Signal Protocol library for Java/Android

Overview

Overview

A ratcheting forward secrecy protocol that works in synchronous and asynchronous messaging environments.

PreKeys

This protocol uses a concept called 'PreKeys'. A PreKey is an ECPublicKey and an associated unique ID which are stored together by a server. PreKeys can also be signed.

At install time, clients generate a single signed PreKey, as well as a large list of unsigned PreKeys, and transmit all of them to the server.

Sessions

Signal Protocol is session-oriented. Clients establish a "session," which is then used for all subsequent encrypt/decrypt operations. There is no need to ever tear down a session once one has been established.

Sessions are established in one of three ways:

  1. PreKeyBundles. A client that wishes to send a message to a recipient can establish a session by retrieving a PreKeyBundle for that recipient from the server.
  2. PreKeySignalMessages. A client can receive a PreKeySignalMessage from a recipient and use it to establish a session.
  3. KeyExchangeMessages. Two clients can exchange KeyExchange messages to establish a session.

State

An established session encapsulates a lot of state between two clients. That state is maintained in durable records which need to be kept for the life of the session.

State is kept in the following places:

  1. Identity State. Clients will need to maintain the state of their own identity key pair, as well as identity keys received from other clients.
  2. PreKey State. Clients will need to maintain the state of their generated PreKeys.
  3. Signed PreKey States. Clients will need to maintain the state of their signed PreKeys.
  4. Session State. Clients will need to maintain the state of the sessions they have established.

Using libsignal-protocol

Configuration

On Android:

dependencies {
  compile 'org.whispersystems:signal-protocol-android:(latest version number)'
}

For pure Java apps:

<dependency>
  <groupId>org.whispersystems</groupId>
  <artifactId>signal-protocol-java</artifactId>
  <version>(latest version number)</version>
</dependency>

Install time

At install time, a libsignal client needs to generate its identity keys, registration id, and prekeys.

IdentityKeyPair    identityKeyPair = KeyHelper.generateIdentityKeyPair();
int                registrationId  = KeyHelper.generateRegistrationId();
List<PreKeyRecord> preKeys         = KeyHelper.generatePreKeys(startId, 100);
SignedPreKeyRecord signedPreKey    = KeyHelper.generateSignedPreKey(identityKeyPair, 5);

// Store identityKeyPair somewhere durable and safe.
// Store registrationId somewhere durable and safe.

// Store preKeys in PreKeyStore.
// Store signed prekey in SignedPreKeyStore.

Building a session

A libsignal client needs to implement four interfaces: IdentityKeyStore, PreKeyStore, SignedPreKeyStore, and SessionStore. These will manage loading and storing of identity, prekeys, signed prekeys, and session state.

Once those are implemented, building a session is fairly straightforward:

SessionStore      sessionStore      = new MySessionStore();
PreKeyStore       preKeyStore       = new MyPreKeyStore();
SignedPreKeyStore signedPreKeyStore = new MySignedPreKeyStore();
IdentityKeyStore  identityStore     = new MyIdentityKeyStore();

// Instantiate a SessionBuilder for a remote recipientId + deviceId tuple.
SessionBuilder sessionBuilder = new SessionBuilder(sessionStore, preKeyStore, signedPreKeyStore,
                                                   identityStore, recipientId, deviceId);

// Build a session with a PreKey retrieved from the server.
sessionBuilder.process(retrievedPreKey);

SessionCipher     sessionCipher = new SessionCipher(sessionStore, recipientId, deviceId);
CiphertextMessage message      = sessionCipher.encrypt("Hello world!".getBytes("UTF-8"));

deliver(message.serialize());

Legal things

Cryptography Notice

This distribution includes cryptographic software. The country in which you currently reside may have restrictions on the import, possession, use, and/or re-export to another country, of encryption software. BEFORE using any encryption software, please check your country's laws, regulations and policies concerning the import, possession, or use, and re-export of encryption software, to see if this is permitted. See http://www.wassenaar.org/ for more information.

