本文共 16181 字,大约阅读时间需要 53 分钟。
网络请求通过http传递到后台,如果不对数据做加密处理的话,很容易会被抓包,此时,app就是很不安全的,被截取到接口地址和参数后容易被攻击。今天我要分享的就是如何提高网络接口安全性的解决方案。
之前做的项目是采取直接在java层对参数进行加密,加密方式也有很多,RSA加密,MD5加密,AES加密,DES加密,Base64加密等等,具体介绍可以参考这里 Android中的加密方法(),这种方式在一定程度上可以提高数据的安全性,但是深入来看,我们的加密方式对外暴露出来,当app被反编译时,对方可以拿到我们的代码,可以看到我们加密的方式,这样一来,会更加容易让对方找到破解密文的方法,因为在目前所有加密方式中,既具备实用性又具备绝对安全性的方法是不存在的。所以我们是否可以做到加密方式也对外不可见呢,或者如果不能做到绝对不可见,是否可以大大的提高对方破解密文的难度。这就是今天要做的,通过jni将加密方法打包到so库中,防止被放编译,算是在这些加密算法的上面加一层壳,这里以md5加密为例。
so库破解的难度之大,远远超过破解混淆后的apk,所以jni是解决安全性隐患的一个切入点。
创建CMakeLists文件,配置相关的内容
#参数加密cmake_minimum_required(VERSION 3.4.1)find_library( log-lib log )add_library( encrypt SHARED src/main/cpp/encrypt.cpp src/main/cpp/md5.cpp)# 将预构建库与本地库相连target_link_libraries( encrypt ${log-lib} ) EncryptUtils
package com.app.rzm.utils;import android.content.Context;/** * ndk实现参数加密 */public class EncryptUtils { static { System.loadLibrary("encrypt"); } public static String encrypt(Context context, String param){ checkSignature(context); return encryptNative(context,param); } /** * 对一个字符串进行加密 * @param context * @param param * @return */ private static native String encryptNative(Context context, String param); /** * 校验app签名 * @param context */ private static native void checkSignature(Context context);} 调用方式
public class TestParamsEncryptActivity extends AppCompatActivity { private TextView mText; @Override protected void onCreate(Bundle savedInstanceState) { super.onCreate(savedInstanceState); setContentView(R.layout.activity_test_params_encrypt); mText = (TextView) findViewById(R.id.text); //拿到签名 try { PackageInfo packageInfo = getPackageManager().getPackageInfo(getPackageName(), PackageManager.GET_SIGNATURES); Signature[] signatures = packageInfo.signatures; LogUtils.d("signature:"+signatures[0].toCharsString()); } catch (PackageManager.NameNotFoundException e) { e.printStackTrace(); } //将网络请求中的http参数拼接成这样的字符串username=renzhenming&password=123456 //然后将这个参数字符串进行加密 String params = EncryptUtils.encrypt(this,"username=renzhenming&password=123456"); //作为参数给到服务器,服务器也生成同样的密文,然后将加密的字符串进行比较 mText.setText(params); }} 接下来是关键代码,在c++中实现md5加密, * 加密解密的过程:
md5.h#ifndef MD5_H#define MD5_Htypedef struct{ unsigned int count[2]; unsigned int state[4]; unsigned char buffer[64];}MD5_CTX;#define F(x,y,z) ((x & y) | (~x & z))#define G(x,y,z) ((x & z) | (y & ~z))#define H(x,y,z) (x^y^z)#define I(x,y,z) (y ^ (x | ~z))#define ROTATE_LEFT(x,n) ((x << n) | (x >> (32-n)))#define FF(a,b,c,d,x,s,ac) { \ a += F(b, c, d) + x + ac; \ a = ROTATE_LEFT(a, s); \ a += b; \ }#define GG(a,b,c,d,x,s,ac) { \ a += G(b, c, d) + x + ac; \ a = ROTATE_LEFT(a, s); \ a += b; \ }#define HH(a,b,c,d,x,s,ac) { \ a += H(b, c, d) + x + ac; \ a = ROTATE_LEFT(a, s); \ a += b; \ }#define II(a,b,c,d,x,s,ac) { \ a += I(b, c, d) + x + ac; \ a = ROTATE_LEFT(a, s); \ a += b; \ }void MD5Init(MD5_CTX *context);void MD5Update(MD5_CTX *context, unsigned char *input, unsigned int inputlen);void MD5Final(MD5_CTX *context, unsigned char digest[16]);void MD5Transform(unsigned int state[4], unsigned char block[64]);void MD5Encode(unsigned char *output, unsigned int *input, unsigned int len);void MD5Decode(unsigned int *output, unsigned char *input, unsigned int len);#endif md5.cpp
