In recent years, the number of mobile APPs has shown an explosive growth, and black production has also shifted from the original PC end to the mobile end, and the accompanying reverse attack methods have become more and more sophisticated. Once the APP is distributed, it will be in an untrusted environment in some form, and it will inevitably be analyzed and cracked by interested people. Then the commercial interests or intellectual property rights of the original author are violated, so the reverse cracking of the application is one of the sources of commercial risks.
How easy can misappropriation and plagiarism be in the Internet environment?
First look at a wave of news headlines:
-
"The Beidou satellite navigation system is free worldwide, but because the counterfeit app charges 20 yuan, even the Chinese people misunderstand it"
-
"5 million people use counterfeit 12123 to investigate violations? High imitation APP is not just a scam”
-
"Attention: Xiaomi Finance was targeted by scammers and counterfeited. It is difficult to distinguish the authenticity from the counterfeit APP. Be vigilant! "
-
......
There are too many news like this. According to the detection data of the national Internet financial risk analysis technology platform, as of the end of May 2020, a total of 2,801 Internet financial counterfeit apps have been found, and the number of counterfeit apps has been downloaded as high as 3,343.7 times.
With the rapid growth of the number of mobile applications, for an APP, being copied and pirated has undoubtedly become one of the most troublesome and troublesome problems for every application developer.
In order to protect the company's APP security, I have used all the reinforcement products on the market
Recently, the company developed a new APP, and I tried all the mainstream reinforcement products in the market. Although both at home and abroad, there is a big gap. With the increase of the number of applications, the black industry on the mobile terminal is growing stronger and stronger, and the accompanying reverse attack methods are becoming more and more sophisticated. A large number of applications are facing security problems such as reverse attack cracking, intellectual property infringement, and secondary package signatures. .
In order to solve the above problems, the use of reinforcement technology is one of the most effective ways to resist reverse attacks. But can the current mobile terminal reinforcement technology really resist hacker attacks?
APP reinforcement technology function development and function realization
Through the development of APP reinforcement technology in the past few years, it has been continuously developed rapidly and iteratively, and the strength of reinforcement has also been continuously improved. The main experience of the development of hardening technology: dynamic loading, memory loading without landing, instruction extraction, instruction conversion, and virtual machine protection. Let's take a look at the functions that can be realized after the APP is strengthened!
Function realization after App reinforcement
1. String encryption: Randomly encrypt sensitive strings in the App's source code. The string is dynamically decrypted at runtime, so that attackers can be avoided, and key string information can be found through static reverse analysis using tools, so as to quickly locate the business code in the application.
2. Control flow flattening : Transform the execution control logic in the C\C++ code in the so file into a flat control logic, and perform deep obfuscation from the level of the abstract syntax tree, so that it can greatly reduce anti-compilation in common decompilation tools. The readability of compiling the reverse code increases the difficulty of analyzing the reverse code.
3. Instruction replacement : Perform equivalent conversion of the operation expressions in the code, so that it can be used in common decompilation tools, raise the threshold for reverse analysis of crackers, and effectively protect the original logic of the core algorithm.
4. Local variable name obfuscation : Obfuscate the variable name in the source code, and after obfuscation, the variable name becomes a meaningless name. This increases the intensity of analysis for the analyst.
5. Symbol obfuscation : Obfuscate the class names and function names in the App application, increasing the difficulty of direct analysis with tools, so that the decompilation and reverse tools cannot quickly locate the core code of the App directly through the class names and function names.
6. Diversification of obfuscation : Using randomness technology in the obfuscation process, under the same obfuscation strategy, the code after each obfuscation is inconsistent, which further increases the difficulty for attackers to perform static analysis by using tools.
7. Opaque predicate : Change the judgment condition of the branch jump in the code from the original definite value to an expression, which increases the complexity of the program logic and reduces the readability of the code.
8. Anti-dynamic debugging : Anti-debugging protection for App applications, when it is detected that classes, methods, and functions configured with anti-dynamic debugging functions are dynamically debugged by IDA reverse tools, the App application will automatically exit the running operation, which is conducive to protecting the App application directly It is dynamically debugged, thereby raising the threshold of offensive and defensive confrontation.
9. Anti-dynamic injection : Anti-dynamic injection protection is performed on the App application. When the injection operation of the App application is performed using zygote or ptrace technology, the App application will automatically exit the running operation, so as to prevent the illegal operation of the App application by the attacker. Avoid dynamic analysis and execution of code, so as to dynamically protect App application security.
10. HOOK detection : Anti-HOOK protection for the App. When it is detected that the class name, method name, and function name configured with the anti-hook protection function are dynamically hooked by tools such as frida and xposed, the App will automatically exit the operation to improve defense. App security, protecting App from injection attacks and resisting malicious intrusion.
11. Code segment inspection : Check the integrity of the code segment in the App application. If the code segment is found to be tampered with, the App application will automatically exit and run to prevent the code logic in the App application from being tampered with, so as to dynamically protect the source of the App. Code security.
12. Integrity verification : Integrity verification is performed on the function level specified in the App. When the application is re-signed and the integrity of the code is damaged, the detection point triggers the flashback of the App program to resist mainstream debugging Debugger analysis, so as to achieve dynamic protection program security.
Finally I want to say something
Dandelion APP reinforcement technology can not only increase the difficulty of reading the reversed code, but also help reduce the risk of APP being cracked, inserting viruses, Trojan horses, backdoor programs and other malicious codes, and can also enhance the security of user privacy data and transaction data . Through the APP reinforcement technology, it is also to better respond to the national standards for APP security compliance supervision and inspection, reduce the exposure of APPs by third-party media, which will seriously affect the corporate brand image and reputation, and escort the normal development of the business of enterprises and developers. . Dandelion Security Application Reinforcement protects every dedicated application for you from theft and plagiarism!