The U.S. Government Department of Commerce, Bureau of Industry and Security (BIS), has classified this software as Export Commodity Control Number (ECCN) 5D002.C.1, which includes information security software using or performing cryptographic functions with asymmetric algorithms. The form and manner of this distribution makes it eligible for export under the License Exception ENC Technology Software Unrestricted (TSU) exception (see the BIS Export Administration Regulations, Section 740.13) for both object code and source code.

License

Copyright 2013-2019 Open Whisper Systems

Licensed under the GPLv3: http://www.gnu.org/licenses/gpl-3.0.html

Comments
  • Conflict when using android libraries with protobuf-lite dependency

    Conflict when using android libraries with protobuf-lite dependency

    When you use any libraries which has dependency to protobuf-lite it would not compile because you need to either use protobuf-java or protobuf-lite. protobuf-lite is the recommended one for android. Thank you.

    opened by abdularis 10
  • Exception: java.lang.ArrayIndexOutOfBoundsException length=4; index=4 org.whispersystems.libsignal.state.PreKeyRecord.<init>

    Exception: java.lang.ArrayIndexOutOfBoundsException length=4; index=4 org.whispersystems.libsignal.state.PreKeyRecord.

    Getting below error when generating prekeys. I am trying to achieve end-to-end encryption in a chat window.

    Non-fatal Exception: java.lang.ArrayIndexOutOfBoundsException: length=4; index=4 at com.google.protobuf.MessageSchema.newSchemaForRawMessageInfo(MessageSchema.java:507) at com.google.protobuf.MessageSchema.newSchema(MessageSchema.java:227) at com.google.protobuf.ManifestSchemaFactory.newSchema(ManifestSchemaFactory.java:77) at com.google.protobuf.ManifestSchemaFactory.createSchema(ManifestSchemaFactory.java:71) at com.google.protobuf.Protobuf.schemaFor(Protobuf.java:90) at com.google.protobuf.Protobuf.schemaFor(Protobuf.java:104) at com.google.protobuf.GeneratedMessageLite.makeImmutable(GeneratedMessageLite.java:175) at com.google.protobuf.GeneratedMessageLite$Builder.buildPartial(GeneratedMessageLite.java:395) at com.google.protobuf.GeneratedMessageLite$Builder.build(GeneratedMessageLite.java:403) at org.whispersystems.libsignal.state.PreKeyRecord.<init>(PreKeyRecord.java:31) at org.whispersystems.libsignal.util.KeyHelper.generatePreKeys(KeyHelper.java:89) at com.quickfire.messaging.cryptography.SignalProtocolManagerImpl.initProtocol(SignalProtocolManagerImpl.kt:15) at com.quickfire.presentation.login.LoginActivity.updateLoginResult(LoginActivity.kt:176) at com.quickfire.presentation.login.LoginActivity.access$updateLoginResult(LoginActivity.kt:34) at com.quickfire.presentation.login.LoginActivity$observeData$2$invokeSuspend$$inlined$collect$1.emit(Collect.kt:138) at kotlinx.coroutines.flow.StateFlowImpl.collect(StateFlow.kt:348) at kotlinx.coroutines.flow.StateFlowImpl$collect$1.invokeSuspend(:12) at kotlin.coroutines.jvm.internal.BaseContinuationImpl.resumeWith(ContinuationImpl.kt:33) at kotlinx.coroutines.DispatchedTaskKt.resume(DispatchedTask.kt:234) at kotlinx.coroutines.DispatchedTaskKt.resumeUnconfined(DispatchedTask.kt:190) at kotlinx.coroutines.DispatchedTaskKt.dispatch(DispatchedTask.kt:161) at kotlinx.coroutines.CancellableContinuationImpl.dispatchResume(CancellableContinuationImpl.kt:369) at kotlinx.coroutines.CancellableContinuationImpl.resumeImpl(CancellableContinuationImpl.kt:403) at kotlinx.coroutines.CancellableContinuationImpl.resumeImpl$default(CancellableContinuationImpl.kt:395) at kotlinx.coroutines.CancellableContinuationImpl.resumeWith(CancellableContinuationImpl.kt:300) at kotlinx.coroutines.flow.StateFlowSlot.makePending(StateFlow.kt:236) at kotlinx.coroutines.flow.StateFlowImpl.updateState(StateFlow.kt:301) at kotlinx.coroutines.flow.StateFlowImpl.setValue(StateFlow.kt:268) at com.quickfire.presentation.login.LoginViewModel.handleLoginResult(LoginViewModel.kt:75) at com.quickfire.presentation.login.LoginViewModel.access$handleLoginResult(LoginViewModel.kt:25) at com.quickfire.presentation.login.LoginViewModel$login$1$1.invoke(LoginViewModel.kt:53) at com.quickfire.presentation.login.LoginViewModel$login$1$1.invoke(LoginViewModel.kt:25) at com.quickfire.domain.model.base.Record.handleResult(Record.kt:9) at com.quickfire.presentation.login.LoginViewModel$login$1.invoke(LoginViewModel.kt:53) at com.quickfire.presentation.login.LoginViewModel$login$1.invoke(LoginViewModel.kt:25) at com.quickfire.domain.interactor.base.BaseFlowUseCase$invoke$1$invokeSuspend$$inlined$collect$1.emit(Collect.kt:133) at kotlinx.coroutines.flow.FlowKt__ChannelsKt.emitAllImpl$FlowKt__ChannelsKt(Channels.kt:61) at kotlinx.coroutines.flow.FlowKt__ChannelsKt$emitAllImpl$1.invokeSuspend(:11) at kotlin.coroutines.jvm.internal.BaseContinuationImpl.resumeWith(ContinuationImpl.kt:33) at kotlinx.coroutines.DispatchedTask.run(DispatchedTask.kt:106) at android.os.Handler.handleCallback(Handler.java:883) at android.os.Handler.dispatchMessage(Handler.java:100) at android.os.Looper.loop(Looper.java:214) at android.app.ActivityThread.main(ActivityThread.java:7682) at java.lang.reflect.Method.invoke(Method.java) at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:516) at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:950)

