Awesome Open Source
Awesome Open Source

English

中文

Reach high security with libsodium in Android

  • [x] I have no longer supported AES algorithms. If you still need it, check out tag: v2.2.

  • [x] Use CHACHA20 instead of AES. TLS1.3 has used CHACHA20 on mobile device too. It is high-performance for ARM architecture.

  • [x] Hide native function in JniOnload

  • [x] Use signature verification to avoid being packaged again (It is prevents that hacker call your jni method directly.)

  • [x] key exists in the symbol table, and hides the character table. This method has been deprecated due to discard reason issues5

  • [x] Get the key from a complex function, to hide the key, current function is a simple solution. (Complex solution: divide the Key into several pieces, store them in different C files, and finally splicing them together. This function should be complicated to write and increase the decompiling difficulty.)

  • [x] Use "obfuscator" to confuse C code, how to deobfuscate it?

  • [x] Supporting x86 of obfucation. A link at the bottom is tutorial for configuring obfucator.

  • [x] Anti-debugging. Currently, I put a simple solution into code but there are more complicated and more sophisticated solutions. I recommand determining whether it is traced in every encryption and decryption. You can add other complicated algorithm in your fork.

  • [x] Detecting device is emulator in runtime : The code comes from my another repo Check_Emulator_In_NDK

  • [ ] TODO: Prevent SO file being code injected

build & run it.

click to expand.
  1. preparation:

run the shell : aesjni/src/main/jni/build_libsodium_for_all_android_abi.sh

  1. click run app from Android Studio to look at logcat.

how to integrate it into your project?

click to expand. a. generating a chacha20 key:

run test_in_exexutaing.sh, and look at logcat. It will generate key and nonce. You can paste it into JNIEntry.c.

b. Set ndk.dir in local.properties. Some versions of NDK I have not tested. Maybe you will encounter build errors from that.

c. As you integrate into the project, please modify class name and method name, don't expose the name of encryption algorithm, modify the C function of key storage from my code.

d. Generate and modify signatures.

d.1. Generate keystore

# my generate record:
mkdir keystore
cd keystore/
keytool -genkey -alias client1 -keypass 123456 -keyalg RSA -keysize 1024 -validity 365 -storetype PKCS12 -keystore ./androidyuan.keystore

d.2. Modify hash of keystore and pkg-name in check_signature.h.

The hash which you can use this medthod: getSignature(), to get.

Please copy the keystore hashcode and package name into check_signature.h.

Remind: SO file will become bigger

unconfused so confused so

Confused SO file is three times the size of original SO file. If the size bother you, you can disable obfscator-lvvm. It is unnecessary.

In addition, what I have to tell you:

Because you need to do signature verification, I can't provide jcenter dependencies, pls forgive me!

Even though these code is very safe, I still against storing key in code.

To confuse native code, you need to modify the externalNativeBuild in the aesjni/build.gradle and configure the Obfuscator-LLVM under the NDK.

This is my NDK configuration obfuscator tutorial: Obfuscator-LLVM-4.0-BUILD-NDK.

And if you think configurating Obfuscator-LLVM is really difficult, I recommend using docker : github.com/nickdiego/docker-ollvm.

How do other languages ​​work together with encryption and decryption?

If you want to ask me,please click Gitter chat.

If you encounter crash, you can look into FigureOutJNICrash.md to find where code crash at.


Legal

If you live in China, you should take care of checking apk signature. I have called PackageManger that may be misunderstood to collect list of installed apps. You should look at 工信部整治八项违规.

Contributing

In case you would like to add information to this repository or suggest some ideas, please use one of the following options:

Contributor

https://github.com/larry19840909

https://github.com/zxp0505

https://github.com/baoyongzhang

Thanks

libsodium Algorithm from: https://github.com/jedisct1/libsodium

Native code obfuscator: obfuscation-o-llvm-ndk


Get A Weekly Email With Trending Projects For These Topics
No Spam. Unsubscribe easily at any time.
c (15,734
android (6,472
security (1,944
cmake (419
encryption (337
aes (69
decryption (46
ndk (45
obfuscator (35
libsodium (34