#include "md5.h"#include "string"unsigned char PADDING[] = { 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };//在逆向代码的时候,需要关注下面的特征值void MD5Init(MD5_CTX *context){ context->count[0] = 0; context->count[1] = 0; context->state[0] = 0x67452301; context->state[1] = 0xEFCDAB89; context->state[2] = 0x98BADCFE; context->state[3] = 0x10325476;}void MD5Update(MD5_CTX *context, unsigned char *input, unsigned int inputlen){ unsigned int i = 0, index = 0, partlen = 0; index = (context->count[0] >> 3) & 0x3F; partlen = 64 - index; context->count[0] += inputlen << 3; if (context->count[0] < (inputlen << 3)) context->count[1]++; context->count[1] += inputlen >> 29; if (inputlen >= partlen) { memcpy(&context->buffer[index], input, partlen); MD5Transform(context->state, context->buffer); for (i = partlen; i + 64 <= inputlen; i += 64) MD5Transform(context->state, &input[i]); index = 0; } else { i = 0; } memcpy(&context->buffer[index], &input[i], inputlen - i);}void MD5Final(MD5_CTX *context, unsigned char digest[16]){ unsigned int index = 0, padlen = 0; unsigned char bits[8]; index = (context->count[0] >> 3) & 0x3F; padlen = (index < 56) ? (56 - index) : (120 - index); MD5Encode(bits, context->count, 8); MD5Update(context, PADDING, padlen); MD5Update(context, bits, 8); MD5Encode(digest, context->state, 16);}void MD5Encode(unsigned char *output, unsigned int *input, unsigned int len){ unsigned int i = 0, j = 0; while (j < len) { output[j] = input[i] & 0xFF; output[j + 1] = (input[i] >> 8) & 0xFF; output[j + 2] = (input[i] >> 16) & 0xFF; output[j + 3] = (input[i] >> 24) & 0xFF; i++; j += 4; }}void MD5Decode(unsigned int *output, unsigned char *input, unsigned int len){ unsigned int i = 0, j = 0; while (j < len) { output[i] = (input[j]) | (input[j + 1] << 8) | (input[j + 2] << 16) | (input[j + 3] << 24); i++; j += 4; }}void MD5Transform(unsigned int state[4], unsigned char block[64]){ unsigned int a = state[0]; unsigned int b = state[1]; unsigned int c = state[2]; unsigned int d = state[3]; unsigned int x[64]; MD5Decode(x, block, 64); FF(a, b, c, d, x[0], 7, 0xd76aa478); FF(d, a, b, c, x[1], 12, 0xe8c7b756); FF(c, d, a, b, x[2], 17, 0x242070db); FF(b, c, d, a, x[3], 22, 0xc1bdceee); FF(a, b, c, d, x[4], 7, 0xf57c0faf); FF(d, a, b, c, x[5], 12, 0x4787c62a); FF(c, d, a, b, x[6], 17, 0xa8304613); FF(b, c, d, a, x[7], 22, 0xfd469501); FF(a, b, c, d, x[8], 7, 0x698098d8); FF(d, a, b, c, x[9], 12, 0x8b44f7af); FF(c, d, a, b, x[10], 17, 0xffff5bb1); FF(b, c, d, a, x[11], 22, 0x895cd7be); FF(a, b, c, d, x[12], 7, 0x6b901122); FF(d, a, b, c, x[13], 12, 0xfd987193); FF(c, d, a, b, x[14], 17, 0xa679438e); FF(b, c, d, a, x[15], 22, 0x49b40821); GG(a, b, c, d, x[1], 5, 0xf61e2562); GG(d, a, b, c, x[6], 