    opened by rubenquadros 6
  • Can I use this library with firebase database

    Can I use this library with firebase database

    I want to implement E2EE in a firebase chat application. Can I use this library with firebase database as server and android as a client. All the encryption and decryption will happen at client side.

    opened by NainalChauhan 5
  • Tests failing (InvalidKeyException)

    Tests failing (InvalidKeyException)

    Tests are failing for me. platform: Linux 64 bit java: jdk 8u40 sdk: android-sdk_r24.0.2-linux

    Am I missing something obvious here?

    Thanks.

    $ ./gradlew test :java:compileJava warning: [options] bootstrap class path not set in conjunction with -source 1.7 1 warning :java:processResources UP-TO-DATE :java:classes :java:compileTestJava warning: [options] bootstrap class path not set in conjunction with -source 1.7 1 warning :java:processTestResources UP-TO-DATE :java:testClasses :java:test

    org.whispersystems.libaxolotl.SessionBuilderTest > testBasicPreKeyV3 FAILED java.lang.AssertionError at SessionBuilderTest.java:129 Caused by: java.security.InvalidKeyException at SessionBuilderTest.java:129

    org.whispersystems.libaxolotl.SessionBuilderTest > testBadSignedPreKeySignature PASSED

    org.whispersystems.libaxolotl.SessionBuilderTest > testRepeatBundleMessageV2 FAILED java.lang.AssertionError at SessionBuilderTest.java:262 Caused by: java.security.InvalidKeyException at SessionBuilderTest.java:262

    org.whispersystems.libaxolotl.SessionBuilderTest > testRepeatBundleMessageV3 FAILED java.lang.AssertionError at SessionBuilderTest.java:315 Caused by: java.security.InvalidKeyException at SessionBuilderTest.java:315

    org.whispersystems.libaxolotl.SessionBuilderTest > testBadMessageBundle FAILED java.lang.AssertionError at SessionBuilderTest.java:369 Caused by: java.security.InvalidKeyException at SessionBuilderTest.java:369

    org.whispersystems.libaxolotl.SessionBuilderTest > testBasicKeyExchange FAILED java.lang.AssertionError at SessionBuilderTest.java:520 Caused by: java.security.InvalidKeyException at SessionBuilderTest.java:520

