保护Android resources文件不被反编译原理分析
0x00前言
本人新手,文章写的如果有不正确的地方烦请各路大神指点
0x01工具
010 Editor
apktool
aapt
文本编辑器
0x02原理
主要是通过HEX修改resources.arsc DataType数据类型来促使apktool无法直接反编译资源文件,从而保护资源文件。
首先我们需要了解一下appt dump resources的基本格式。
resource<Resource ID> <Package Name>:<Type>/<Name>: t=<DataType> d=<Data> (s=<Size> r=<Res0>)
Resource ID R.java中的资源ID
Package Name 资源所在的的包
Type 资源的类型
Name 资源名称
DataType 数据类型,按照以下枚举类型取值
Data 资源的值,根据dataType进行解释
Size 一直为0x0008
Res0 固定为0x00
通过aapt dump查看apk的资源[mw_shl_code=bash,true]aapt d --values resources test.apk[/mw_shl_code]
[mw_shl_code=applescript,true]Package Groups (1)
Package Group 0 id=0x7f packageCount=1 name=com.example.myapp
Package 0 id=0x7f name=com.example.myapp
type 1 configCount=4 entryCount=1
spec resource 0x7f020000 com.example.myapp:drawable/ic_launcher: flags=0x40000100
config ldpi-v4:
resource 0x7f020000 com.example.myapp:drawable/ic_launcher: t=0x03 d=0x00000001 (s=0x0008 r=0x00) (PUBLIC)
(string8) "res/drawable-ldpi-v4/ic_launcher.png"
config mdpi-v4:
resource 0x7f020000 com.example.myapp:drawable/ic_launcher: t=0x03 d=0x00000002 (s=0x0008 r=0x00) (PUBLIC)
(string8) "res/drawable-mdpi-v4/ic_launcher.png"
config hdpi-v4:
resource 0x7f020000 com.example.myapp:drawable/ic_launcher: t=0x03 d=0x00000003 (s=0x0008 r=0x00) (PUBLIC)
(string8) "res/drawable-hdpi-v4/ic_launcher.png"
config xhdpi-v4:
resource 0x7f020000 com.example.myapp:drawable/ic_launcher: t=0x03 d=0x00000004 (s=0x0008 r=0x00) (PUBLIC)
(string8) "res/drawable-xhdpi-v4/ic_launcher.png"
type 2 configCount=1 entryCount=1
spec resource 0x7f030000 com.example.myapp:layout/main: flags=0x40000000
config (default):
resource 0x7f030000 com.example.myapp:layout/main: t=0x03 d=0x00000000 (s=0x0008 r=0x00) (PUBLIC)
(string8) "res/layout/main.xml"
type 3 configCount=1 entryCount=2
spec resource 0x7f040000 com.example.myapp:string/app_name: flags=0x40000000
spec resource 0x7f040001 com.example.myapp:string/hex_test: flags=0x40000000
config (default):
resource 0x7f040000 com.example.myapp:string/app_name: t=0x03 d=0x00000005 (s=0x0008 r=0x00) (PUBLIC)
(string8) "myapp"
resource 0x7f040001 com.example.myapp:string/hex_test: t=0x03 d=0x00000006 (s=0x0008 r=0x00) (PUBLIC)
(string8) "hex"[/mw_shl_code]
string/hex_test这个值在APP里面不起任何作用,专门用于修改保护资源使用,string值不要使用APP内部调用的资源,如果用正常使用的值修改后会无法正常使用
resource 0x7f040001 即 string/hex_test 的ID t=0x03 DataType数据类型 d=0x00000006 Data 资源值 s=0x0008 r=0x00 Size和Res0
下面就使用010Editor修改t=0x03 0x03修改为0x02或0x01都可以,我修改0x02
用010Editor打开resources.arsc
直接搜索0306000000(为什么这样,因为十六进制搜索需要反过来)
DataType数据类型
直接修改03为02保存,直接替换resources.arsc到apk中
0x03演示
使用apktool反编译进行测试[mw_shl_code=bash,true]apktool d -f test.apk [/mw_shl_code]
直接报错信息如下:
[mw_shl_code=javascript,true]I: Using Apktool 2.0.3 on test.apk
I: Loading resource table...
I: Decoding AndroidManifest.xml with resources...
I: Loading resource table from file: /Users/pwelyn/Library/apktool/framework/1.apk
I: Regular manifest package...
I: Decoding file-resources...
I: Decoding values */* XMLs...
