This is the 11th day of my participation in the Gwen Challenge in November. Check out the details: The last Gwen Challenge in 2021

Code confusion

Actually code obfuscation is not really encryption. Simply renaming your program’s source code reduces readability and increases the cost of understanding the source code, without actually hiding the code. If you have enough time and energy to slowly decipher the content of the source code, you basically know what the source code is doing. In addition, code confusion coverage is generally accounted for about 10%-30% of the source code, not high coverage. Total obfuscation like Ali’s still improves security and makes reverse analysis more difficult.

Apk reinforcement

Love encryption for APK reinforcement

  1. DEX Dynamic separation and encryption

Extract all functions from classes.dex and store them encrypted separately. It can effectively prevent static reverse of dex and secure code memory mapping.

  1. So library file encryption

So source code, so function name and interface call are encrypted and hidden by advanced obfuscation of so code, process mixing encryption and internal string encryption

  1. Anti-reverse tampering

The unique verification technology can ensure that the APK package cannot run after any information inside the APK is tampered

Looking back at the Java source code after hardening, you’ll find that SuperApplication and NativeApplication classes have been added, and in other classes you’ll find that the function implementation is hidden. This is not the result of dex dynamic separation encryption. Where exactly is the code implementation hidden? In Assets you will find some additional files including the SO file. Then we can guess that the specific function implementation might be pulled out into the so file.

Ali Cloud apK reinforcement

  1. Anti-mainstream static analysis tools

Can effectively prevent hackers through APKTool, Dex2JAR, JEB and other static analysis tools to analyze the application of Java layer code.

  1. SO add case

Through the SO file shell protection, can effectively prevent malicious through IDA, readelf and other tools to analyze the logic in SO.

  1. DEX packers

By means of shell protection of DEX file and dynamic loading repair at runtime, hackers can effectively prevent memory dump of Java layer code.

  1. Java instruction translation

If you modify the invocation chain of Java layer business logic, even if hackers get the code of Java layer, they cannot completely analyze the whole business logic.

  1. Java simulation execution

By extracting instructions from the DEX file and simulating execution using a custom execution environment, you can effectively prevent a malicious person from instruction-level dump of Java layer code.

reference

  • # New directions for APP reinforcement — obfuscation and slimming