Introduction to the

Hello everyone, I am Pig man, is to do Android development, nearly four years of work experience. This is my first time to write an article, I hope you can forgive me for my bad writing, and I also hope you can give your opinions or suggestions. There are several purposes to start writing articles: First, as the saying goes, good memory is better than bad writing, write out what you have learned or studied, and you will be more impressed. I do not know whether there is and I have the same feeling, that is, a certain knowledge point may be “already”, but when told to others or asked in the interview, can not say or express. If you can write out the knowledge point, and others can see it, then I think it is the real understanding. The second purpose is that the article written by myself can be pointed out by others, so that some suggestions or opinions can be helpful to my understanding. Of course, if it helps you solve problems at work, so much the better.

background

Ok, no more bb, so let’s start today’s topic. Some time ago, our company launched sock puppets on Google Play, and they were all wiped out. The boss called an emergency meeting to discuss the issue of putting vests on the shelves. From operation account application to technical code writing, discuss what might be optimized, or what might be because we accidentally violated The rules of Google censorship. After the meeting, Pigman was also “actively” thinking about what improvements could be made to the code. After thinking about it for a long time, I finally found a way to add confusing junk code.

If you integrate junk code into APK

Here are a few nouns: “confound,” “unpack,” “repack,” “Smali,” “signature.” As we all know, when android projects turn on obfuscation, our code changes class and method names to a, B, etc.,And the most important thing is that it removes the code that we’re not using“, because the garbage code we add will definitely not be called, so our garbage code will definitely be removed after turning on obfuscations. Some of you might say, well, let’s use keep to keep the junk code from being removed. Our goal is to add confusing garbage code. If we use keep, the garbage code is not confused, which is the opposite of our goal. Here is the process:

The first step is to create a new library and add the relevant code to build.gradle. There are many articles on the web about this, but I won’t go into them here.

lintOptions {
        abortOnError false
    }
    
def _BASENAME = "rubbish";
def _VERSION = "_v1. 0";
def _DestinationPath = "build/outputs/jar"; // Where to generate the JAR package
def zipFile = file('build/intermediates/aar_main_jar/debug/classes.jar'); // The file location to be packed

task deleteBuild(type:Delete){
    delete _DestinationPath + _BASENAME + _VERSION + ".jar"
}

task makeJar(type:Jar){
    from zipTree(zipFile)
    baseName = _BASENAME + _VERSION
    destinationDir = file(_DestinationPath)
}

makeJar.dependsOn(deleteBuild, build)
Copy the code

Note that the zipFile, which is the directory of the original JAR, may vary from AndroidStudio to AndroidStudio, and that the warning should be ignored at the beginning of the code above, otherwise an error may be reported.

Now that we have the JAR, let’s start obfuscating the JAR package. The tool used is ProGuardgui, which is available in our SDK. Tools \ ProGuard \bin\ proGuardgui.bat in the SDK directory is opened as shown in the figure belowIn the Input/Output field, add the jar package you want to obfuscate, and then add the directory to which you want to Output.Now, uncheck all of those in the Circles column, then uncheck the Optimize option in the Obfuscation column, go directly to Optimization, and uncheck the Optimize optionThen the key step is to select the lower version in the Target option in the Information column. I usually choose the 1.6 version. Ignore Warings below must be checked, otherwise it will failNow all options have been checked and completed. In the last step, click the Process button in the lower right corner of the Process column.If the Processing completed successfully is displayed at the end, it indicates that it has been successful, and there may be various warnings that we do not need to care about

Next, we compile the jar package into dex and use the dx command that comes with SDK

Dx --dex --output=< target dex>Copy the code

Then we need to change dex into Smali. We need a tool, smali.jar, smali download address to copy the dex generated in the previous step into the smali directory and use it

Java -jar baksmali.jar d <dex file >Copy the code

Then we began to unpack our good APK, need to use the apktool tool apktool download link, copy apK to the apktool directory, use the command to unpack, success will get the following file directory structure

Java -jar apktool.jar dCopy the code

Then copy the smali file we just generated into the unpacked directoryPay attention to the directory structure ah, to unpack the package in the smali folder after the package path, the following is to repack

Java -jar apktool.jar bCopy the code

After successfully repacking, a dist directory will be generated in the unpacking directory, which is the APK after we added the garbage codeThis is followed by v1 signature, alignment, and V2 signature of our repackaged APK. The following three steps I will not introduce in detail, I believe that everyone should be no problem, if there is not clear can refer to some information.

V1 Signature: jarsigner -verbose -keystore < signature file > -storepass < key password > -keypass < key password > -signedjar < APK after signing > < APK before signing > < key alias > Alignment: zipalign -v4< original APK > < APK > v2 alignment: Jar sign --ks < signature file > --ks-key-alias Signature file alias --ks-pass pass: password --key-pass pass: password --out < output apk> < unsigned APK >Copy the code

If the preceding three steps are successful, run the verification code command to verify that v1 and v2 are true

java -jar apksigner.jar verify -v <apk>
Copy the code

After the steps, we have completed the APK after adding the confused garbage code. In order to verify whether our APK really successfully infiltrates the confused garbage code, we use Android Reverse Assistant to decompile and have a lookThis is the first piece of junk code we wrote, a Person classThis is what junk code looks like when it’s mixed up. Ok, we are done, slip slip slip!!

That’s it? Wait a minute. There’s a dozen fucking commands, some of them that long. It’s too much work. So what do I do? Yeah, I’m gonna make a move. Use scripts!!

@echo off
echo "start"C: CD C:\Users\Administrator\Desktop\rebale :: Compile the jar package into dex call dx --dex --output=rubbish. Dex *.jar echo"build dex success"D:\Develop\smali\baksmali.jar D rubbish"build smali success"Call Java -jar D:\Develop\apktool\apktool.jar D original"take apart apk success"
echo "please copy smali"Call Java -jar D:\Develop\apktool\apktool.jar b original echo"reuppack success":: Perform v1 signature call Jarsigner -verbose -keystore C:\Users\Administrator\Desktop\ JKS \test. JKS -storepass123456 -keypass 123456 -signedjar signed.apk C:\Users\Administrator\Desktop\rebale\original\dist\original.apk test
echo "v1 sing success":: Align call zipalign -v4 C:\Users\Administrator\Desktop\rebale\signed.apk zipalign.apk
echo "zipalign success"Call java-jar D:\Develop\ SDK \build-tools\28.03.\lib\apksigner.jar sign --ks C:\Users\Administrator\Desktop\jks\test.jks --ks-key-alias test --ks-pass pass:123456 --key-pass pass:123456 --out app-release.apk zipalign.apk
echo "v2 sign success"Call java-jar D:\Develop\ SDK \build-tools\28.03.\lib\apksigner.jar verify -v app-release.apk
pause
Copy the code

How do you use it? Create a new xx.bat script file and use the code above to modify the commands according to their actual directories. First of all, you need to manually generate the obfuscated JAR package, and then put the obfuscated JAR package and the generated APK in the same directory. For example, I created a Rebale directory on my desktop and put jar packages and APk into the Rebale directory. Then start executing the scriptAt this point, the unpacking and garbage generation of smali is complete. Here we wait to copy smali to the unpacking directory. When the copy is finished, press Enter

The words above will appear after the final success.

conclusion

This approach may not be 100% effective, as it is not only a code issue, but also a business or operation issue for account application and server reasons. Because of this approach, we have successfully launched two models, so we want to share them with you. Finally, the first time to write an article, to be honest, a little tired, took half a day, but after writing will be very happy. I always had a heart to write articles before, but I was too lazy. Now we are finally moving forward. Let’s cheer up.