    org.whispersystems.libaxolotl.SessionBuilderTest > testSimultaneousKeyExchange FAILED java.lang.AssertionError at SessionBuilderTest.java:520 Caused by: java.security.InvalidKeyException at SessionBuilderTest.java:520

    org.whispersystems.libaxolotl.SessionBuilderTest > testOptionalOneTimePreKey FAILED java.lang.AssertionError at SessionBuilderTest.java:493 Caused by: java.security.InvalidKeyException at SessionBuilderTest.java:493

    org.whispersystems.libaxolotl.SessionBuilderTest > testBasicPreKeyV2 FAILED java.lang.AssertionError at SessionBuilderTest.java:45 Caused by: java.security.InvalidKeyException at SessionBuilderTest.java:45

    org.whispersystems.libaxolotl.CurveTest > testSignatureOverflow PASSED

    org.whispersystems.libaxolotl.CurveTest > testPureJava PASSED

    org.whispersystems.libaxolotl.SimultaneousInitiateTests > testBasicSimultaneousInitiate FAILED java.lang.AssertionError at SimultaneousInitiateTests.java:50 Caused by: java.security.InvalidKeyException at SimultaneousInitiateTests.java:50

    org.whispersystems.libaxolotl.SimultaneousInitiateTests > testLostSimultaneousInitiate FAILED java.lang.AssertionError at SimultaneousInitiateTests.java:104 Caused by: java.security.InvalidKeyException at SimultaneousInitiateTests.java:104

    org.whispersystems.libaxolotl.SimultaneousInitiateTests > testSimultaneousInitiateLostMessage FAILED java.lang.AssertionError at SimultaneousInitiateTests.java:156 Caused by: java.security.InvalidKeyException at SimultaneousInitiateTests.java:156

    org.whispersystems.libaxolotl.SimultaneousInitiateTests > testSimultaneousInitiateRepeatedMessages FAILED java.lang.AssertionError at SimultaneousInitiateTests.java:215 Caused by: java.security.InvalidKeyException at SimultaneousInitiateTests.java:215

    org.whispersystems.libaxolotl.SimultaneousInitiateTests > testRepeatedSimultaneousInitiateRepeatedMessages FAILED java.lang.AssertionError at SimultaneousInitiateTests.java:293 Caused by: java.security.InvalidKeyException at SimultaneousInitiateTests.java:293

    org.whispersystems.libaxolotl.SimultaneousInitiateTests > testRepeatedSimultaneousInitiateLostMessageRepeatedMessages FAILED java.lang.AssertionError at SimultaneousInitiateTests.java:371 Caused by: java.security.InvalidKeyException at SimultaneousInitiateTests.java:371

    org.whispersystems.libaxolotl.SessionCipherTest > testBasicSessionV3 FAILED java.lang.AssertionError at SessionCipherTest.java:62 Caused by: java.security.InvalidKeyException at SessionCipherTest.java:62

    org.whispersystems.libaxolotl.SessionCipherTest > testBasicSessionV2 FAILED java.lang.AssertionError at SessionCipherTest.java:62 Caused by: java.security.InvalidKeyException at SessionCipherTest.java:62

    org.whispersystems.libaxolotl.ecc.Curve25519Test > testAgreement PASSED

    org.whispersystems.libaxolotl.ecc.Curve25519Test > testRandomAgreements PASSED

    org.whispersystems.libaxolotl.ecc.Curve25519Test > testSignature PASSED

    org.whispersystems.libaxolotl.ratchet.RatchetingSessionTest > testRatchetingSessionAsAlice PASSED

    org.whispersystems.libaxolotl.ratchet.RatchetingSessionTest > testRatchetingSessionAsBob PASSED

    org.whispersystems.libaxolotl.ratchet.ChainKeyTest > testChainKeyDerivationV2 PASSED

    org.whispersystems.libaxolotl.ratchet.RootKeyTest > testRootKeyDerivationV2 PASSED

    org.whispersystems.libaxolotl.groups.GroupCipherTest > testBasicRatchet FAILED java.lang.AssertionError at GroupCipherTest.java:62 Caused by: java.security.InvalidKeyException at GroupCipherTest.java:62

    org.whispersystems.libaxolotl.groups.GroupCipherTest > testOutOfOrder FAILED java.lang.AssertionError at GroupCipherTest.java:105 Caused by: java.security.InvalidKeyException at GroupCipherTest.java:105

    org.whispersystems.libaxolotl.groups.GroupCipherTest > testEncryptNoSession PASSED

    org.whispersystems.libaxolotl.groups.GroupCipherTest > testBasicEncryptDecrypt FAILED java.lang.AssertionError at GroupCipherTest.java:37 Caused by: java.security.InvalidKeyException at GroupCipherTest.java:37

    org.whispersystems.libaxolotl.kdf.HKDFTest > testVectorV3 PASSED

    org.whispersystems.libaxolotl.kdf.HKDFTest > testVectorLongV3 PASSED

    org.whispersystems.libaxolotl.kdf.HKDFTest > testVectorV2 PASSED

    33 tests completed, 19 failed :java:test FAILED

    FAILURE: Build failed with an exception.

    opened by rduke496 5
  • org.whispersystems.curve25519.NoSuchProviderException

    org.whispersystems.curve25519.NoSuchProviderException

    When i use libsignal-protocol-java(version 2.7.0 )in my android project, there is a problem. In my gradle file, i add dependancies like following:

          implementation'org.whispersystems:curve25519-android:0.5.0'
          implementation('org.whispersystems:signal-protocol-android:2.7.0'){
             exclude group:'org.whispersystems',module:'curve25519-android'
         }
    

    when i directly run my project via Android sutido, the app works fine. However, when i bulid an apk, and install via the apk i had built. There is an error show up, said “org.whispersystems.curve25519.NoSuchProviderException”

    it seems like the curve25519.os not built into the apk.

    opened by lich1011 3
  • REST API Server integration with pom.xml and enhancements

    REST API Server integration with pom.xml and enhancements

    I want to be able to build this project, and others similar like it using maven, for server side java, for encrypt, decrypt, and Hmac for authenticated diffie hellman, and am considering adding your Hmac implementation to mine. I want to eliminate having to generate RSA public keys manually from command line.

    I want the server side REST APIs to use Diffie hellman, along with the encrypt,decrypt, and hmac, for authenticated transactions.

    Is it a possibility to add maven pom.xml support to these projects, along with a Diffie Hellman implementation? I have one to offer. (see https://github.com/quantum-fusion/aes-256-encryption-utility/blob/e6d4f1166a3a94fde6a6f9025b551fdc0e1f18d7/src/test/java/com/acquitygroup/encryption/AESCipherTest.java#L60 )

    I am also interested in adding create JWT, create JWE, and decrypt JWE. (see https://github.com/quantum-fusion/aes-256-encryption-utility/blob/e6d4f1166a3a94fde6a6f9025b551fdc0e1f18d7/src/main/java/com/acquitygroup/encryption/CryptoHelper.java#L56 )

    opened by quantum-fusion 3
  • gradle build fails based on unknown variables {sonatypeRepo,userName, password}

    gradle build fails based on unknown variables {sonatypeRepo,userName, password}

    The problem is when I try to build, using $gradle build

    This is the error:

    • What went wrong: A problem occurred evaluating project ':java'.

    Could not get unknown property 'sonatypeRepo' for object of type org.gradle.api.publication.maven.internal.deployer.DefaultGroovyMavenDeployer.

    https://github.com/WhisperSystems/libsignal-protocol-java/blob/4f5e1ff299cea22cc75bb97249020a7da67b816d/java/build.gradle#L50

    The issues are as follows: sonatypeRepo is unknown, and userName and password are also unknown, therefore gradle fails in the build step.

    repository(url: sonatypeRepo) { authentication(userName: whisperSonatypeUsername, password: whisperSonatypePassword) }

    opened by quantum-fusion 3
  • Simultaneous session initialization with PreKeyWhisperMessage

