A android app for encrypting apk

Overview

ApkEncryptor

A android app for encrypting apk

2年前在业余时间写的小工具,如今也不维护了,开源出来供各位研究

已上架Google Play: https://play.google.com/store/apps/details?id=cn.beingyi.apkencryptor&hl=zh&gl=US

  • **APKEncryptor-Android:**client for encryption

  • **APKEncryptor-Server:**server for verifying vip

  • **APKEncryptor-Tools:**encrypt assets

  • **KeyCreateor-Andtoid:**greateor key of vip

  • **SubApplication:**shell

  • License:

Copyright (c)

"Anti 996" License Version 1.0 (Draft)

Permission is hereby granted to any individual or legal entity obtaining a copy of this licensed work (including the source code, documentation and/or related items, hereinafter collectively referred to as the "licensed work"), free of charge, to deal with the licensed work for any purpose, including without limitation, the rights to use, reproduce, modify, prepare derivative works of, distribute, publish and sublicense the licensed work, subject to the following conditions:

  1. The individual or the legal entity must conspicuously display, without modification, this License and the notice on each redistributed or derivative copy of the Licensed Work.

  2. The individual or the legal entity must strictly comply with all applicable laws, regulations, rules and standards of the jurisdiction relating to labor and employment where the individual is physically located or where the individual was born or naturalized; or where the legal entity is registered or is operating (whichever is stricter). In case that the jurisdiction has no such laws, regulations, rules and standards or its laws, regulations, rules and standards are unenforceable, the individual or the legal entity are required to comply with Core International Labor Standards.

  3. The individual or the legal entity shall not induce, suggest or force its employee(s), whether full-time or part-time, or its independent contractor(s), in any methods, to agree in oral or written form, to directly or indirectly restrict, weaken or relinquish his or her rights or remedies under such laws, regulations, rules and standards relating to labor and employment as mentioned above, no matter whether such written or oral agreements are enforceable under the laws of the said jurisdiction, nor shall such individual or the legal entity limit, in any methods, the rights of its employee(s) or independent contractor(s) from reporting or complaining to the copyright holder or relevant authorities monitoring the compliance of the license about its violation(s) of the said license.

THE LICENSED WORK IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE COPYRIGHT HOLDER BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN ANY WAY CONNECTION WITH THE LICENSED WORK OR THE USE OR OTHER DEALINGS IN THE LICENSED WORK.

You might also like...
Appshark is a static taint analysis platform to scan vulnerabilities in an Android app.
Appshark is a static taint analysis platform to scan vulnerabilities in an Android app.

Document Index 1.overview 2.startup 3.how to write rules 4.how to find compliance problems use appshark 5.a path traversal game 6.argument 7.engine co

A simple library that can help you detect if you app is modded or tampered with
A simple library that can help you detect if you app is modded or tampered with

Android Tamper Detector A simple library that can help you detect if you app is modded or tampered with. This adds a security level that makes it diff

This app should provide a common interface to fetch the estimated time of arrival for parcels

ETA-App This app should provide a common interface to fetch the estimated time of arrival for parcels. It will integrate with several backend systems

Keepass2Android is a password manager app.

Keepass2Android What is Keepass2Android? Keepass2Android is a password manager app. It allows to store and retrieve passwords and other sensitive info

Tiny app to enforce security policies of your device
Tiny app to enforce security policies of your device

Sentry Enforce security policies. Tiny app to enforce security policies of your device. It can: limit the maximum number of failed password attempts d

Simple API to perform AES encryption on Android. This is the Android counterpart to the AESCrypt library Ruby and Obj-C (with the same weak security defaults :( ) created by Gurpartap Singh. https://github.com/Gurpartap/aescrypt

AESCrypt-Android Simple API to perform AES encryption on Android with no dependancies. This is the Android counterpart to the AESCrypt library Ruby an

PermissionX is an extension Android library that makes Android runtime permission request extremely easy
PermissionX is an extension Android library that makes Android runtime permission request extremely easy

PermissionX is an extension Android library that makes Android runtime permission request extremely easy. You can use it for basic pe

Signal Protocol library for Java/Android

Overview A ratcheting forward secrecy protocol that works in synchronous and asynchronous messaging environments. PreKeys This protocol uses a concept

Grab’n Run, a simple and effective Java Library for Android projects to secure dynamic code loading.
Grab’n Run, a simple and effective Java Library for Android projects to secure dynamic code loading.

