CN107609394A - Tamper resistant method, storage device and the device of Android installation kits - Google Patents
Tamper resistant method, storage device and the device of Android installation kits Download PDFInfo
- Publication number
- CN107609394A CN107609394A CN201710750552.8A CN201710750552A CN107609394A CN 107609394 A CN107609394 A CN 107609394A CN 201710750552 A CN201710750552 A CN 201710750552A CN 107609394 A CN107609394 A CN 107609394A
- Authority
- CN
- China
- Prior art keywords
- files
- dex
- android installation
- classes2
- tamper resistant
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000009434 installation Methods 0.000 title claims abstract description 76
- 238000000034 method Methods 0.000 title claims abstract description 46
- 238000012856 packing Methods 0.000 claims abstract description 8
- 238000004590 computer program Methods 0.000 claims description 15
- 238000011068 loading method Methods 0.000 claims description 5
- 238000004891 communication Methods 0.000 claims description 3
- 238000004422 calculation algorithm Methods 0.000 claims description 2
- 230000006837 decompression Effects 0.000 description 4
- 238000004364 calculation method Methods 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 238000012546 transfer Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000013507 mapping Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Landscapes
- Stored Programmes (AREA)
Abstract
The invention provides a kind of tamper resistant method, storage device and the device of Android installation kits, by the way that Android installation kits APK file is decompressed, and the maindexlist files subpackage wherein contained is exported into calsses1.dex files and classes2.dex files;The calsses1.dex files and classes2.dex files are transferred under second-level directory, and are encrypted, compiling then is returned to Android installation kits, new installation kit is generated after packing.Tamper resistant method, storage device and device of the present invention, by being shifted to the core document in installation kit and encryption, avoid to being put into malicious code resistance after unpacking, so as to the integrality of Android installation kit.
Description
Technical field
The present invention relates to technical field of data security, more particularly to a kind of tamper resistant method of Android installation kits
And device.
Background technology
Android installation kits refer to APK, and APK file is a zip form in fact, can lead in windows systems
Just directly solution pressure energy checks that the file of root has a META-INF files after decompression, res files, libs files to overcompression instrument,
AndroidManifest.xml files, classes.dex files, assets.Wherein to classes.dex files and
Manifest.xml carries out reverse, you can restores this installation kit APK source code, malice generation is added on the basis of source code
Code, is repacked, and will become a brand-new APK file for carrying malicious code, apk file integralities are not protected
Shield.
Therefore, prior art is improved up for further.
The content of the invention
In view of above-mentioned weak point of the prior art, it is an object of the invention to provide the user a kind of Android peaces
Tamper resistant method, storage device and the device of bag are filled, overcomes and Android installation package files integrality is not protected in the prior art
Shield, the defects of causing to make it easier to be tampered.
The technical scheme of the method disclosed in the present, storage device and device is as follows:
A kind of tamper resistant method of Android installation kits, wherein, comprise the following steps:
Step A, Android installation kits APK file is decompressed, and the maindexlist file subpackages wherein contained is defeated
Go out calsses1.dex files and classes2.dex files;
Step B, the calsses1.dex files and classes2.dex files are transferred under second-level directory, and carried out
Encryption;
Step C, customized calsses.dex files are created, and is replaced using the calsses.dex files and is located at root
Calsses1.dex files and classes2.dex files under catalogue;
Step D, compiling is returned to Android installation kits, new installation kit is generated after packing.
The tamper resistant method of described Android installation kits, wherein, also include before the step A:
Step A01, it is arranged in advance by Android installation kit APK files are self-defined:
Two classes.dex files containing classes1.dex and classes2.dex in maindexlist files;
And included in the classes1.dex files:Start page and the necessary class of application initialization, and it is described
Other classes.dex fileinfos for removing and containing in classes1.dex files are included in classes2.dex files.
