dex-vm implementation, used to protect the classes.dex file

Related tags

Miscellaneous nmmp
Overview

nmmp

基于dex-vm运行dalvik字节码从而对dex进行保护,增加反编译难度。 项目分为两部分nmm-protect是纯java项目,对dex进行转换,把dex里方法及各种数据转为c结构体,处理apk生成c项目,编译生成so,输出处理后的apk。nmmvm是一个安卓项目,包含dex-vm实现及各种dalvik指令的测试等。

nmm-protect

  • 简单使用

不编译nmm-protect,可以直接看使用它生成项目及最后的apk,对es文件管理器加固的示例

当前只支持linux环境,先安装好JDK及android sdk和ndk。

下载nmm-protect.jar,配置好环境变量ANDROID_SDK_HOME、ANDROID_NDK_HOME:

export ANDROID_SDK_HOME=/opt/android-sdk
export ANDROID_NDK_HOME=/opt/android-sdk/ndk/22.1.7171670
export CMAKE_PATH=/opt/android-sdk/cmake/3.18.1/   #可选,不配置的话直接使用/bin/cmake

然后运行jar:

java -jar nmm-protect-xxx.jar input.apk

执行完毕会在input.apk所在的目录下生成一个build目录,里面包含最后输出的apk(build/input-protect.apk),完整的c项目dex2c(基于cmake)及处理过程中生成的.dex等

生成的apk需要使用zipalign对齐及apksigner签名才能安装使用

zipalign 4 build/input-protect.apk build/input-protect-align.apk
apksigner sign --ks ~/.myapp.jks build/input-protect-align.apk
  • 下载及编译项目
git clone [email protected]:maoabc/nmmp.git
cd nmmp/nmm-protect
./gradlew arsc:build
./gradlew build

成功后会在build/libs生成可直接执行的fatjar。

  • 需要保护的类及规则处理

这个目前没在简单测试的jar上实现,需要自己改源码实现,内部有对应接口。

nmmvm

nmmvm是dex虚拟机具体实现,入口就一个函数:

jvalue vmInterpret(
        JNIEnv *env,
        const vmCode *code,
        const vmResolver *dvmResolver
);

typedef struct {
    const u2 *insns;             //指令
    const u4 insnsSize;          //指令大小
    regptr_t *regs;                    //寄存器
    u1 *reg_flags;               //寄存器数据类型标记,主要标记是否为对象
    const u1 *triesHandlers;     //异常表
} vmCode;


typedef struct {

    const vmField *(*dvmResolveField)(JNIEnv *env, u4 idx, bool isStatic);

    const vmMethod *(*dvmResolveMethod)(JNIEnv *env, u4 idx, bool isStatic);

    //从类型常量池取得类型名
    const char *(*dvmResolveTypeUtf)(JNIEnv *env, u4 idx);

    //直接返回jclass对象,本地引用需要释放引用
    jclass (*dvmResolveClass)(JNIEnv *env, u4 idx);

    //根据类型名得到class
    jclass (*dvmFindClass)(JNIEnv *env, const char *type);

    //const_string指令加载的字符串对象
    jstring (*dvmConstantString)(JNIEnv *env, u4 idx);

} vmResolver;

vmCode提供执行所需要的指令、异常表及寄存器空间,vmResolver它包含一组函数指针,提供运行时的符号,比如field,method等。通过自定义这两个参数来实现不同的加固强度,比如项目里的test.cpp有一个简单的基于libdex实现的vmResolver,它主要用于开发测试。而nmm-protect实现的是把.dex相关数据转换为c结构体,还包含了opcode随机化等,基本可实际使用。

You might also like...
Helper C++ classes to quickly preintegrate IMU measurements between SLAM keyframes

mola-imu-preintegration Integrator of IMU angular velocity readings. This repository provides: IMUIntegrator and RotationIntegrator: C++ classes to in

This is some utility functions/classes for having a nice way to communicate with a pico board RP2040

PicoScreenTerminal This is some utility functions/classes for having a nice way to communicate with a pico board RP2040 How to build First follow the

Itpp - IT++ library mirror/fork. C++ library of mathematical, signal processing and communication classes and functions.