Grab’n Run, a simple and effective Java Library for Android projects to secure dynamic code loading.

Comments
  • java.util.zip.ZipException:error in opening zip file

    java.util.zip.ZipException:error in opening zip file

    问题描述

    在加密dex的时候报错java.util.zip.ZipException:error in opening zip file

    问题展示

    error

    代码

    最终发现是在调用EncryptorConfig.java(80)报的错误

                  File apk=new File(MyApp.getContext().getFilesDir()+File.separator+"sub.apk");
    
                  ZipFile zipFile=new ZipFile(apk); //把apk当作zip打开出现上述异常
    

    但是这个sub.apk在是在位置ShellSubTask.java(80)创建的

    		File apk=new File(MyApp.getContext().getFilesDir()+File.separator+"sub.apk");
    		FileUtils.mkdir(apk.getParent());
    		BYProtectUtils.copyAssetsFile("sub.apk",apk.getAbsolutePath());
    

    应该是拷贝了资源文件(MD5:89122AB303A8DA6FC5694C6BAD48229E )到sub.apk当中?才导致后面当作zip解析不正确?

    opened by 827Dream 3
  • 请教编译测试加壳后无法运行问题

    请教编译测试加壳后无法运行问题

    问题描述

    在上个Issues后,重新编译了项目,但是因为assets中找不到sub.apk故会报错。我个人理解是不是这个sub.apk就是我要加密的apk,之后我把要加密的apk放到了assets中,之后顺利运行加壳程序,但是结果如下无法运行了。 issues2

    代码

    在ShellSubTask.java-》start函数执行整体的加壳流程,个人理解如下:

    step1:拷贝sub.apk(我认为的要加密的apk)到指定路径,用于后续的dex操作

    step2:在AndroidManifest.xml文件中Application标签中加入name属性,还有一个实在manifest标签中加入compileSdkVersionCodename属性

    step3:dex的亦或加密操作(key应该是包名)

    step4:构造json对象存储配置属性并进行加密(key应该是包名的md5)

    step5:签名apk

    public void start() {
    
    		try {
    			stepLoading.setStepStatus(1, StepLoading.Running);
    
                File apk=new File(MyApp.getContext().getFilesDir()+File.separator+"sub.apk");
                FileUtils.mkdir(apk.getParent());
                BYProtectUtils.copyAssetsFile("sub.apk",apk.getAbsolutePath());
    
                stepLoading.setStepStatus(1, StepLoading.Success);
    		} catch (Exception e) {
    			activity.showDialog(e.toString());
    			stepLoading.setStepStatus(1, StepLoading.Failure);
    			return;
    		}
    
    
    		try {
    			stepLoading.setStepStatus(2, StepLoading.Running);
    
    			byte[] manifest = parseManifest(getZipInputStream("AndroidManifest.xml"), new EncryptorConfig.Conf().getSubApplicationName());
    			zipOut.addFile("AndroidManifest.xml", manifest);
    
    
    			stepLoading.setStepStatus(2, StepLoading.Success);
    		} catch (Exception e) {
    			activity.showDialog(e.toString());
    			stepLoading.setStepStatus(2, StepLoading.Failure);
    			return;
    		}
    
    
    
    		try {
    			stepLoading.setStepStatus(3, StepLoading.Running);
    
    			byte[] dex = EncryptorConfig.getDex();
    			zipOut.addFile("classes.dex", dex);
    
    
    			if(singleDEX){
    				String dexName="classes.dex";
    				zipOut.addFile("src/" + BYProtectUtils.getAssetsName(dexName), xorEncode(FileUtils.toByteArray(getZipInputStream(dexName)),packageName));
    				zipOut.removeFile(dexName);
    				enDexList.add(BYProtectUtils.getAssetsName(dexName));
    			}else {
    				for (String dexName : dexEntries) {
    					zipOut.addFile("src/" + BYProtectUtils.getAssetsName(dexName), xorEncode(FileUtils.toByteArray(getZipInputStream(dexName)),packageName));
    					zipOut.removeFile(dexName);
    					enDexList.add(BYProtectUtils.getAssetsName(dexName));
    				}
    			}
    
    			stepLoading.setStepStatus(3, StepLoading.Success);
    		} catch (Exception e) {
    			activity.showDialog(e.toString());
    			stepLoading.setStepStatus(3, StepLoading.Failure);
    			return;
    		}
    
    
    
    
    		try {
    			stepLoading.setStepStatus(4, StepLoading.Running);
    
    			JSONObject jsonObject=new JSONObject();
    			jsonObject.put("application",customApplicationName);
    			jsonObject.put("sub",new EncryptorConfig.Conf().getSubApplicationName());
    			jsonObject.put("dex", ListUtil.ListToString(enDexList));
    
    			jsonObject.put("checkVirtual",fragment.cb_checkVirtual.isChecked());
    			jsonObject.put("checkXposed",fragment.cb_checkXposed.isChecked());
    			jsonObject.put("checkRoot",fragment.cb_checkRoot.isChecked());
    			jsonObject.put("checkVPN",fragment.cb_checkVPN.isChecked());
    
    
    			byte[] conf=ByteEncoder.Encrypt(jsonObject.toString().getBytes(),packageName);
    
    			zipOut.addFile(confEntry, conf);
    
    			zipOut.save();
    
    			stepLoading.setStepStatus(4, StepLoading.Success);
    		} catch (Exception e) {
    			activity.showDialog(e.toString());
    			stepLoading.setStepStatus(4, StepLoading.Failure);
    			return;
    		}
    
    
    
    		try {
    			stepLoading.setStepStatus(5, StepLoading.Running);
    
    			File tmpFile = new File(outputPath + ".tmp");
    			new File(outputPath).renameTo(tmpFile);
    
    			if (useKey) {
    
    				KeyStore keyStore = KeyStore.getInstance("JKS");
    				keyStore.load(new FileInputStream(conf.getKeyStorePath()), conf.getKeyStorePw().toCharArray());
    
    				String alias =conf.getCertAlias();
    
    				PrivateKey privateKey = (PrivateKey) keyStore.getKey(alias, conf.getCertPw().toCharArray());
    				X509Certificate x509Certificate = (X509Certificate) keyStore.getCertificate(alias);
    				ApkSigner.Builder builder = new ApkSigner.Builder(ImmutableList.of(new ApkSigner.SignerConfig.Builder("Fly", privateKey, ImmutableList.of(x509Certificate)).build()));
    				builder.setInputApk(tmpFile);
    				builder.setOutputApk(new File(outputPath));
    				builder.setCreatedBy("Fly");
    				builder.setMinSdkVersion(9);
    				builder.setV1SigningEnabled(true);
    				builder.setV2SigningEnabled(false);
    				builder.build().sign();
    
    
    			} else {
    
    
    				KeyStore keyStore = KeyStore.getInstance("JKS");
    				keyStore.load(BYProtectUtils.getStreamFromAssets("fly.jks"), "123456".toCharArray());
    
    				String alias ="test";
    
    				PrivateKey privateKey = (PrivateKey) keyStore.getKey(alias, "123456".toCharArray());
    				X509Certificate x509Certificate = (X509Certificate) keyStore.getCertificate(alias);
    				ApkSigner.Builder builder = new ApkSigner.Builder(ImmutableList.of(new ApkSigner.SignerConfig.Builder("Fly", privateKey, ImmutableList.of(x509Certificate)).build()));
    				builder.setInputApk(tmpFile);
    				builder.setOutputApk(new File(outputPath));
    				builder.setCreatedBy("Fly");
    				builder.setMinSdkVersion(9);
    				builder.setV1SigningEnabled(true);
    				builder.setV2SigningEnabled(false);
    				builder.build().sign();
    