9, 0xc040b340); GG(c, d, a, b, x[11], 14, 0x265e5a51); GG(b, c, d, a, x[0], 20, 0xe9b6c7aa); GG(a, b, c, d, x[5], 5, 0xd62f105d); GG(d, a, b, c, x[10], 9, 0x2441453); GG(c, d, a, b, x[15], 14, 0xd8a1e681); GG(b, c, d, a, x[4], 20, 0xe7d3fbc8); GG(a, b, c, d, x[9], 5, 0x21e1cde6); GG(d, a, b, c, x[14], 9, 0xc33707d6); GG(c, d, a, b, x[3], 14, 0xf4d50d87); GG(b, c, d, a, x[8], 20, 0x455a14ed); GG(a, b, c, d, x[13], 5, 0xa9e3e905); GG(d, a, b, c, x[2], 9, 0xfcefa3f8); GG(c, d, a, b, x[7], 14, 0x676f02d9); GG(b, c, d, a, x[12], 20, 0x8d2a4c8a); HH(a, b, c, d, x[5], 4, 0xfffa3942); HH(d, a, b, c, x[8], 11, 0x8771f681); HH(c, d, a, b, x[11], 16, 0x6d9d6122); HH(b, c, d, a, x[14], 23, 0xfde5380c); HH(a, b, c, d, x[1], 4, 0xa4beea44); HH(d, a, b, c, x[4], 11, 0x4bdecfa9); HH(c, d, a, b, x[7], 16, 0xf6bb4b60); HH(b, c, d, a, x[10], 23, 0xbebfbc70); HH(a, b, c, d, x[13], 4, 0x289b7ec6); HH(d, a, b, c, x[0], 11, 0xeaa127fa); HH(c, d, a, b, x[3], 16, 0xd4ef3085); HH(b, c, d, a, x[6], 23, 0x4881d05); HH(a, b, c, d, x[9], 4, 0xd9d4d039); HH(d, a, b, c, x[12], 11, 0xe6db99e5); HH(c, d, a, b, x[15], 16, 0x1fa27cf8); HH(b, c, d, a, x[2], 23, 0xc4ac5665); II(a, b, c, d, x[0], 6, 0xf4292244); II(d, a, b, c, x[7], 10, 0x432aff97); II(c, d, a, b, x[14], 15, 0xab9423a7); II(b, c, d, a, x[5], 21, 0xfc93a039); II(a, b, c, d, x[12], 6, 0x655b59c3); II(d, a, b, c, x[3], 10, 0x8f0ccc92); II(c, d, a, b, x[10], 15, 0xffeff47d); II(b, c, d, a, x[1], 21, 0x85845dd1); II(a, b, c, d, x[8], 6, 0x6fa87e4f); II(d, a, b, c, x[15], 10, 0xfe2ce6e0); II(c, d, a, b, x[6], 15, 0xa3014314); II(b, c, d, a, x[13], 21, 0x4e0811a1); II(a, b, c, d, x[4], 6, 0xf7537e82); II(d, a, b, c, x[11], 10, 0xbd3af235); II(c, d, a, b, x[2], 15, 0x2ad7d2bb); II(b, c, d, a, x[9], 21, 0xeb86d391); state[0] += a; state[1] += b; state[2] += c; state[3] += d;} 客户端通过定义的规则将参数加密后,将密文和铭文参数同时传递到服务器,服务器收到参数进行解析,使用同样的加密算法将参数加密,然后对比此次得到的密文和客户端传递的密文是否相同,如果相同说明数据安全,没有被篡改,如果不同,则表示数据改变,不再发送数据到客户端
将加密方法打包到so库中的好处就是可以防止对方反编译看到我们的加密条件,如果对方不知道我们是如何加密的,也就可以在一定程度上防止数据泄漏,但是只是单纯的这样做并不能保证绝对的安全,比如,我不需要知道你是怎么加密的,只需要反编译apk后得到几个信息1.你应用的包名,2.你的so库,3.你的native方法
的完整类名和方法名(native方法不能被混淆,混淆后无法使用,所以可以得到),只要得到这三个信息,我就可以创建包名相同方法名相同的一个应用,把so放进去,然后就可以绕过密钥检查,轻松的调用你的接口了。解决这个问题的方法就是在so库中加入签名验证,当调用加密方法对操作参数的时候,验证此时应用签名是否是我们本应用的,如果不是,则表示当前应用是伪应用,直接返回, 防止上边那种恶意调用接口情况的出现。对签名做校验,也就是只允许指定的应用可以使用,类似在微信支付中,也有在官方管理后台申请和配置应用的的签名和包名,否则就禁止使用,签名和包名必须得要一致。
com_app_rzm_utils_EncryptUtils.h
/* DO NOT EDIT THIS FILE - it is machine generated */#include/* Header for class com_app_rzm_utils_Encryptils */#ifndef _Included_com_app_rzm_utils_EncryptUtils#define _Included_com_app_rzm_utils_EncryptUtils#ifdef __cplusplusextern "C" {#endif/* * Class: com_app_rzm_utils_Encryptils * Method: encryptNative * Signature: (Ljava/lang/String;)Ljava/lang/String; */JNIEXPORT jstring JNICALL Java_com_app_rzm_utils_EncryptUtils_encryptNative (JNIEnv *, jclass, jobject ,jstring);JNIEXPORT void JNICALL Java_com_app_rzm_utils_EncryptUtils_checkSignature (JNIEnv *, jclass, jobject);#ifdef __cplusplus}#endif#endif