Introduction ************ IT++ is a C++ library of mathematical, signal processing and communication classes and functions. Its main use is in simula

The Synthesis ToolKit in C++ (STK) is a set of open source audio signal processing and algorithmic synthesis classes written in the C++ programming language.

The Synthesis ToolKit in C++ (STK) By Perry R. Cook and Gary P. Scavone, 1995--2021. This distribution of the Synthesis ToolKit in C++ (STK) contains

Ce projet a pour objectif d'implémenter un générateur / solveur de grilles de sudoku.  Ce projet permet de renforcer vos compétences en programmation orientée objets (POO) en manipulant des classes et en faisant des traitements récursifs. Process Ghosting - a PE injection technique, similar to Process Doppelgänging, but using a delete-pending file instead of a transacted file
Process Ghosting - a PE injection technique, similar to Process Doppelgänging, but using a delete-pending file instead of a transacted file

Process Ghosting This is my implementation of the technique presented by Gabriel Landau: https://www.elastic.co/blog/process-ghosting-a-new-executable

"Sigma File Manager" is a free, open-source, quickly evolving, modern file manager (explorer / finder) app for Windows, MacOS, and Linux.

"Sigma File Manager" is a free, open-source, quickly evolving, modern file manager (explorer / finder) app for Windows, MacOS, and Linux.

Cobalt Strike Beacon Object File (BOF) that takes the name of of a PE file as an argument and spawns the process in a suspended state
Cobalt Strike Beacon Object File (BOF) that takes the name of of a PE file as an argument and spawns the process in a suspended state

Beacon Object File (BOF) that spawns an arbitrary process from beacons memory. Supports Parent Process ID (PPID) spoofing & blocking non-MS signed DLLs from loading into the processes memory (some EDR DLLs).

Hobbyist Operating System targeting x86_64 systems. Includes userspace, Virtual File System, An InitFS (tarfs), Lua port, easy porting, a decent LibC and LibM, and a shell that supports: piping, file redirection, and more.
Hobbyist Operating System targeting x86_64 systems. Includes userspace, Virtual File System, An InitFS (tarfs), Lua port, easy porting, a decent LibC and LibM, and a shell that supports: piping, file redirection, and more.

SynnixOS Epic Hobby OS targeting x86_64 CPUs, it includes some hacked together functionality for most essential OSs although, with interactivity via Q

Comments
  • Mac端使用jar对aar进行加固时生成的libnmmp.so中找不到com.nmmedit.protect.NativeUtil.classesInit0(int)

    Mac端使用jar对aar进行加固时生成的libnmmp.so中找不到com.nmmedit.protect.NativeUtil.classesInit0(int)

    image 运行报错 java.lang.UnsatisfiedLinkError: No implementation found for void com.nmmedit.protect.NativeUtil.classesInit0(int) (tried Java_com_nmmedit_protect_NativeUtil_classesInit0 and Java_com_nmmedit_protect_NativeUtil_classesInit0__I)
    opened by demomath 9
  • Blacklist specific class names

    Blacklist specific class names

    Is it possible to blacklist specific class names something like !com.example and !com.example.class2? I still want to encrypt all classes but I want to make a few blacklists

    opened by BoomboomDada 3
  • window大小写不敏感,导致res混淆打包之后出现问题

    window大小写不敏感,导致res混淆打包之后出现问题

    res混淆之后命名会有 R5.xml r5.xml, M6.xml m6.xml 这些
    而当进行zipCopy 解压缩的时候,是先解压到window 再打包windows,打包的时候通过 new File()时 ,R5.xml r5.xml 实际变成了同一个进行打包

    这是我加的log write R5 3620 write r5 552 R5 len 552 R5 res/R5.xml C:\Users\大明\Desktop\build\.apk_temp\res\R5.xml r5 len 552 r5 res/r5.xml C:\Users\大明\Desktop\build\.apk_temp\res\r5.xml 可以看到 解压写出的时候 长度 R5跟r5不一致 但是打包的时候 路径不一致却读的其实是一个文件 长度一样 导致app只要res混淆后 基本就是打不开app 闪退 用不了layout drawable等功能异常