The tamper resistant method of described Android installation kits, wherein, the step A also includes:
Step A1, the APK file for compiling out is decompressed, obtains Manifest.xml files, calsses1.dex files
With classes2.dex files, and assets files, META-INF files and libs files.
The tamper resistant method of described Android installation kits, wherein, the step B also includes:
Step B1, calsses1.dex and classes2.dex are transferred to the second-level directory file of assets files
Under, while replace the calsses1.dex files and classes2.dex under root using self-defined calsses.dex files
File;
Step B2, AES calculations are carried out to calsses1.dex files and classes2.dex files using random generation key
Method is encrypted.
The tamper resistant method of described Android installation kits, wherein, also include after the step A01:
Step A02, it is arranged in advance by Android installation kit APK files are self-defined:
Encryption dynamic base is set under the libs files;
The step B also includes:
Step B3, using the encryption dynamic base to the calsses1.dex files and classes2.dex after encryption
File carries out loading decryption.
The tamper resistant method of described Android installation kits, wherein, also include between the step C and step D:
Step D0, using obfuscated codes, and the resource file under res files is carried out to obscure place with reference to configuration file
Reason.
The tamper resistant method of described Android installation kits, wherein, also include after the step B3:
Step B4, the second-level directory for the assets files for being transferred to startup program entrance in Manifest.xml files
Under file.
A kind of storage device, wherein, the storage device is stored with computer program, and the computer program can be held
Go to realize the tamper resistant method of described Android installation kits.
A kind of tamper resistant device of Android installation kits, wherein, including:Processor and it is connected with the processor communication
Storage device;
The storage device is stored with computer program, when the computer program is executed by processor described in realization
The tamper resistant method of Android installation kits;
The processor, for calling the computer program in the storage device, installed with performing above-mentioned Android
The tamper resistant method of bag.
Beneficial effect, the invention provides a kind of tamper resistant method, storage device and the device of Android installation kits, leads to
Cross and decompress Android installation kits APK file, and the maindexlist files subpackage wherein contained is exported
Calsses1.dex files and classes2.dex files;The calsses1.dex files and classes2.dex files are turned
Move under second-level directory, and be encrypted;Customized calsses.dex files are created, and described in use
Calsses.dex files replace the calsses1.dex files and classes2.dex files being located under root;To Android
Installation kit returns compiling, and new installation kit is generated after packing.Tamper resistant method of the present invention, by the core in installation kit
File is shifted and encryption, avoids to being put into malicious code resistance after unpacking, so as to protect the complete of installation kit
Property.
Brief description of the drawings
Fig. 1 is the tamper resistant method flow chart of steps of Android installation kits of the present invention.
Fig. 2 is the tamper resistant method concrete application embodiment flow chart of steps of Android installation kits of the present invention.
Fig. 3 is the theory structure schematic diagram of the tamper resistant device of Android installation kits of the present invention.
Embodiment
To make the objects, technical solutions and advantages of the present invention clearer, clear and definite, develop simultaneously embodiment pair referring to the drawings
The present invention is further described.It should be appreciated that specific embodiment described herein is used only for explaining the present invention, and do not have to
It is of the invention in limiting.
The invention provides a kind of tamper resistant method of Android installation kits, as shown in figure 1, the tamper resistant method bag
Include following steps:
Step S1, the APK file of Android installation kits is decompressed, and the maindexlist file subpackages that will wherein contain
Export calsses1.dex files and classes2.dex files.
Installation kit is decompressed, gets the maindexlist files subpackage output obtained after decompression
Calsses1.dex files and classes2.dex files.
Specifically, in this step:Decompression compiling APK file, can obtain Manifest.xml files,
Calsses1.dex files and classes2.dex files, and assets files, META-INF files and libs files
Folder.
In order to realize above method step, also include before this step:
It is arranged in advance by Android installation kit APK files are self-defined:
Two classes.dex files containing classes1.dex and classes2.dex in maindexlist files;
And included in the classes1.dex files:Start page and the necessary class of application initialization, and it is described
Other classes.dex fileinfos for removing and containing in classes1.dex files are included in classes2.dex files.
