Summary of Android software protection measures

1 Prevent static analysis

  1. against the anti-compiler tools: through a large number of apk package testing can not find anti-compiled instructions or fields, these fields or instructions used in the development of the code to prevent others from decompiling methods: apktool and dex2jar tools and a large number of APK Do verification tests to find these programs can not resolve the field or code.

  2. the code obfuscation technology: code development using confusing technology, making the decompile code and methods are used a, b, c letters instead of increasing the difficulty of reverse analysis crack, method android comes with proguard can be achieved.

  3. NDK protection: Java development of the code is extremely easy to decompile and reverse, and the use of c / c ++ development. So libraries need to view the assembly code in order to reverse the reduction, the more difficult, methods: the use of NDK development of core code.

  4. shell protection: .so file can be used to protect the compressed encryption shell, method: the use of arm-linux kernel procedures can be achieved with shell tools.

2 To prevent dynamic debugging

Check the governor, check the simulator, the direct use of SDK API function checksum can be checked.

3 Prevent re-packaging

Signature verification: Call sdk api to get signature information Write signature verification at the beginning of the program to verify whether the signature was re-modified.

Check protection: record crx xx.dex checksum, stored in a string file or stored on the network, the code to verify the comparison to ensure that the dex file has not been modified.

reference articles: