Skip to content

Commit c340c19

Browse files
committed
add: Protect apk function
1 parent 2b6ee6d commit c340c19

File tree

1 file changed

+21
-8
lines changed

1 file changed

+21
-8
lines changed

README.md

Lines changed: 21 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -19,6 +19,7 @@ Usage:
1919
2) b | build - Builds android binary from json
2020
3) m | merge - Merges split apk files from directory
2121
4) x | refactor - Refactors obfuscated resource names
22+
5) p | protect - Protects/Obfuscates apk resource
2223
run with <command> -h to get detailed help about each command
2324
2425
```
@@ -120,16 +121,28 @@ $ java -jar APKEditor.jar x -i input.apk
120121

121122
</details>
122123

123-
#### 5- Protect (Under development - coming soon)
124-
Now it's time to support app developers against decompilers to make the battle even.
125-
This protection promises to protect apk resources against almost all decompile tools (including this one).
124+
#### 5- Protect (⭐NEW⭐)
125+
Protects apk resources against almost all known decompile/modify tools.
126+
<details> <summary><code>java -jar APKEditor.jar <b>p</b> -i path/to/input.apk</code></summary>
126127

127-
* Archive protection: Protect apk file from extraction (unzipping). It's custom/tradition to use "<b>res</b>" as resource directory name, and some obfuscators use "<b>r</b>". How about using "<b>AndroidManifest.xml</b>" or "<b>classes.dex</b>" as resource directory name 😱 ???
128-
* Confuse resource name: Most obfuscated resource names have fixed length sequential names like a1, a2, a3 ... but this function
129-
generates variable length random names.
130-
* Confuse xml parsers: Keep in mind that android devices don't care about any names to execute apk thus it's valid to rename type ``` 'string' ``` to ``` '" </string>' ``` . Consider a normal entry ``` <string name="app_name">My App</string> ``` and if decompiler attempts to parse the output will be malformed xml ``` <" </string> name="app_name">My App</" </string>> ```
131-
* Byte offset/size confusing: Most decompilers are not parsing properly as actual device, thus we will exploit their weakness
128+
```ShellSession
129+
00.026 I: [PROTECT] Protecting ...
130+
Input: test.apk
131+
Output: test_protected.apk
132+
----------------------------
133+
00.027 I: [PROTECT] Loading apk file ...
134+
00.052 I: [PROTECT] Protecting files ..
135+
00.454 I: [PROTECT] Protecting resource table ..
136+
00.474 I: [PROTECT] Writing apk ...
137+
02.264 [PROTECT] Writing: total=47654392 bytes : resources.arsc
138+
02.346 I: [PROTECT] Zip align ...
139+
02.451 I: [PROTECT] Saved to: test_protected.apk
140+
02.451 I: [PROTECT] Done
141+
142+
```
132143

144+
</details>
145+
133146
---
134147

135148
***Build executable jar***

0 commit comments

Comments
 (0)