    Simultaneous session initialization with PreKeyWhisperMessage

    Assume two parties want to start a session simultaneously by sending a PreKeyWhisperMessage. Both initialize their end of the session and send a PreKeyWhisperMessage. Both sides will now try to complete the session by looking up the prekey with the previously issued base key. The result is that there are two sessions in place! As far as I understand the code, there is nothing in place to prevent this to happen or do I miss something? This would mean both sessions are one-way only and the chain keys in the ratchet will not be updated, which is a problematic. I am new to all this Axolotl stuff, so this may be the wrong place to ask this question.

    opened by schnef 3
  • KeyHelper.generateIdentityKeyPair() throws exception while proguard is enabled

    KeyHelper.generateIdentityKeyPair() throws exception while proguard is enabled

    KeyHelper.generateIdentityKeyPair() throws k.c.a.dexception

        debug {
                minifyEnabled true   // Obfuscate and minify codes
                shrinkResources true // Remove unused resources
                useProguard true
                debuggable true
                proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.pro'
            }
    
    opened by malik082009 2
  • apache license or mit

    apache license or mit

    Is it possible to add Apache or MIT License to this project? I want to use it in my Android app, but I need to disclose my whole source code if I use this library.

    opened by long1eu 2
  • What does

    What does "install time" mean?

    Hello.

    I am trying to understand what "install time" means in the following statement from the READMe page.

    At install time, a libsignal client needs to generate its identity keys, registration id, and prekeys.

    Does it mean that when the app is installing, the keys will be generated? If yes, how do can I write install code?

    Or, does it mean that generating the keys should be the first thing the app does when installed on a device?

    Thanks.

    opened by BFamzz 1
  • The library does not work with CPU without avx2

    The library does not work with CPU without avx2

    Hello, I think your library is used in the Signald daemon. After it updated to the latest version of libsignal, I can no longer use the application on my VPS which does not have AVX2. Here is the original issue: https://gitlab.com/signald/signald/-/issues/253 Is this an irreversible decision? I don't want to buy more expensive VPS just to run bridge from Signal to Matrix...

    opened by vojtapolasek 0
  • clarification on the argument info used for the deriveSecrets function

    clarification on the argument info used for the deriveSecrets function

    the function takes 3 arguments, one of them is info in the ChainKey class in ratchet, the argument given is "WhisperMessageKeys".getBytes In another class, "WhisperRatchet".getBytes() was given as argument instead. But I can't find the "WhisperMessageKeys" or "WhisperRatchet" values anywhere in the code, aren't they supposed to be constants defined somewhere?

    opened by hadi-ijreis 0
  • Simple encryption and decryption

    Simple encryption and decryption

    I am trying to use the signal library to make a very simple command line program to encrypt a message and print out the results so that I can then easily decrypt the message on the same system without sending anything back and forth through a server. What is the easiest way to do this? Anywhere I could look that this has already been done? Thanks in advance for any help anyone can offer!

    opened by pwablito 1
  • Why can't I find the resource state.StorageProtos....

    Why can't I find the resource state.StorageProtos....

    There are many classes that import this, for example import static org.whispersystems.libsignal.state.StorageProtos.IdentityKeyPairStructure; but I can't find this resource in the state file. Could someone tell me what's wrong?

    opened by HaidaLu 0
  • Update broken link for wassenaar arrangement

    Update broken link for wassenaar arrangement

    I was reading the documentation and noticed that the link in the README for the wassenaar arrangement was broken.

    This is the new link describing the wassenaar arrangement: https://www.nti.org/learn/treaties-and-regimes/wassenaar-arrangement/

    So I just updated the README.

    Broken page (https://www.wassenaar.org/): Screen Shot 2021-08-11 at 15 49 13

    New page (https://www.nti.org/learn/treaties-and-regimes/wassenaar-arrangement/): Screen Shot 2021-08-11 at 15 55 03

    opened by laithhas 2
CLI tool for decompiling Android apps to Java. It does resources! It does Java! Its real easy!

Easy-as-pie Android Decompiler Why One stop shop I got pretty tired of decompiling Android apps with a bunch of steps that I had to remember all the t

Alex Davis 619 Dec 27, 2022
Grab’n Run, a simple and effective Java Library for Android projects to secure dynamic code loading.

