [ ] 使用chacha20加密,TLS1.3在移动端都用了chacha20了,性能更好
- [x] 使用JniOnload 隐藏c函数
- [x] 使用签名校验避免被再次打包(这是绕过破解加密算法直接调用你的jni函数)
- [x] ~~key存在符号表中,同时隐藏字符表~~ 该方案已经废弃,[废弃原因issues5](https://github.com/weizongwei5/AESJniEncrypt/issues/5),请看下一条
Expand All @@ -15,10 +15,6 @@
- [x] 代码run的时候屏蔽模拟器 :代码来自我的另外一个仓库[Check_Emulator_In_NDK](https://github.com/Scavenges/Check_Emulator_In_NDK)
- [ ] TODO:防止so代码被code inject

```
char * key = "NMTIzNDU2Nzg5MGFiY2RlZg";//这里是key被做过处理存储在这里的,实际上真实的key是:"1234567890abcdef"
```

## 克隆代码准备
先安装GIT-LFS:
https://git-lfs.github.com/
Expand Down Expand Up @@ -95,4 +91,7 @@ Native代码混淆器:[obfuscation-o-llvm-ndk](https://fuzion24.github.io/andr

有问题及时提:[new issues](https://github.com/weizongwei5/AESJniEncrypt/issues/new)


## 合规
如果你生活在中国,请注意[工信部整治八项违规](http://www.miit.gov.cn/n1146295/n7281315/c7507241/part/7507297.docx).
我调用了PackageManger[检查签名](https://github.com/BruceWind/AESJniEncrypt/blob/master/aesjni/src/main/cpp/check_emulator.c#L43),我只是**读取当前安装的app**, 这可能被认为**收集了安装列表**。从规定上来讲并不违规,只是读取了,并没**收集**,收集是违规的,读取是合规的。
只是目前有可能被误认为**收集**
19 changes: 17 additions & 2 deletions aesjni/build.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ apply plugin: 'com.android.library'

android {
compileSdkVersion 25
buildToolsVersion "25.0.3"
//ndkPath "/Users/bruce/Library/Android/sdk/ndk/16.1.4479499"
// ndkVersion '16.1.4479499'
defaultConfig {
Expand All @@ -18,11 +19,20 @@ android {
}

ndk {
moduleName = "JNIEncrypt"
// Specifies the ABI configurations of your native
// libraries Gradle should build and package with your APK.
abiFilters 'x86'
abiFilters 'armeabi-v7a', 'arm64-v8a', 'x86'
}

// sourceSets {
// main {
// // The libs directory contains prebuilt libraries that are used by the
// // app's library defined in CMakeLists.txt via an IMPORTED target.
// jniLibs.srcDirs = ['libs']
// }
// }

}


Expand Down Expand Up @@ -59,5 +69,10 @@ dependencies {
exclude group: 'com.android.support', module: 'support-annotations'
})
implementation 'com.android.support:appcompat-v7:25.0.1'
testImplementation 'junit:junit:4.12'
// Required for local unit tests (JUnit 4 framework)
implementation 'junit:junit:4.12'

// Required for instrumented tests
androidTestCompile 'com.android.support:support-annotations:24.0.0'
androidTestCompile 'com.android.support.test:runner:0.5'
}
18 changes: 11 additions & 7 deletions aesjni/src/androidTest/java/com/androidyuan/aesjni/JNITest.java
Original file line number Diff line number Diff line change
Expand Up @@ -15,15 +15,19 @@
@RunWith(AndroidJUnit4.class)
public class JNITest {

private final String plain = "123abcABC*%!~#+_/中文测试";
private final String encodeStr = "1cad994119e4f3038fe29e34a4a12ce8a4b28f06db7682ab9d4f775c0e25659b01da27db09368eb3778ccea063";
private static final String PLAIN = "123abcABC*%!~#+_/中文测试";
private static final String ENCODE_STR = "1cad994119e4f3038fe29e34a4a12ce8a4b28f06db7682ab9d4f775c0e25659b01da27db09368eb3778ccea063";
@Test
public void useAppContext() throws Exception {

//plain:123abcABC&*(@#@#@)+_/中文测试
final String code = AESEncrypt.encode(this, plain);
assertEquals(code,encodeStr);
final String decode = AESEncrypt.decode(this, encodeStr);
assertEquals(plain,decode);
// Context of the app under test.
// Context appContext = InstrumentationRegistry.getTargetContext();
// assertEquals(EncryptEntry.checkSignature(appContext),1);

//plain:"123abcABC&*(@#@#@)+_/中文测试"
final String code = EncryptEntry.encode(this, PLAIN);
assertEquals(code,ENCODE_STR);
final String decode = EncryptEntry.decode(this, ENCODE_STR);
assertEquals(PLAIN,decode);
}
}
2 changes: 1 addition & 1 deletion aesjni/src/main/cpp/JNIEncrypt.c
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@
// 获取数组的大小
# define NELEM(x) ((int) (sizeof(x) / sizeof((x)[0])))
// 指定要注册的类,对应完整的java类名
#define JNIREG_CLASS "com/androidyuan/aesjni/AESEncrypt"
#define JNIREG_CLASS "com/androidyuan/aesjni/EncryptEntry"

const char *UNSIGNATURE = "UNSIGNATURE";

Expand Down
2 changes: 1 addition & 1 deletion aesjni/src/main/cpp/checksignature.c
Original file line number Diff line number Diff line change
Expand Up @@ -54,7 +54,7 @@ jint check_signature(JNIEnv *env, jobject thiz, jobject context) {
jint hashCode = (*env)->CallIntMethod(env, signature, methodID_hashcode);
//LOGE("hashcode: %d\n", hashCode);

if (strcmp(package_name, app_packageName) != 0) {
if (strcmp(package_name, app_pkg_name) != 0) {
return -1;
}
if (hashCode != app_signature_hash_code) {
Expand Down
2 changes: 1 addition & 1 deletion aesjni/src/main/cpp/checksignature.h
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@


//合法的APP包名
static const char *app_packageName = "com.androidyuan.aesjniencrypt";
static const char *app_pkg_name = "com.androidyuan.aesjniencrypt";

//this value is generated by com.androidyuan.aesjni.SignatureTool.java.
//-625644214 is hash of keystore file.
Expand Down
Original file line number Diff line number Diff line change
@@ -1,15 +1,17 @@
package com.androidyuan.aesjni;

import android.content.Context;

/**
* Created by wei on 16-12-2.
*
* 秘文的key 在 C 的代码,如需修改请先修改JNIEncrypt.c
* 另外native做了签名校验
*
* @Date: 21-02-22:
* AES algorithm has been instead with chacha20.
* And algorithm is written by libsodium.
*
*/

public class AESEncrypt {
public class EncryptEntry {

static {
System.loadLibrary("JNIEncrypt");
Expand Down Expand Up @@ -38,7 +40,7 @@ public class AESEncrypt {
/**
* 检查 打包签名是否 是正确的 防止被二次打包
*
* @param con
* @param context
* @return 1 : pass , -1 or -2 : error.
*/
public static native int checkSignature(Object context);
Expand Down

This file was deleted.

148 changes: 0 additions & 148 deletions aesjni/src/main/java/com/androidyuan/aesjni/Sodium.java

This file was deleted.

Loading

0 comments on commit e5f8089

Please sign in to comment.