当前位置:网站首页>The ark compiler is coming. What about APK reinforcement
The ark compiler is coming. What about APK reinforcement
2022-07-24 19:22:00 【senseshield】
Here comes the ark compiler ,apk The code in all becomes so The file , How to reinforce it ?
Warmly welcome the launch and open source of ark compiler !
According to the architecture diagram of ark compiler released by Huawei , After applying the ark compiler , The output becomes a binary file , Add the compiler runtime library and finally link it to an executable . class Linux The executable file of the system generally refers to the binary file without suffix ( Corresponding Windows Under the .exe file ) and .so file ( Corresponding Windows Under the .dll file ). Huawei officials say that the ark compiler can improve the operation fluency of the system 24%、 Improved system responsiveness 44%、 Third party application operation fluency improvement 60%. So much performance improvement , It's a trend of unifying the Jianghu . So-called : Who is the peak at the end of optimization , See the ark road empty !
Given that all kinds of illegal products on Android platform are extremely rampant , General application software developers should put their own apk The software package will be released after reinforcement . And when it comes to apk strengthening , It's mainly about dex File encryption .dex yes Android On the platform (Dalvik/Art virtual machine ) The executable of , amount to Windows Platform exe file , Every Apk There are... In the installation package dex file , It contains the app All the code for , You can get the corresponding java Source code .dex File encryption is apk The core problem of reinforcement . So here comes the question , Ark compiler directly put Java Code becomes local code ( .so file ) 了 ,apk The center of gravity of reinforcement will turn to so File shell . Then we have ready-made so Shelling Technology ? The existing so Can the shell technology ensure the safety of our application ? Cite existing ones based on dex Of apk Shell technology , take so Kujiahu also makes a generational introduction
| generational | principle | Cracking method |
|---|---|---|
| 1.1 | Yes so Overall file encryption , establish Loader, so File run time loader First run , Decryption of ciphertext , Restore the original program | difficulty *, Direct hook ,dump Clear text in memory can be obtained so file , Simply fix it . |
| 1.2 | Function level encryption . Encrypt each function separately , Replace the original function with the transfer function , Transfer function to decrypt , And write the plaintext of the original function back to the original address | difficulty *, You need to run each function once before dump, And repair |
| 1.3 | Function level encryption . Encrypt each function separately , Replace the original function with the transfer function , Transfer function to decrypt , And distribute the plaintext of the original function on the heap | difficulty **, The operation process needs to be analyzed , Hook the encryption function , And find the corresponding plaintext address , Again dump+ Repair |
| 2 | class ollvm Code obfuscation Open source based on Apple LLVM frame , Magic reform clang compiler , In the compilation process IR( Intermediate code ) Level to do confusion . Let software developers use magic revision clang compiler . Get confused so file . See Appendix for common confusion means . | difficulty ***, Only the code is deformed , No hidden code , Just a lot of garbage in the code , It's a lot more complicated , It increases the difficulty of algorithm analysis . Decompilation cannot be prevented , Basically used ida It can be decompiled into C The language code , It's easy to analyze . |
| 2.5 | be based on LLVM Code virtualization . use LLVM The basic library constructs virtual machine instructions handler, Avoid the diversity of back-end instructions , In the absence of specific CPU Realize virtualization under the premise of . Because the ark compiler is open source , And there are also intermediate IR Express , It is conceivable that confusion and virtualization technologies of the same principle will also emerge . | difficulty ***+, Compared with confusion , Code logic is deeply hidden , But not so handler It can be decompiled into C Language , The difficulty of analysis is not high . But code logic is hidden in virtual instructions , Algorithm restoration is more complex . |
| 3 | Native code confusion . Direct pair so The binary code in the file is confused .2 The means used in shell substitution can also be used here . A set of confusion methods should be developed separately for different instructions , Do not have 2 Platform universality of generation . But because it is a compilation / Bytecode level confusion , You can insert various uncommon instructions at will , More flexible means , The code is more complex . | difficulty ****, All kinds of unexpected instructions and applications may appear .ida Basically, it cannot be decompiled into C The language code . Although it doesn't really hide the code , But various address transformations and jump instructions are combined , There is no good way to find the object code . It is more difficult to crack than ollvm Go up one level . |
| 4 | Local code virtualization . Direct pair so The binary code in the file is virtualized . | difficulty *****, At the same time have 2.5 and 3 Characteristics , Extremely difficult to crack . Think about it and have a headache . |
Commercial product analysis
- 1 generation :upx
- 2 generation : be based on ollvm Internet products : Bang bang 、 Love encryption 、360、 tencent 、 NetEase 、 Baidu … The so-called security compilers are
- 2.5 Bang bang (SI2S Security compiler )、 Think about it (Virbox Compiler)
- 3 generation : Think about it -VirboxProtector
- 4 generation : nothing .
summary
There is never love without reason in the world , There is no hatred for no reason . Any tall technology is not a castle in the air . The launch of ark compiler has greatly changed the Android ecosystem , But we don't have to panic about it . The deep technical accumulation of security technology companies is enough to cope with the changes brought about by this .
appendix
- ollvm Common confusion means
- Control flow flattening This model is mainly to put some if-else sentence , Nested into do-while sentence
- Instruction substitution This mode mainly uses functionally equivalent but more complex instruction sequences
- False control process This pattern mainly embeds several layers of judgment logic , A simple operation will be on several layers of bread if-else Reference documents :《OLLVM Code confusion transplantation and use 》
边栏推荐
- Pyhanlp installation tutorial
- Free and open source website navigation source code collection, sorting and summary - self built personal navigation Homepage
- 【JVM学习03】类加载与字节码技术
- Zooinspector Download
- MySQL sort. Sort by field value
- Arrays
- [untitled]
- Colon sorting code implementation
- day 3
- [Huawei lyevk-3861a intelligent IOT development board evaluation] unpacking experience and Hisilicon hi3861v100 chip learning experience
猜你喜欢
MySQL1
Implement a proxy pool from 0
OPENGL学习(二)OPENGL渲染管线
LTSpice software power settings
Leetcode652 finding duplicate subtrees
拿捏C指针
This visual analysis library makes it easy for you to play with data science!
Why is gradient the fastest changing direction of function
How does PostgreSQL decide PG's backup strategy
asp. Net coree file upload and download example
随机推荐
Environment preparation of Nacos configuration center
拦截器和过滤器
Tencent Browser service TBS usage
mysql排序.按字段值排序
How to convert the world coordinates of unity's camera into view matrix
OpenGL learning (IV) glut 3D image rendering
Unity框架之ConfigManager【Json配置文件读写】
On July 31, 2022, the dama-cdga/cdgp data governance certification class was opened!
思源笔记 v2.1.2 同步问题
MySQL sort. Sort by field value
Configmanager of unity framework [JSON configuration file reading and writing]
Biopharmaceutical safety, power supply and production guarantee
2022 Hangzhou Electric Multi school first Dragon Slayer (dfs+ state compression)
MySQL version 5.7.9 SQL_ mode=only_ full_ group_ By question
Leetcode652 finding duplicate subtrees
Mysql database, subquery, union, limit
Convolutional Neural Networks in TensorFlow quizs on Coursera
[laser principle and application -6]:q switching element and Q drive circuit board
[JVM learning 03] class loading and bytecode Technology
This visual analysis library makes it easy for you to play with data science!