[original] summary to prevent APK decompiler tool, two packing etc.

Before a thread is about how to solve the APK in the forum to see. . .
I understand that APK is really good fragile, easy to be decompiled.. Hard to write code to be so easy to get the total felt a little uncomfortable. . .
Then began to study how to how to protect APK is not decompile, prevent the two package. .
Through this period of time on the Internet to find information and technology. Study and pointing out some protection of APK method . . .

Preparation work:
1. To protect the APK security must first understand your own APK in the end how unsafe.
This post is before a large cattle hair forum.. You can go to understand APK how unsafe. . .
2. Decompilation tools take the most classical Niubi the most commonly used APKTool to test. .

Started by Katrina at February 06, 2016 - 12:21 AM

The first way: pseudo encryption
This method is in line to see the
The source address is: ;mode=threaded

APK on PC is seen as a compressed file format in the mobile phone, it even if an executable file format... There is also the difference between the read request two forms of it, so that to achieve the pseudo encryption using the difference... The PC end is pseudo encrypted APK couldn't be unpacked cannot be decompiled but for the Android system, it will not affect the normal operation of the installation (in 4.2 previous)... So the pseudo encryption can prevent PC end 100% unpacking, view and does not affect the normal operation of software on a mobile phone. .

Theory of pseudo encryption: read APK bytes, got 4 consecutive bytes marked as "P K 0102" after the fifth byte, if 0 means no encryption, if it is 1 that encryption (pseudo encryption is forced into 1 anti-counterfeiting encryption is the 1 to 0 can be). .

Posted by Katrina at February 18, 2016 - 12:58 AM

To learn about

Posted by Andre at February 19, 2016 - 1:05 AM

The code does not leave, the link with java code, thought to. .
In accordance with their own ideas to write the code, just for a APK comparison chart pseudo before encryption and pseudo encrypted as follows:
Pseudo before encryption:


Pseudo encrypted:



Comparison chart shows pseudo encryption benefits.~~~~

Posted by Katrina at February 28, 2016 - 1:13 AM

Pseudo encryption is better known in the prior to the release of the Android 4.2 system, see a lot of developers to use him, this approach is compatible with less than 4.2 system.
This encryption method may also affect the upload market, because the market need to disassemble packet inspection authority encryption cannot be removed package estimated market will prompt an invalid APK file what. .

Second measures: document destruction APK compression (landlord own Oh)
APK can be seen as a compressed file on PC, in the Android system. It is a mobile phone system software files. Android system identification of APK from head to tail logo signs, other redundant data will be ignored. So to add other data on the APK as a compressed file PC end the file has been damaged in the logo tail, so you need to decompress the or view will prompt file has been corrupted, with anti compiler tool will prompt file is corrupted, but it has no effect in the Android system and the normal operation of installation but also compatible to all systems.
But the APK compressed and destroy the existing APK pseudo encryption the same problem, the individual market will not lead to the identification of market can not upload. The use of compressed file repair tool can protect it repair so that we do.

Posted by Katrina at March 09, 2016 - 3:00 AM

Code APK. .


I don't have specific results screenshot... The results were similar with pseudo encryption.. It is compatible to all systems. .

The first explosion 2 method.. Wait for the interested to hate and then I'll continue to talk about other ways. . . .

Posted by Katrina at March 15, 2016 - 3:17 AM

Great for communication

Posted by Todd at March 16, 2016 - 3:55 AM

You always do on a zip article, flower instructions to consider.

Posted by Broderick at March 20, 2016 - 4:04 AM

Take command is what I want to say to protect. .
Was ready for
1 tools to prevent decompile
The 2 code obfuscation
Verification of 3 operation
4 prevent memory modification
4 methods of... The results found that people who are interested in not much is not updated power.

Posted by Katrina at March 28, 2016 - 4:34 AM

Take command is code obfuscation... But take a command I said, is mainly to prevent the tool to view the source code, is to use flowers instruction ideas.. Because the flower is the compilation command source.. I this just imitate that train of thought. .

Posted by Katrina at April 01, 2016 - 5:23 AM

Good point. You have a point there

Posted by Broderick at April 14, 2016 - 6:19 AM

I do a apkbus expert forum on APK security. .
Interested can go to have a look to have any problem can ask questions

Posted by Katrina at April 18, 2016 - 6:47 AM

Admiration.!!!!

Posted by Steven at April 19, 2016 - 7:14 AM

Looking forward to the follow-up method

Posted by Merle at April 23, 2016 - 7:17 AM

Not ready to update the,, now for the online interaction in this address, was talking about the APK protection... If you have time you can come to this site protection methods are discussed and the learning I update. . .

Posted by Katrina at December 20, 2016 - 9:42 PM

Admire, very powerful

Posted by Frederica at December 25, 2016 - 10:02 PM

Have over there

Posted by Merle at January 01, 2017 - 12:14 AM

The station even, or CSDN.

Posted by Broderick at January 04, 2017 - 10:36 PM

Okay. From there the invitation.. If I can have time to reprint. .

Posted by Katrina at January 05, 2017 - 10:30 PM

Due to the apkbus forum responsible person's invitation, for there opened an expert forum post to you on the protection of apk.. The post CSDN specification, a one-time only continuous hair 3 posts, resulting in no way to reprint... I can make the content of the post also here a if friends help.. I explain the contents are summarized as follows:
APK protection method:
1. To prevent the decompiler tool
a) Pseudo encryption
b) APK compressed vandalism
c) Material in the picture vandalism
The 2 code obfuscation
a) Take command in source code stolen increase hacker reading difficulty
b) Folders (files confuse.2 official version folder named try not to be too formal)
Verification of 3 operation
a) Various methods for signature verification
4 prevent memory modification
a) How to prevent the "eight door" through the magic of memory data
...
If friends help, help reproduced or help in continuous hair 3 stick back to a post.. You can contact me.. I can immediately send the posts are made to this post a

Posted by Katrina at January 11, 2017 - 11:23 PM

APK protection method two: code confusion - flower orders
There are some flowers instructions in a program of instructions, by the designer special conception, hope to make anti compilation error, let the user can't correctly disassembler content, lost. [instructions] spend this word to the assembly language, the idea is very good.. [instructions] spend another purpose is to use the tool to decompile loopholes, to make the tool cannot be used. Next we will in the Java code [spend] manufacturing instructions, make decompilation tools (jd-gui) cannot be compiled query your Java code. . .
Jd-gui bug is actually very much.. Many a particular piece of code or set of fields can let its collapse not anti compile the source code. . .
For example:
private static final char[] wJ = "0123456789abcdef".toCharArray();
public static String imsi = "204046330839890";
public static String p = "0";
public static String keyword = "Telephone";
public static String tranlateKeyword = "%E7%94%B5%E8%AF%9D";
Join the above fields in each class.... You'll find out the decompiled class by jd-gui to view the results after. .

Posted by Katrina at January 12, 2017 - 12:08 AM