Exception in thread "main" brut.androlib.err.UndefinedResObject: resource spec: 0x7f000006
at brut.androlib.res.data.ResPackage.getResSpec(ResPackage.java:59)
at brut.androlib.res.data.ResTable.getResSpec(ResTable.java:65)
at brut.androlib.res.data.ResTable.getResSpec(ResTable.java:61)
at brut.androlib.res.data.value.ResReferenceValue.getReferent(ResReferenceValue.java:57)
at brut.androlib.res.data.value.ResReferenceValue.encodeAsResXml(ResReferenceValue.java:47)
at brut.androlib.res.data.value.ResScalarValue.encodeAsResXmlValue(ResScalarValue.java:58)
at brut.androlib.res.data.value.ResScalarValue.serializeToResValuesXml(ResScalarValue.java:75)
at brut.androlib.res.AndrolibResources.generateValuesFile(AndrolibResources.java:502)
at brut.androlib.res.AndrolibResources.decode(AndrolibResources.java:252)
at brut.androlib.Androlib.decodeResourcesFull(Androlib.java:136)
at brut.androlib.ApkDecoder.decode(ApkDecoder.java:102)
at brut.apktool.Main.cmdDecode(Main.java:165)
at brut.apktool.Main.main(Main.java:81)[/mw_shl_code]
我使用的是最新版本apktool2.0.3版本,关键错误信息:[mw_shl_code=applescript,true]Exception in thread "main" brut.androlib.err.UndefinedResObject: resource spec: 0x7f000006[/mw_shl_code]
0x04修复
手动修复这个错误,也就是根据上面的原理进行反推,看一下错误信息:[mw_shl_code=applescript,true]Exception in thread "main" brut.androlib.err.UndefinedResObject: resource spec: 0x7f000006 [/mw_shl_code]
首先使用aapt dump查看apk的资源[mw_shl_code=bash,true]aapt d --values resources test.apk [/mw_shl_code]
资源:
[mw_shl_code=javascript,true]Package Groups (1)
Package Group 0 id=0x7f packageCount=1 name=com.example.myapp
Package 0 id=0x7f name=com.example.myapp
type 1 configCount=4 entryCount=1
spec resource 0x7f020000 com.example.myapp:drawable/ic_launcher: flags=0x40000100
config ldpi-v4:
resource 0x7f020000 com.example.myapp:drawable/ic_launcher: t=0x03 d=0x00000001 (s=0x0008 r=0x00) (PUBLIC)
(string8) "res/drawable-ldpi-v4/ic_launcher.png"
config mdpi-v4:
resource 0x7f020000 com.example.myapp:drawable/ic_launcher: t=0x03 d=0x00000002 (s=0x0008 r=0x00) (PUBLIC)
(string8) "res/drawable-mdpi-v4/ic_launcher.png"
config hdpi-v4:
resource 0x7f020000 com.example.myapp:drawable/ic_launcher: t=0x03 d=0x00000003 (s=0x0008 r=0x00) (PUBLIC)
(string8) "res/drawable-hdpi-v4/ic_launcher.png"
config xhdpi-v4:
resource 0x7f020000 com.example.myapp:drawable/ic_launcher: t=0x03 d=0x00000004 (s=0x0008 r=0x00) (PUBLIC)
(string8) "res/drawable-xhdpi-v4/ic_launcher.png"
type 2 configCount=1 entryCount=1
spec resource 0x7f030000 com.example.myapp:layout/main: flags=0x40000000
config (default):
resource 0x7f030000 com.example.myapp:layout/main: t=0x03 d=0x00000000 (s=0x0008 r=0x00) (PUBLIC)
(string8) "res/layout/main.xml"
type 3 configCount=1 entryCount=2
spec resource 0x7f040000 com.example.myapp:string/app_name: flags=0x40000000
spec resource 0x7f040001 com.example.myapp:string/hex_test: flags=0x40000000
config (default):
resource 0x7f040000 com.example.myapp:string/app_name: t=0x03 d=0x00000005 (s=0x0008 r=0x00) (PUBLIC)
(string8) "myapp"
resource 0x7f040001 com.example.myapp:string/hex_test: t=0x02 d=0x00000006 (s=0x0008 r=0x00) (PUBLIC)
(attribute) 0x00000006[/mw_shl_code]
关键信息:(attribute) 0x00000006 报错 resource spec: 0x7f000006
使用010Editor打开resources.arsc直接搜索06000000
图片描述
直接将DataType数据类型0x02修改为0x03 修改后保存,直接替换resources.arsc到apk中进行反编译测试[mw_shl_code=bash,true]apktool d -f test.apk[/mw_shl_code]
测试通过:
[mw_shl_code=bash,true]I: Using Apktool 2.0.3 on test.apk
I: Loading resource table...
I: Decoding AndroidManifest.xml with resources...
I: Loading resource table from file: /Users/pwelyn/Library/apktool/framework/1.apk
I: Regular manifest package...
I: Decoding file-resources...
I: Decoding values */* XMLs...
I: Baksmaling classes.dex...
I: Copying assets and libs...
I: Copying unknown files...
I: Copying original files...[/mw_shl_code]
0x05结尾
本文只是和各位交流,谢谢。
|