encrypt.cpp
#include "com_app_rzm_utils_EncryptUtils.h"#include "md5.h"#include#include using namespace std;#define LOGI(FORMAT,...) __android_log_print(ANDROID_LOG_INFO,"renzhenming",FORMAT,##__VA_ARGS__);#define LOGE(FORMAT,...) __android_log_print(ANDROID_LOG_ERROR,"renzhenming",FORMAT,##__VA_ARGS__);//我们加密的方式是对参数进行md5加密,在md5加密之前还有一层加密,就是对参数字符串进行改造//在字符串前加上自定义的key值,然后去掉字符串后边两位字符串,这个规则按需定制,增加破解的难度#define MD5_KEY "renzhenming"//签名校验是否通过,否返回-1static int signature_verify = -1;//app包名static char* PACKAGE_NAME = "com.app.rzm";//app签名,在这里配置我们app的正式签名,在so库中,可以保证安全性static char* APP_SIGNATURE = "308201dd30820146020101300d06092a864886f70d010105050030373116301406035504030c0d416e64726f69642044656275673110300e060355040a0c07416e64726f6964310b3009060355040613025553301e170d3137303332333033323030305a170d3437303331363033323030305a30373116301406035504030c0d416e64726f69642044656275673110300e060355040a0c07416e64726f6964310b300906035504061302555330819f300d06092a864886f70d010101050003818d00308189028181008658a9a532d1c5e8c5a1a78c61535636220f73deb9b36d0912e2b6b1c50f5ed7eccb5cd8e0e4b2fd192d983fa15aeef6be5e5258e809b3fbad538fb68d1c78ebbdd89080664d707e9731c706386a45242a1e3a9e4819789bf832206a2bb7a45b663b6deb9be153ca4fe77b26ca1c43d85cbc20465cc6046f1e1dc16bbc65fe310203010001300d06092a864886f70d010105050003818100213550aa14811a7a407e7eb148b9cb50709c2c84185340b4c52f22caff07fd2e4a79e2814dc5a16fbd7a4b3ec638574eb5ee6baf7537b69aed6529a594bf556f1e0f073884739271f3e2572c4c174031b547846212643ae57bb35e8157c65b3760e37fc3c74f4e24daf3d91086d6ddd7a3f1e54b69ad235a6eb6c5524ce24800";/** * @param env * @param jclazz * @param jparam * @return */JNIEXPORT jstring JNICALL Java_com_app_rzm_utils_EncryptUtils_encryptNative (JNIEnv *env, jclass jclazz,jobject context,jstring jparam){ if(signature_verify == -1){ return env->NewStringUTF("EncryptUtils--> signature check err"); } const char *param = env->GetStringUTFChars(jparam,NULL); //在参数头位置加上MD5_KEY,然后去掉后面两位字符串 string signature_str(param); //insert(int p0, const char *s);在p0位置插入字符串s signature_str.insert(0,MD5_KEY); signature_str = signature_str.substr(0,signature_str.length()-2); //md5加密 MD5_CTX *ctx = new MD5_CTX(); MD5Init(ctx); MD5Update(ctx,(unsigned char *)signature_str.c_str(),signature_str.length()); unsigned char digest[16]; MD5Final(ctx, digest); int i = 0; char szMd5[32] = {0}; for(i = 0;i< 16 ; i++){ LOGI("EncryptUtils--> szMd5[%d]:%s",i,szMd5); //最终生成32位,不足前面补一位0 //x 表示以十六进制形式输出 ,02 表示不足两位,前面补0输出;出过两位,不影响 sprintf(szMd5,"%s%02x",szMd5,digest[i]); } env->ReleaseStringUTFChars(jparam,param); return env->NewStringUTF(szMd5);}JNIEXPORT void JNICALL Java_com_app_rzm_utils_EncryptUtils_checkSignature (JNIEnv *env, jclass jclazz, jobject context){ //1.