Included due to setting in only classes1.dex files:Start page and the necessary class of application initialization, because
This installation kit can be performed quickly in startup and application initialization, reduce application program launching and initialization etc.
Treat the time.
Step S2, the calsses1.dex files and classes2.dex files are transferred under second-level directory, and entered
Row encryption.
In this step, by core document in the apk files of installation kit:The calsses1.dex files and
Classes2.dex files are transferred under the second-level directory of setting and preserved, and it is encrypted, due in this step not
It uses only transfer and preserve and also core document is encrypted, core text is obtained during so as to avoid to installation kit decompiling
The possibility of part, it ensure that the integrality of installation kit.
Specifically, comprise the following steps in this step S2:
Step S21, calsses1.dex and classes2.dex are transferred to the second-level directory file of assets files
Under folder, at the same using self-defined calsses.dex files replace root under calsses1.dex files and
Classes2.dex files;
Step S22, AES calculations are carried out to calsses1.dex files and classes2.dex files using random generation key
Method is encrypted.
Step S23, the two level mesh for the assets files for being transferred to startup program entrance in Manifest.xml files
Record under file.
Step S24, using the encryption dynamic base to the calsses1.dex files after encryption and
Classes2.dex files carry out loading decryption.
In order to realize file encryption, also include in this step:In advance by the self-defined setting of Android installation kit APK files
For:Encryption dynamic base is set under the libs files;
Step S3, customized calsses.dex files are created, and is replaced and is located at using the calsses.dex files
Calsses1.dex files and classes2.dex files under root.
Step S4, compiling is returned to Android installation kits, new installation kit is generated after packing.
Preferably, in order to obtain more preferable anti-tamper effect, also include between the step S3 and step S4:
Step S40, using obfuscated codes, and the resource file under res files is carried out to obscure place with reference to configuration file
Reason.
Step in being implemented below with the concrete application of the present invention does the explanation into one to the present invention, with reference to shown in Fig. 2,
This method comprises the following steps in the specific implementation:
In step S10, Android engineering self-defined specified maindexlist subpackages export two classes1.dex and
Classes2.dex APK;
The complete trails class list to be relied on is recorded in Android engineering sound code files, and give tacit consent in system
Maindexlist reserved categories listed files merges, and specifies and is compiled into classes1.dex, app first time start-up loadings first start
The relevant class necessarily for starting page and program initialization in classes1.dex, remaining class is all put into another
Individual classes2.dex, classes1.dex is than classes2.dex small volume.
Step S20, APK decompression, shifts two core calsses1.dex and classes2.dex and encryption, picture resource
Protection;
The APK file for compiling out is unpacked, obtains AndroidManifest.xml, calsses1.dex,
Classes2.dex files and assets, META-INF, libs file;
Calsses1.dex and classes2.dex are transferred to the second-level directory jiagu_data texts of assets files
Under part folder;
Random generation key token, using the key token generated at random under jiagu_data files
Calsses1.dex, classes2.dex file are encrypted using aes algorithm, and core code is protected;
Encryption dynamic base shell_jiagu.so is stored in libs files, and by customized classes.dex
File, put and substitute original calsses1.dex and classes2.dex under the root directory;
Self defining programm entrance in Manifest is transferred to real program entry, on startup customized
Application changes real appplication into;The resource files such as the xml and png pictures under res files are mixed
Confuse, used andresguard obfuscated codes, with reference to configuration file andreshuard.xml and resource_
Mapping.txt, protection is obscured resource file.
Step S30, return compiling, signature and packing.