    
    			}
    
    			tmpFile.delete();
    
    
    			stepLoading.setStepStatus(6, StepLoading.Success);
    
    			showFinish(context, new File(outputPath));
    
    
    			stepLoading.setStepStatus(5, StepLoading.Success);
    		} catch (Exception e) {
    			activity.showDialog(e.toString());
    			stepLoading.setStepStatus(5, StepLoading.Failure);
    			return;
    		}
    
    

    请教

    问题一:在函数parseManifest中好像有意设置了一下compileSdkVersionCodename这个属性,想问下具体是有什么目的吗

    问题二:assets中的sub.apk是否是我理解的是要进行加密的apk

    问题三:上述流程中没有涉及到壳代码以及混淆代码(特殊字符)的添加,好像只有对要加密的apk文件操作,我觉得我应该是漏掉了什么。

    opened by 827Dream 2
  • not found libmylib.so file

    not found libmylib.so file

    E/AndroidRuntime: FATAL EXCEPTION: main Process: com.fly.apkencryptor, PID: 20650 java.lang.UnsatisfiedLinkError: dlopen failed: library "/data/data/com.fly.apkencryptor/lib/libmylib.so" not found at java.lang.Runtime.load0(Runtime.java:909) at java.lang.System.load(System.java:1537) at com.fly.apkencryptor.application.MyApp.attachBaseContext(MyApp.java:81)

    opened by zzawaiszz 0
Owner
FlyingYu
An little android developer.
FlyingYu
BlackDex is an Android unpack tool, it supports Android 5.0~12 and need not rely to any environment. BlackDex can run on any Android mobile phones or emulators, you can unpack APK File in several seconds.

BlackDex is an Android unpack tool, it supports Android 5.0~12 and need not rely to any environment. BlackDex can run on any Android mobile phones or emulators, you can unpack APK File in several seconds.

null 4.3k Jan 2, 2023
Black Obfuscator is an obfuscator for Android APK DexFile

Black Obfuscator is an obfuscator for Android APK DexFile, it can help developer to protect source code by control flow flattening, and make it difficult to analyze the actual program control flow.

null 581 Jan 3, 2023
This app will show grid overlay over whole system which helps you to verify your excellent app design.

GridWichterle for Android This app will show grid overlay over whole system which helps you to verify your excellent app design. Download: What is the

Inmite s.r.o. 408 Dec 29, 2022
a version of the official Android openssl setup to build standalone for use in app

OpenSSL on the Android platform. --- The code in this directory is based on $OPENSSL_VERSION in the file openssl.version. See patches/README for more

Guardian Project 371 Dec 8, 2022
Analyze any Android/Java based app or game

ClassyShark Introduction ClassyShark is a standalone binary inspection tool for Android developers. It can reliably browse any Android executable and

Google 7.2k Jan 3, 2023
A simple android app that parses its own signature and displays it

SigDisplayer Usage Download the release APK or clone the repository and compile yourself. Sign the APK with your preferred keystore. Install and open

Jonah 5 Oct 18, 2022
Android app to test various cryptography algorithm.

CryptographyLesson Introduction This android app shows how cryptographic algorithm works. You can encrypt or decrypt messages and try different algori

null 3 Mar 21, 2022
Writeup and exploit for installed app to system privilege escalation on Android 12 Beta through CVE-2021-0928, a `writeToParcel`/`createFromParcel` serialization mismatch in `OutputConfiguration`

Writeup and exploit for installed app to system privilege escalation on Android 12 Beta through CVE-2021-0928, a `writeToParcel`/`createFromParcel` serialization mismatch in `OutputConfiguration`

null 52 Dec 30, 2022
📱 Android client app for the AryKey 🔑

Android application that prepares an hardware device via USB serial port with a specific password generated deterministically based on three (3) inputs: the App we want to Unlock, the User ID used for login (typically an email address) and the PIN (6 numeric digits) we want to associate with previous inputs.

Ryan Amaral 2 Mar 11, 2022