获取包名 通过Context的getPackageName方法获取 //获取Context对象的class jclass context_class = env->GetObjectClass(context); //获取getPackageName的方法id jmethodID context_method_id = env->GetMethodID(context_class,"getPackageName","()Ljava/lang/String;"); //调用getPackageName方法 jstring package_name = (jstring)env->CallObjectMethod(context,context_method_id); //转换为char* const char *c_package_name = (char *)env->GetStringUTFChars(package_name,NULL); LOGI("EncryptUtils--> package name:%s\n",c_package_name); //2.对比包名 if(strcmp(c_package_name,PACKAGE_NAME)){ LOGI("EncryptUtils--> package name check err"); return; } //3.获取签名(通过下边这种方式) //PackageInfo packageInfo = getPackageManager().getPackageInfo(getPackageName(), PackageManager.GET_SIGNATURES); //Signature[] signatures = packageInfo.signatures; //LogUtils.d("signature:"+signatures[0].toCharsString()); //获取Context中的getPackageManager方法id jmethodID get_package_manager_method_id = env->GetMethodID(context_class,"getPackageManager","()Landroid/content/pm/PackageManager;"); //从Context中通过调用getPackageManager获取PackageManager对象 jobject package_manager = env->CallObjectMethod(context,get_package_manager_method_id); //获取PackageManager对象的class jclass package_manager_class = env->GetObjectClass(package_manager); //获取PackageManager对象中的getPackageInfo方法id jmethodID get_package_info_method_id = env->GetMethodID(package_manager_class,"getPackageInfo","(Ljava/lang/String;I)Landroid/content/pm/PackageInfo;"); //调用PackageInfo中的getPackageInfo方法获取PackageInfo对象(PackageManager.GET_SIGNATURES=64) jobject package_manager_info = env->CallObjectMethod(package_manager,get_package_info_method_id,package_name,64); //获取PackageInfo的class,获取它的属性的时候要用到 jclass package_info_class = env->GetObjectClass(package_manager_info); //获取PackageInfo中的signatures属性的fieldid jfieldID signatures_field_id = env->GetFieldID(package_info_class,"signatures","[Landroid/content/pm/Signature;"); //获取PackageInfo中的signatures属性 jobjectArray signatures_arrary = (jobjectArray) env->GetObjectField(package_manager_info, signatures_field_id); //获取数组中[0]位置的元素 jobject signature = env->GetObjectArrayElement(signatures_arrary,0); //获取String的class jclass signature_class = env->GetObjectClass(signature); //获取String中的toCharsString方法的methodid jmethodID to_chars_string_method_id = env->GetMethodID(signature_class,"toCharsString","()Ljava/lang/String;"); //调用String的toCharsString jstring signature_string = (jstring) env->CallObjectMethod(signature, to_chars_string_method_id); //转换为char* const char * signature_char = env->GetStringUTFChars(signature_string,NULL); LOGI("EncryptUtils--> current app signature:%s\n",signature_char); LOGI("EncryptUtils--> real app signature:%s\n",APP_SIGNATURE); //4.对比签名 if(strcmp(signature_char,APP_SIGNATURE) == 0){ signature_verify = 1; LOGI("EncryptUtils--> signature_verify success:%d\n",signature_verify); }else{ signature_verify = -1; LOGI("EncryptUtils--> signature_verify check failed:%d\n",signature_verify); }}
总结一下:
我们通过使用纯c++代码实现md5加密,将加密实现方式打包成so库,提高反编译的难度,另外在md5加密之外我们还设置了另一层加密规则,对参数字符串头尾进行处理,双层加密,确保数据的安全性。在加密手段之外,再进行app包名和签名的校验,从而保证so库只能在我们自己的app中使用。三层保护,这样一来,相信即便是遇到逆向工程师,要破解我们的app也是有一定难度的。转载地址:http://jrbfa.baihongyu.com/