With all files protected of apktool packings, the APK newly to pack is signed with ready key,
A brand-new shielded APK file is thus generated, with unprotected preceding APK file contrast:Calsses1.dex and
Classes2.dex not under the root directory, but is transferred under assets below second-level directory jiagu_data files, and
Encryption, is a customized classes.dex file instead of it, more dynamic base shell_ of loading decryption in libs storehouses
jiagu.so。
Two dex of subpackage (calsses1.dex and classes2.dex) transfer proposed by the invention and encryption duplicate protection
Method, it is entirely different with traditional APK structures, it is impossible to by success decompiling inversely see core code, so as to protect weight
The confidentiality of data is wanted, serves the effect of anti-decompiling.Shielded APK is operated using reverse instrument, it is impossible to obtain
Real sound code file is got, illustrates to be effectively protected our installation kit, while it also avoid to being put into evil after unpacking
Code of anticipating is taken precautions against, so as to protect the integrality of installation kit.
The present invention also discloses a kind of storage device, institute on the basis of the tamper resistant method of above-mentioned Android installation kits
State storage device and be stored with computer program, the computer program can be performed to realize described Android installation kits
Tamper resistant method.
The present invention discloses a kind of tamper resistant device of Android installation kits on the basis of above-mentioned tamper resistant method, such as
Shown in Fig. 3, including:Processor 110 and the storage device 120 with the processor 110 communication connection;
The storage device 120 is stored with computer program, and the computer program realizes institute when being performed by processor 110
The tamper resistant method for the Android installation kits stated;
The processor 110, for calling the computer program in the storage device, to perform above-mentioned Android
The tamper resistant method of installation kit.
The invention provides a kind of tamper resistant method, storage device and the device of Android installation kits, pass through by
Android installation kits APK file is decompressed, and the maindexlist files subpackage wherein contained is exported into calsses1.dex texts
Part and classes2.dex files;The calsses1.dex files and classes2.dex files are transferred to second-level directory
Under, and be encrypted;Customized calsses.dex files are created, and position is replaced using the calsses.dex files
Calsses1.dex files and classes2.dex files under root;Compiling is returned to Android installation kits, it is raw after packing
Cheng Xin installation kit.Tamper resistant method of the present invention, by the core document in installation kit is shifted and encryption at
Reason, is avoided to being put into malicious code resistance after unpacking, so as to protect the integrality of installation kit.
It is understood that for those of ordinary skills, can be with technique according to the invention scheme and its hair
Bright design is subject to equivalent substitution or change, and all these changes or replacement should all belong to the guarantor of appended claims of the invention
Protect scope.
Claims (9)
1. a kind of tamper resistant method of Android installation kits, it is characterised in that comprise the following steps:
Step A, Android installation kits APK file is decompressed, and the maindexlist files subpackage wherein contained is exported
Calsses1.dex files and classes2.dex files;
Step B, the calsses1.dex files and classes2.dex files are transferred under second-level directory, and are encrypted
Preserved after processing;
Step C, customized calsses.dex files are created, and is replaced using the calsses.dex files and is located at root
Under calsses1.dex files and classes2.dex files;
Step D, compiling is returned to Android installation kits, new installation kit is generated after packing.
2. the tamper resistant method of Android installation kits according to claim 1, it is characterised in that before the step A also
Including:
Step A01, it is arranged in advance by Android installation kit APK files are self-defined:
Two classes.dex files containing classes1.dex and classes2.dex in maindexlist files;
And included in the classes1.dex files:Start page and the necessary class of application initialization, and it is described
Other classes.dex fileinfos for removing and containing in classes1.dex files are included in classes2.dex files.
3. the tamper resistant method of Android installation kits according to claim 2, it is characterised in that the step A is also wrapped
Include:
Step A1, decompress the APK file that compiles out, obtain Manifest.xml files, calsses1.dex files and
Classes2.dex files, and assets files, META-INF files and libs files.
