{"id":13480467,"url":"https://github.com/BruceWind/AESJniEncrypt","last_synced_at":"2025-03-27T10:32:45.719Z","repository":{"id":54320031,"uuid":"75403261","full_name":"BruceWind/AESJniEncrypt","owner":"BruceWind","description":"🛡 Make safest code in Android. (基于libsodium实现chacha20算法,key在native中,防止被二次打包){长期维护,请star,勿fork}","archived":false,"fork":false,"pushed_at":"2024-01-05T13:39:18.000Z","size":384,"stargazers_count":1011,"open_issues_count":5,"forks_count":166,"subscribers_count":30,"default_branch":"master","last_synced_at":"2025-03-25T17:21:21.236Z","etag":null,"topics":["aes","android","chacha-poly1305","chacha20","chacha20-poly1305","cmake","decryption","encryption","libsodium","ndk","obfuscator","security","signature-verification"],"latest_commit_sha":null,"homepage":"","language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/BruceWind.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2016-12-02T14:37:39.000Z","updated_at":"2025-02-18T06:37:08.000Z","dependencies_parsed_at":"2024-01-13T18:16:01.068Z","dependency_job_id":"9235e100-2989-499b-81ef-2c6811d451c5","html_url":"https://github.com/BruceWind/AESJniEncrypt","commit_stats":null,"previous_names":[],"tags_count":4,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/BruceWind%2FAESJniEncrypt","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/BruceWind%2FAESJniEncrypt/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/BruceWind%2FAESJniEncrypt/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/BruceWind%2FAESJniEncrypt/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/BruceWind","download_url":"https://codeload.github.com/BruceWind/AESJniEncrypt/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":245827292,"owners_count":20678955,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aes","android","chacha-poly1305","chacha20","chacha20-poly1305","cmake","decryption","encryption","libsodium","ndk","obfuscator","security","signature-verification"],"created_at":"2024-07-31T17:00:40.114Z","updated_at":"2025-03-27T10:32:45.676Z","avatar_url":"https://github.com/BruceWind.png","language":"C","readme":"[English](https://github.com/BruceWind/AESJniEncrypt/blob/master/README.md)\n\n[中文](https://github.com/BruceWind/AESJniEncrypt/blob/master/README_zh.md)\n\n\n# Reach high security with libsodium on Android\n\n\u003e I have no longer supported ~~AES algorithms~~. Still need it, you can check out tag: [v2.2](https://github.com/BruceWind/AESJniEncrypt/releases/tag/v2.2).\n\n- [x] Use **CHACHA20** instead of **AES**. I have to mention that TLS1.3 use **CHACHA20** on mobile devices too. It is high-performance for the ARM architecture.\n- [x] Hide native function in JniOnload\n- [x] Use signature verification to avoid second-packaged. (It prevents hackers call your JNI method directly.)\n- [x] ~~key exists in the symbol table, and hides the character table~~. This approach has been deprecated due to [discard reason issues5](https://github.com/weizongwei5/AESJniEncrypt/issues/5)\n- [x] Obtain the key from a complex function, to hide the key, currently, the function is a simple solution. (Complex solution: divide the Key into several pieces, store them in different C files, and finally splice them together. This function should be complicated to write and increase the decompiling difficulty.)\n\n- [x] Use \"obfuscator\" to confuse C code, [how to  deobfuscate it?](https://blog.quarkslab.com/deobfuscation-recovering-an-ollvm-protected-program.html)\n- [x] Supporting x86 of obfuscation. A link at the bottom is a tutorial for configuring obfuscation.\n- [x] Anti-debugging. Currently, I put a simple solution into code, but there are complicated and sophisticated solutions.\n      I recommend determining whether it is traced in every encryption and decryption. You can add other complicated algorithms to your fork.\n- [x] Detecting device is an emulator during runtime. This feature comes from my another repo [Check_Emulator_In_NDK](https://github.com/Scavenges/Check_Emulator_In_NDK)\n- [ ] TODO: Prevent SO file injecting from hackers.\n\n\n\n## build \u0026 run it.\n\u003cdetails\u003e\n\u003csummary\u003eclick to expand.\u003c/summary\u003e\n\n\n1. preparation：\n\nrun the shell : `./build_libsodium_for_all_android_abi.sh`\nWhen you run the shell, some error you may got some error like this:\n`env: python: No such file or directory` , `See \"config.log\" for more details or others.\n\nPlease, take time to solve them.\n\nIf the shell runs well, many files, such as  `.a` \u0026 `.so`, will be copied into `aesjni/src/main/jni/sodium_include/`.\nAlso, you would see `All of static libs has been moved into ......` at terminal.\n\n1. click run app from ADB to look at logcat， some result of execution will be there\n\n\u003c/details\u003e\n\n\n## how to integrate it into my project?