现在的位置: 首页 > java > android > 正文
安卓防止反编译
2016年04月19日 android ⁄ 共 5453字 暂无评论
众所周知安卓很容易被反编译,即使做了防止反编译处理许多代码也可以看的到,目前用的比较多的手段是jni,即:把核心代码放到c++中,然后做出so库,这样的话安全性提高不少,但如果不对so库进行特殊处理的话,通过查看反编译后的java代码就会推测出你定义的调用so库的接口,别人就可以仿造你的接口,然后调用你的so库。
其实我们可以再每次调用so库时都在so库中的函数中判断一下安卓的公钥是不是你的,从而阻止他们使用你的so库,具体代码及工程如下
 
#include"com_example_singjni_MainActivity.h" #include #include // //获取公钥的java代码 //public void getSingInfo() { // try { // String pn=getPackageName(); // // PackageInfo packageInfo = getPackageManager().getPackageInfo( // pn, PackageManager.GET_SIGNATURES); // Signature[] signs = packageInfo.signatures; // Signature sign = signs[0]; // parseSignature(sign.toByteArray()); // } catch (Exception e) { // e.printStackTrace(); // } // } // // public void parseSignature(byte[] signature) { // ByteArrayInputStream bi=new ByteArrayInputStream(signature); // try { // CertificateFactory certFactory = CertificateFactory // .getInstance("X.509"); // X509Certificate cert = (X509Certificate) certFactory // .generateCertificate(new ByteArrayInputStream(signature)); // String pubKey = cert.getPublicKey().toString(); // String signNumber = cert.getSerialNumber().toString(); // // // System.out.println("signName:" + cert.getSigAlgName()); // System.out.println("pubKey:" + pubKey); // System.out.println("signNumber:" + signNumber); // System.out.println("subjectDN:"+cert.getSubjectDN().toString()); // } catch ( Exception e) { // e.printStackTrace(); // } // } //核心代码如下 ,其他可以忽略 JNIEXPORT jstring JNICALL Java_com_example_singjni_MainActivity_sing__Landroid_content_Context_2 (JNIEnv * env, jobject ob1, jobject thiz){ jclass thisClass=env->GetObjectClass(thiz); jmethodID getPNId=env->GetMethodID(thisClass,"getPackageName","()Ljava/lang/String;"); jstring packName=(jstring)env->CallObjectMethod(thiz,getPNId); jmethodID getPMId=env->GetMethodID(thisClass,"getPackageManager","()Landroid/content/pm/PackageManager;"); jobject packManger=env->CallObjectMethod(thiz,getPMId); jmethodID getPIId=env->GetMethodID(env->GetObjectClass(packManger),"getPackageInfo","(Ljava/lang/String;I)Landroid/content/pm/PackageInfo;"); jobject packageInfo=env->CallObjectMethod(packManger,getPIId,packName,0x00000040); jfieldID signaturesId=env->GetFieldID(env->GetObjectClass(packageInfo),"signatures","[Landroid/content/pm/Signature;"); jobject signatures=env->GetObjectField(packageInfo,signaturesId); jobjectArray signaturesArray=(jobjectArray)signatures; //signature=signs[0] jobject signature=env->GetObjectArrayElement(signaturesArray,0); jmethodID signatureBytesMId=env->GetMethodID(env->GetObjectClass(signature),"toByteArray","()[B"); //sign.toByteArray() jobject signatureBytes=env->CallObjectMethod(signature,signatureBytesMId); ///////////////// public void parseSignature(byte[] signature) {}///////////////////////////////////////////////////////////////// jclass certificateFactoryClass=env->FindClass("java/security/cert/CertificateFactory"); jmethodID getInstanceMId=env->GetStaticMethodID(certificateFactoryClass,"getInstance","(Ljava/lang/String;)Ljava/security/cert/CertificateFactory;"); jobject certFactory=env->CallStaticObjectMethod(certificateFactoryClass,getInstanceMId,env->NewStringUTF("X.509")); /////////////////////////////////// jclass byteInStreamClass=env->FindClass("java/io/ByteArrayInputStream"); jmethodID byteArrayInStreamConMId= env->GetMethodID(byteInStreamClass,"","([B)V"); jobject byteArrayInStream=env->NewObject(byteInStreamClass,byteArrayInStreamConMId,signatureBytes); jmethodID generateCertificateMId=env->GetMethodID(certificateFactoryClass,"generateCertificate","(Ljava/io/InputStream;)Ljava/security/cert/Certificate;"); jobject certificate=env->CallObjectMethod(certFactory,generateCertificateMId,byteArrayInStream); jmethodID getPKMId=env->GetMethodID(env->GetObjectClass(certificate),"getPublicKey","()Ljava/security/PublicKey;"); jobject publicKey=env->CallObjectMethod(certificate,getPKMId); jmethodID toStringMId=env->GetMethodID(env->GetObjectClass(publicKey),"toString","()Ljava/lang/String;"); jstring publickeyStr=(jstring)env->CallObjectMethod(publicKey,toStringMId); /////////////////////// jmethodID equalsMId=env->GetMethodID(env->GetObjectClass(publickeyStr),"equals","(Ljava/lang/Object;)Z"); jboolean isCorrect=env->CallBooleanMethod(publickeyStr,equalsMId,env->NewStringUTF("OpenSSLRSAPublicKey{modulus=123..你的公钥...,publicExponent=10001}")); if(!isCorrect) return env->NewStringUTF( "wrong"); jstring jstr=env->NewStringUTF( "correct"); return jstr; } JNIEXPORT jstring JNICALL Java_com_example_singjni_MainActivity_sing (JNIEnv * env, jobject thiz){ jstring jstr=env->NewStringUTF( ""); return jstr; }
 
package com.example.singjni; import java.io.ByteArrayInputStream; import java.io.File; import java.lang.reflect.Constructor; import java.lang.reflect.Field; import java.lang.reflect.Method; import java.security.cert.Certificate; import java.security.cert.CertificateFactory; import java.security.cert.X509Certificate; import java.text.SimpleDateFormat; import java.util.Date; import android.app.Activity; import android.app.Application; import android.content.Context; import android.content.pm.PackageInfo; import android.content.pm.PackageManager; import android.content.pm.Signature; import android.os.Bundle; import android.util.DisplayMetrics; import android.widget.EditText; import android.widget.TextView; import android.widget.Toast; public class MainActivity extends Activity { static{ System.loadLibrary("jniso"); } EditText et; @Override protected void onCreate(Bundle savedInstanceState) { super.onCreate(savedInstanceState); setContentView(R.layout.activity_main); et=(EditText) findViewById(R.id.et); String s=sing(this); et.setText(s); System.out.println(s); } public native String sing(); public native String sing(Context context); }

http://pan.baidu.com/s/1slWqoED

给我留言

您必须 [ 登录 ] 才能发表留言!

×