4. the tamper resistant method of Android installation kits according to claim 3, it is characterised in that the step B is also wrapped
Include:
Step B1, calsses1.dex and classes2.dex are transferred under the second-level directory file of assets files,
The calsses1.dex files and classes2.dex texts under root are replaced using self-defined calsses.dex files simultaneously
Part;
Step B2, aes algorithm is carried out to calsses1.dex files and classes2.dex files using random generation key to add
It is close.
5. the tamper resistant method of Android installation kits according to claim 4, it is characterised in that after the step A01
Also include:
Step A02, it is arranged in advance by Android installation kit APK files are self-defined:
Encryption dynamic base is set under the libs files;
The step B also includes:
Step B3, using the encryption dynamic base to the calsses1.dex files and classes2.dex files after encryption
Carry out loading decryption.
6. the tamper resistant method of Android installation kits according to claim 5, it is characterised in that the step C and step
Also include between D:
Step D0, using obfuscated codes, and the resource file under res files is carried out to obscure processing with reference to configuration file.
7. the tamper resistant method of Android installation kits according to claim 6, it is characterised in that after the step B3
Also include:
Step B4, the second-level directory file for the assets files for being transferred to startup program entrance in Manifest.xml files
Under folder.
8. a kind of storage device, it is characterised in that the storage device is stored with computer program, and the computer program can
It is performed to realize the tamper resistant method of the Android installation kits as described in any one of claim 1 to 7.
A kind of 9. tamper resistant device of Android installation kits, it is characterised in that including:Processor and with the processor communication
The storage device of connection;
The storage device is stored with computer program, and the computer program realizes claim 1 to 7 when being executed by processor
The tamper resistant method of Android installation kits described in any one;
The processor, it is any to perform the claims 1 to 7 for calling the computer program in the storage device
The tamper resistant method of Android installation kits described in.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710750552.8A CN107609394A (en) | 2017-08-28 | 2017-08-28 | Tamper resistant method, storage device and the device of Android installation kits |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710750552.8A CN107609394A (en) | 2017-08-28 | 2017-08-28 | Tamper resistant method, storage device and the device of Android installation kits |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN107609394A true CN107609394A (en) | 2018-01-19 |
Family
ID=61056301
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710750552.8A Pending CN107609394A (en) | 2017-08-28 | 2017-08-28 | Tamper resistant method, storage device and the device of Android installation kits |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107609394A (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109033765A (en) * | 2018-08-07 | 2018-12-18 | 麒麟合盛网络技术股份有限公司 | The treating method and apparatus of application installation package |
| CN109582315A (en) * | 2018-10-26 | 2019-04-05 | 北京百度网讯科技有限公司 | Service privatization method, apparatus, computer equipment and storage medium |
| CN109858203A (en) * | 2018-12-21 | 2019-06-07 | 厦门市美亚柏科信息股份有限公司 | A kind of safety protecting method, device and the storage medium of Android platform application |
| CN110618967A (en) * | 2019-06-13 | 2019-12-27 | 北京无限光场科技有限公司 | Application program running method, installation package generating method, device, equipment and medium |
| CN112083953A (en) * | 2020-08-26 | 2020-12-15 | 武汉普利商用机器有限公司 | Android application program construction method and device |
| CN112379890A (en) * | 2020-12-04 | 2021-02-19 | 深圳麦风科技有限公司 | Data copying method of Whatsapp |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104408337A (en) * | 2014-11-18 | 2015-03-11 | 刘鹏 | Reinforcement method for preventing reverse of APK (Android package) file |
| WO2015192637A1 (en) * | 2014-06-17 | 2015-12-23 | 北京奇虎科技有限公司 | Method and apparatus for reinforced protection of software installation package |