\n\u003cdetails\u003e\n\u003csummary\u003eclick to expand.\u003c/summary\u003e\na. generating a chacha20 key: \n    \nrun `test_in_exexutaing.sh`, and look at logcat. It will generate ***key*** and ***nonce***. You can paste it into **JNIEntry.c**.\n\n\n\nb. Set **ndk.dir** in local.properties. Some NDK versions have not been tested you may encounter build errors from them.\n\nc. As you integrate it into the project, please modify class names and method names, don't expose the name of the encryption algorithm, modify the [C function](https://github.com/BruceWind/AESJniEncrypt/blob/master/aesjni/src/main/jni/JNIEncrypt.c#L56-L70) of key storage from my code.\n\nd. Generate and modify signatures.\n\nd.1. Generate Keystore file(You should jump this step in case you already have Keystore.)\n\n```shell script\n# my generate record:\nmkdir keystore\ncd keystore/\nkeytool -genkey -alias client1 -keypass 123456 -keyalg RSA -keysize 1024 -validity 365 -storetype PKCS12 -keystore ./androidyuan.keystore\n```\n\nd.2. Modify `hash` of your keystore and `pkg-name` in [check_signature.h](https://github.com/BruceWind/AESJniEncrypt/blob/master/aesjni/src/main/jni/check_signature.h#L9_L11).\n\nAs you obtain the hash,  you should use this method: [getSignature()](https://github.com/BruceWind/AESJniEncrypt/blob/519a4f16ee0a61b05f8dd41419e3fe61836ee5c7/aesjni/src/main/java/com/androidyuan/aesjni/SignatureTool.java#L26), \nto get.\n    \nPlease copy the **keystore hashcode** and **package name** into `check_signature.h`.\n      \n\u003c/details\u003e\n\n### Remind: SO file will become bigger\n\n![unconfused so](https://github.com/weizongwei5/AESJniEncrypt/raw/master/img/unobfscator_debugapk.png)\n![confused so](https://github.com/weizongwei5/AESJniEncrypt/raw/master/img/obfscator_screen.png)\n\nThe size of the confused SO file may be three times the size of the original SO file.\nIf the size bothers you, you can disable obfuscator-lvvm. It is unnecessary.\n\n### In addition, what I have to tell you:\nBecause you need to do signature verification, I can't provide **jcenter** dependencies, pls forgive me! \n\nEven though this code is very safe, I am still against storing keys in code. The key that shouldn't be constant should be temporary and generated. If you know how SSL works, you may think that asymmetric encryption transferring the key is the safest in the world.\nIf you don’t know how SSL works, I recommend a blog from Cloudflare: [what-is-asymmetric-encryption](https://www.cloudflare.com/zh-cn/learning/ssl/what-is-asymmetric-encryption/)\n\n\nTo confuse native code, you need to modify the `externalNativeBuild` in the `aesjni/build.gradle` and configure the **Obfuscator-LLVM** under the NDK.\n\nThis is my NDK configuration obfuscator tutorial: [Obfuscator-LLVM-4.0-BUILD-NDK](https://github.com/weizongwei5/Obfuscator-LLVM-4.0-BUILD-NDK).\n\nIn another way, you can build it on docker.\nMaybe you think configuring Obfuscator-LLVM is really difficult. I recommend using docker : [github.com/nickdiego/docker-ollvm](https://github.com/nickdiego/docker-ollvm).\n\n\n[How do other languages ​​work together with encryption and decryption?](https://github.com/weizongwei5/AESJniEncrypt/issues/8)\n\nIf you got a crash, you can look into **FigureOutJNICrash.md** to find where this code crashed at.\n\n-------------------\n## Legal\nIf you live in China, you should take care of [checking apk signature](https://github.com/BruceWind/AESJniEncrypt/blob/master/aesjni/src/main/cpp/check_emulator.h#L15).\nIn this code, I use PackageManger which may be misunderstood to collect a list of apps installed. \nYou should look at [工信部整治八项违规](http://www.miit.gov.cn/n1146295/n7281315/c7507241/part/7507297.docx).\n\n## Contributing\n\nIn case you would like to add information to this repository or suggest some ideas, please use one of the following options:\n\n- [Create an Issue](https://github.com/weizongwei5/AESJniEncrypt/issues/new).\n- Send me Pull Requests\n\n### Contributor\n\n[https://github.com/larry19840909](https://github.com/larry19840909)\n\n[https://github.com/zxp0505](https://github.com/zxp0505)\n\n[https://github.com/baoyongzhang](https://github.com/baoyongzhang)\n\n\n\n## Thanks\n\nLibsodium Algorithm from: https://github.com/jedisct1/libsodium\n\nNative code obfuscator: [obfuscation-o-llvm-ndk](https://fuzion24.github.io/android/obfuscation/ndk/llvm/o-llvm/2014/07/27/android-obfuscation-o-llvm-ndk)\n","funding_links":[],"categories":["C"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FBruceWind%2FAESJniEncrypt","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FBruceWind%2FAESJniEncrypt","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FBruceWind%2FAESJniEncrypt/lists"}