Grab’n Run, a simple and effective Java Library for Android projects to secure dynamic code loading.

Luca Falsina 418 Dec 29, 2022
Analyze any Android/Java based app or game

ClassyShark Introduction ClassyShark is a standalone binary inspection tool for Android developers. It can reliably browse any Android executable and

Google 7.2k Jan 3, 2023
A Java ePub reader and parser framework for Android.

FolioReader-Android is an EPUB reader written in Java and Kotlin. Features Custom Fonts Custom Text Size Themes / Day mode / Night mode Text Highlight

FolioReader 2.1k Jan 3, 2023
A program analysis tool to find cryptographic misuse in Java and Android.

A program analysis tool to find cryptographic misuse in Java and Android.

null 92 Dec 15, 2022
CRYLOGGER: Detecting Crypto Misuses for Android and Java Apps Dynamically

CRYLOGGER: Detecting Crypto Misuses for Android and Java Apps Dynamically

Luca Piccolboni 139 Dec 12, 2022
Appdbg - make it possible to run android dex file in original Java Virtual Machine

Appdbg - make it possible to run android dex file in original Java Virtual Machine

null 137 Dec 20, 2022
Smali/baksmali is an assembler/disassembler for the dex format used by dalvik, Android's Java VM implementation

About smali/baksmali is an assembler/disassembler for the dex format used by dalvik, Android's Java VM implementation. The syntax is loosely based on

Ben Gruver 5.7k Dec 27, 2022
TweetNaCl in Java - a port of TweetNaCl-js

TweetNacl in Java: port of tweetnacl-js API/Usage Suggest always use TweetNaclFast implementation Public key authenticated encryption get key pair: Bo

AppNet.Link 40 Nov 10, 2022
Dex to Java decompiler

JADX jadx - Dex to Java decompiler Command line and GUI tools for producing Java source code from Android Dex and Apk files Main features: decompile D

null 32.8k Jan 2, 2023
Java bytecode obfuscator created by x4e.

Binscure Java bytecode obfuscator created by x4e. Usage First, create a config file, (example config here). When you have a config file, run binscure

null 35 Nov 22, 2022
A RSA Cipher implementation for Kotlin/Java

A RSA Cipher implementation for Kotlin/Java.

Lyzev 3 Aug 22, 2022
Soot - A Java optimization framework

Using Soot? Let us know about it! We are regularly applying for funding to help us maintain Soot. You can help us immensely by letting us know about p

Soot Program Analysis Framework 2.5k Jan 2, 2023
Find Security Bugs is the SpotBugs plugin for security audits of Java web applications

The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)

OWASP Find Security Bugs 2k Jan 6, 2023
Catch common Java mistakes as compile-time errors

Error Prone Error Prone is a static analysis tool for Java that catches common programming mistakes at compile-time. public class ShortSet { public

Google 6.3k Dec 23, 2022
Simple API to perform AES encryption on Android. This is the Android counterpart to the AESCrypt library Ruby and Obj-C (with the same weak security defaults :( ) created by Gurpartap Singh. https://github.com/Gurpartap/aescrypt

AESCrypt-Android Simple API to perform AES encryption on Android with no dependancies. This is the Android counterpart to the AESCrypt library Ruby an

Scott Alexander-Bown 636 Dec 18, 2022
PermissionX is an extension Android library that makes Android runtime permission request extremely easy

PermissionX is an extension Android library that makes Android runtime permission request extremely easy. You can use it for basic pe

Lin Guo 2.9k Dec 28, 2022
🔓 Kotlin version of the popular google/easypermissions wrapper library to simplify basic system permissions logic on Android M or higher.

?? Kotlin version of the popular google/easypermissions wrapper library to simplify basic system permissions logic on Android M or higher.

Madalin Valceleanu 327 Dec 30, 2022
ZRoot is a library that makes it easy to use root on Android, such as calling system service with root privilege.

ZRoot is a library that makes it easy to use root on Android, such as calling system service with root privilege. Usage See sample or user guide

null 2 Nov 26, 2021