| CN106650330A (en) * | 2016-12-22 | 2017-05-10 | 合肥国信车联网研究院有限公司 | Android application software reinforcement protection method based on DexClassloader |
| CN106775842A (en) * | 2016-11-30 | 2017-05-31 | 北京酷我科技有限公司 | A kind of method of the dex subpackages that can customize |
-
2017
- 2017-08-28 CN CN201710750552.8A patent/CN107609394A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2015192637A1 (en) * | 2014-06-17 | 2015-12-23 | 北京奇虎科技有限公司 | Method and apparatus for reinforced protection of software installation package |
| CN104408337A (en) * | 2014-11-18 | 2015-03-11 | 刘鹏 | Reinforcement method for preventing reverse of APK (Android package) file |
| CN106775842A (en) * | 2016-11-30 | 2017-05-31 | 北京酷我科技有限公司 | A kind of method of the dex subpackages that can customize |
| CN106650330A (en) * | 2016-12-22 | 2017-05-10 | 合肥国信车联网研究院有限公司 | Android application software reinforcement protection method based on DexClassloader |
Non-Patent Citations (1)
| Title |
|---|
| 李萍: "Android应用防篡改机制的研究", 《天津中德职业技术学院学报》 * |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109033765A (en) * | 2018-08-07 | 2018-12-18 | 麒麟合盛网络技术股份有限公司 | The treating method and apparatus of application installation package |
| CN109582315A (en) * | 2018-10-26 | 2019-04-05 | 北京百度网讯科技有限公司 | Service privatization method, apparatus, computer equipment and storage medium |
| CN109858203A (en) * | 2018-12-21 | 2019-06-07 | 厦门市美亚柏科信息股份有限公司 | A kind of safety protecting method, device and the storage medium of Android platform application |
| CN110618967A (en) * | 2019-06-13 | 2019-12-27 | 北京无限光场科技有限公司 | Application program running method, installation package generating method, device, equipment and medium |
| CN112083953A (en) * | 2020-08-26 | 2020-12-15 | 武汉普利商用机器有限公司 | Android application program construction method and device |
| CN112379890A (en) * | 2020-12-04 | 2021-02-19 | 深圳麦风科技有限公司 | Data copying method of Whatsapp |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107609394A (en) | Tamper resistant method, storage device and the device of Android installation kits | |
| KR101471589B1 (en) | Method for Providing Security for Common Intermediate Language Program | |
| CN104239757B (en) | Application program reversing-preventing method and device and operation method and terminal | |
| WO2016078130A1 (en) | Dynamic loading method for preventing reverse of apk file | |
| CN104408337A (en) | Reinforcement method for preventing reverse of APK (Android package) file | |
| US20170116410A1 (en) | Software protection | |
| CN103530535A (en) | Shell adding and removing method for Android platform application program protection | |
| Piao et al. | Server‐based code obfuscation scheme for APK tamper detection | |
| CN104317625A (en) | Dynamic loading method for APK files | |
| CN107273723B (en) | So file shell adding-based Android platform application software protection method | |
| CN104268444A (en) | Cloud OS Java source code protection method | |
| CN104866739A (en) | Application program encryption method and application program encryption system in Android system | |
| US20170242986A1 (en) | Method and system for providing cloud-based application security service | |
| CN111191195A (en) | Method and device for protecting APK | |
| CN108399319A (en) | Source code guard method, application server and computer readable storage medium | |
| US10867017B2 (en) | Apparatus and method of providing security and apparatus and method of executing security for common intermediate language | |
| WO2015154436A1 (en) | Data processing method and device | |
| US9292708B2 (en) | Protection of interpreted source code in virtual appliances | |
| CN108133147B (en) | Method and device for protecting executable code and readable storage medium | |
| KR101734663B1 (en) | Method for preventing reverse engineering of android application and apparatus for performing the method | |
| CN109241707A (en) | Application program obscures method, apparatus and server | |
| KR101863325B1 (en) | Method and apparatus for preventing reverse engineering | |
| KR101749209B1 (en) | Method and apparatus for hiding information of application, and method and apparatus for executing application | |
| JP2008040853A (en) | Application execution method and application execution device | |
| JP2013228814A (en) | Distribution execution method for application program capable of falsification detection |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20180119 |