    把zipCopy修改一下,不经过解压、再压缩 这个步骤 `private static void zipCopy2(ZipInputStream zipInputStream, File outDir, ZipOutputStream zipOutputStream) throws IOException { final Pattern regex = Pattern.compile( "classes(\d)\.dex" + "|META-INF/.\.(RSA|DSA|EC|SF|MF)" + "|AndroidManifest\.xml"); final HashMap<ZipEntry, File> entryNameFileMap = new HashMap<>(); ZipEntry entry; while ((entry = zipInputStream.getNextEntry()) != null) { if (entry.isDirectory() || "".equals(entry.getName())) { continue; } if (regex.matcher(entry.getName()).matches()) { continue; }

            try {
                byte[] fileEntry = FileUtils.read(zipInputStream);
    
                final ZipEntry zipEntry = new ZipEntry(entry.getName());
                if (entry.getMethod() == ZipEntry.STORED) {//不压缩只储存数据
                    final long length = fileEntry.length;
                    zipEntry.setMethod(ZipEntry.STORED);
                    zipEntry.setCrc(calcCrc32(fileEntry));
                    zipEntry.setSize(length);
                    zipEntry.setCompressedSize(length);
                }
    
                zipOutputStream.putNextEntry(zipEntry);
    
                zipOutputStream.write(fileEntry);
                zipOutputStream.closeEntry();
            }catch (Exception e){
                e.printStackTrace();
            }
        }
    }`
    

    就可以解决了

    opened by xieqing520 7
  • 编译失败

    编译失败

    error: implicit declaration of function 'bcopy' is invalid in C99 [-Werror,-Wimplicit-function-declaration] memcpy ((void*) raw->data, (void*)*args, (*tp)->size); ^ 怎么解决?

    opened by xmutzlq 0
Owner
mao
mao
Protect your Discord token from malicious grabbers!

Discord Token Protector Protect your Discord token from malicious grabbers! This project is still under development! You might face some unstability i

Andro24 192 Nov 22, 2022
Protect files under a specific folder from deleting or moving by explorer.exe.

Explorer-Delete-Protection Protect files under a specific folder from deleting or moving by explorer.exe. Requierments: Microsoft Detours Library - ht

null 6 Nov 14, 2022
PHP Encoder, protect PHP scripts in PHP 8 and PHP 7, High Performance, Compitable with X86_64, MIPS, ARM platform and Ubuntu/Centos/OpenWRT system.

What's FRICC2? FRICC2 is a PHP Script encryption tool. When you are developing a commercial software using PHP, the script can be distributed as encry

Hoowa Sun 42 Nov 23, 2022
A Discord Bot to protect your server from spam, invitations, fake nitro ads and more written in C++

Antispambot An efficient Discord Bot to prevent spam written in C++. Tested on a large discord server and mitigates around 90% spam. Its well commente

Phil 9 Nov 5, 2022
The pico can be used to program other devices. Raspberry pi made such an effort. However there is no board yet, that is open-source and can be used with OpenOCD as a general-purpose programmer

pico-probe-programmer The pico can be used to program other devices. Raspberry pi made such an effort. However there is no board yet, that is open-sou

martijn 22 Oct 15, 2022
GLSL optimizer based on Mesa's GLSL compiler. Used to be used in Unity for mobile shader optimization.

GLSL optimizer ⚠️ As of mid-2016, the project is unlikely to have any significant developments. At Unity we are moving to a different shader compilati

Aras Pranckevičius 1.6k Nov 27, 2022
The AudioUnitSDK contains a set of base classes as well as utility sources required for Audio Unit development.

The AudioUnitSDK contains a set of base classes as well as utility sources required for Audio Unit development.

Apple 83 Nov 10, 2022
(R) Efficient methods and operators for the sparse matrix classes in 'Matrix' (esp. CSR format or "RsparseMatrix")

MatrixExtra MatrixExtra is an R package which extends the sparse matrix and sparse vector types in the Matrix package, particularly the CSR or Rsparse

null 15 Aug 29, 2022
Library of useful C++ snippets and reusable classes I've created as I build out Arduino Uno and ESP32 projects.

Arduino Snippets Library of useful C++ snippets and reusable classes I've created as I build out Arduino Uno and ESP32 projects. Button A simple butto

Max Lynch 7 Feb 5, 2022