There are four main ways to realize anti-cracking technology:?
1.ProGuard technology?
2. Signature matching technology?
3.NDK。 What about dynamic library technology?
4. Dynamic loading technology?
5. Third-party platform encryption and vulnerability detection
Is this here? How does Android security decompile encrypted apk package? Related knowledge points are also mentioned in this paper.
The first type: code obfuscation technology (ProGuard) This technology mainly confuses the code and reduces the readability of the code after reverse compilation. But this technology can't prevent the shell technology from being shelled (adding viruses, advertisements and other codes). ), and as long as people are careful, they can still analyze the code in reverse, so this technology does not fundamentally solve the problem of cracking, but only increases the difficulty of cracking.
The second type: signature comparison technology. This technology is mainly to prevent the shell technology from being shelled, but the risk of code reverse analysis still exists. Moreover, this technology cannot fundamentally solve the problem of being bombarded. If the cracker annotates the signature comparison code and compiles it back, the technology will be cracked.
The third type: NDK. So dynamic library technology is to put all the important core codes in a C file, compile the core codes into a. so dynamic library through NDK technology, and then call them by JNI. Although this technology can protect the core code, the risk of being bombarded still exists.
Fourthly, dynamic loading technology, which is mature in Java, has not been fully utilized in Android.
Fifth: the use of third-party platforms
This paper mainly explains the fourth method, which can effectively prevent reverse analysis, cracking, shelling and other problems. Dynamic loading technology is divided into the following steps:
Compile the core code into Jar package of dex file
Encrypt jar package.
Decrypt the program at the main entrance by NDK.
Then use ClassLoader to dynamically load jar packages.
Use reflection technology to set ClassLoader as the classloader of the system.