Shulou(Shulou.com)06/01 Report--

The first generation of the second generation of the third generation of the fourth generation of the fifth generation of technical route dex transparent encryption and decryption technology function-level proxy technology so file shell technology code obfuscation and virtualization technology security container technology design ideas for each or each group of executable files shell encryption, increase complexity, so that the cracker because of complexity can not crack, know the difficulty and retreat. The core idea of the technical principle is to encrypt the dex file to be protected and pack it into APK, decrypt the dex and load it into memory when needed, and then delete the decrypted plaintext file, or decrypt it dynamically directly in memory without releasing it to the file system. For the first generation technology can be dumped memory problems for improvement, the principle is to load only a function agent module in memory, when APP needs to use some functions by the agent module to find the function to achieve the real function, find the function and call the execution result back to APP, function agent module relative to a middleman role. Because java layer protection is always limited by java virtual machine, can not prevent custom java virtual machine ***, so the third generation technology will move the protection to the lower so file, by encapsulating the core code into the so file, while the so file shell protection, and absorb the advantages of the first generation and second generation technology, so file encryption and anti-memory dump processing. The fourth generation technology moves the protection body to a more granular function layer, obfuscates and virtualizes the code at compile time through custom compilers, hides the real business logic, and increases the difficulty of reverse analysis. The core idea of the fifth generation of reinforcement technology is to make it impossible for the user to get physical files, to run any decompilation tools in the system, and naturally to crack, fundamentally solving the problem of APP cracking; its implementation principle is to use encrypted container technology to build a container closely coupled with the operating system, so that APP runs in the container, the container is physically isolated from the outside, and the whitelist runs APP in the container. The outside world cannot directly access the APP and so files in the container. Disadvantages Direct encryption and decryption of dex files, simple and direct logic, easy to implement. Fixed the memory dump problem. Moving core code from java layer to so layer increases the difficulty of cracking. Individual functions can be protected for more flexible configuration. APP file is always in the encrypted container, *** can not get so file, naturally can not crack, and at the same time compatible with the first four generations of technology, can be used together. Disadvantages Because dex files eventually need to be decrypted and loaded into memory, plaintext data can be obtained by dumping memory. the technical implementation is complex and the compatibility is poor. Since the technique still uses the Java VM to execute all functions, the user can retrieve plaintext code by modifying the Java VM to record all real functions found by the proxy module. With the development of hulling technology and the appearance of automatic hulling technology, the effect of this protective measure is getting worse and worse. Because code obfuscation and virtualization protection add extra business logic, APP performance decreases and volume increases; and this technology does not prevent program critical verification logic from being blown up. The container runtime environment needs to be installed in the operating system, and the operating system control right is required. It must be deployed before shipment or installed by our own technicians. Hardening hierarchy java layer java layer so layer java layer/so layer so layer Hardening intervention point in time during/after development completion during/after development completion whether to change the IDE environment does not change does not change need to change the IDE environment, use a third party compiler compile code does not change whether debugging affects impact does not affect ** whether to access the file entity Yes Because all files are in the container, *** Unable to get files Whether OS middleware is required No need to install OS middleware to run containers Applicable scenarios Suitable for scenarios where security is increased when independent apps are released, and absolute control of operating systems and devices is not required. Such as mobile phone applications, games, or other individually installed software. Suitable for scenarios with absolute control of the operating system, or other scenarios that are more fixed. Android application decompilation suitable suitable Naga Love Encryption, KiD, 360 Hardened Treasure, Top Elephant, Naga Convince CBS

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.