Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 5 years ago.
Improve this question
I'm trying to develop an app with self-encryption for android.
The idea is following:
app should perform it functions (for example display "Hello world!") but...
the app code stored fully (partially) encrypted, i.e. "all what can be encrypted should be encrypted", so it can not be read by simple disassembling in a right way (i.e. it is literally encrypted (by AES for example) so it is represented to system as a number of random commands/symbols or smth. incorrect).
the "part" of the app should be decrypted before execution;
unused "parts" of the app should be decrypted after usage;
all operations mentioned above should be done by app itself.
So the core idea is self-encryption.
I know what is obfuscation so please don't mention it. The same thing with any side apps. I'm not going to spend all rest of my life in reverse-engineering))). So...
What is the right way to self-encrypt Android (JAVA) code?
How can be implemented the algorithm mentioned above?
Please provide any code snippets if u are able to do such things OR any links/information/articles/pseudocode/ideas
I thing the idea is great and really interesting, plus many people will be glad to know how to protect their apps.
[EDITED]
Thanks #Pace and #JimmyB for custom ClassLoader idea. I'll try to implement it. Also my thanks to #xalo which proposed metamorphic engine concept, I'll dig into this theme because i think it will satisfy my goal to a greater extent.
You shouldn't try to self-encrypt your app, it will add a lot of complexity for not so many protection.
In fact, hacker just have to reverse your decryption routine or to dump memory once the app is running.
Best way to protect against reversing as Java/Android app is obfuscation.
You can also look into remote metamorphic engine concept https://media.defcon.org/DEF%20CON%2024/DEF%20CON%2024%20presentations/DEFCON-24-Amro-Abdelgawad-The-Remote-Metamorphic-Engine.pdf
Related
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 2 years ago.
Improve this question
So I'm currently reading the "Java A Beginners Guide 7th Edition" book. And the following sentences seemed to me that Applets could be used as virusis. Was this done?
An Applet is a special kind of Java program that is designed to be transmitted over the Internet and automatically executed inside a Java-compatible web browser.
The key feature of applets is that they execute locally...
To me it sounds like it wouldn't be hard to build in a virus into an Applet.
The problem with applets is that they run automatically when you load the page. They're also so complex (compared to html or javascript) it was just to complicated to be able to meaningfully secure them. Run Automatically + Complicated to Secure + Doesn't Update Automatically = impossible to completely secure.
Regular apps are far far more dangerous to your machine than applets were. But, they don't run automatically when you visit a web page.
Desktop apps written in languages (like C or C++) where you manipulate the memory with pointers and don't automatically bounds check arrays, are much harder to write securely. Languages (like Java or C#) that don't have pointers and do automatically bounds check arrays are easier to write secure apps in.
Java includes many safewards to prevent any ill behavior, but time after time, those security features were not enough because of different bugs or design problems.
As standalone apps they are as safe or risky as any other app. Just make sure to download your app from trusted sources.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 4 years ago.
Improve this question
I am new to android studio and would like to make an app that is similar to Goodreads. Can someone outline the key components of making an app like this. It would also be great if I could get some kind of template that I can use. I imagine some of amount of the user information will be kept on the device while some of the other larger sets of information will be kept on a database. What would the code connecting these two parts look like and what other important parts have I missed. Thanks in advance.
Android is a big world and doesn't exist an easy way, I mean all need time to be good at something, but well is not impossible I recommend you start with the Udacity courses
Basic Level:
Developing Android Apps by Google
Android Basics: Data Storage
Android Basics: Multiscreen Apps
Android Basics: Networking
and latter star to flow important people on android world
Android expert even follow in twitter
after that, you have a basic knowledge you can start on other courses https://caster.io/ is a good choice for learn MVP MVVM and other things
also study general programming and Software Engineering : Desing Parrents, Clean Code , Clean Arquiecture, SOLID principles, Versions systems like a Git.
well that my advice for you, good luck and never stop to learn!
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 8 years ago.
Improve this question
I created a Java programm which works on the serverside to communicate with an Android-App over Sockets. Now I want to check wether it is secure to hacking. I also asked in the Security.SE forum but this is programming related. So what do I need to look for in my Java-program to make it heavy to be exploided?
The first thing to check would be the server it's running on. You can cerainly checkout the https://www.owasp.org/ website. It is always a good source of security threats. Then there are a lot of pentesting tools https://www.kali.org/ has many of them built in.
But the most important might be how you've designed your API, I mean you're not very specific about what you need to know but some rules that will certainly apply:
secure the communication
make sure id theft is as hard as possible
never store userpasswords yourself(use a tokenbased system like oauth)
Obfuscation via proguard makes the program harder to reverse engineer.
Obfuscation combined with Ahead-Of-Time Compilation
1) Obfuscate names and encrypt strings using the tools not relying on the application being delivered in bytecode form. Make sure to disable control/data flow obfuscations.
2) Compile the obfuscated application down to optimized native code.
see link
http://www.excelsior-usa.com/articles/java-obfuscators.html
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 8 years ago.
Improve this question
I never programmed real objects. I only did some JFrame, Swing and a little bit of game Engines.
I've always wondered, is it possible to program real objects? like a web camera Board? if yes, then how? Especially a web camera, how is that possible?
I have a school project about web cameras and I thought on and said to myself, why not program the board to make it more advanced!
The main question is: Can I program real life objects (like a webcam), and how?
Yes you can. Unfortunately Java is not well suited for this task (for various reasons).
I would suggest you buy an arduino set and learn what it can do regarding controlling devices and receiving input from sensors, so you know more about what is possible.
I think you mean if it is possible to create a firmware or program embedded systems in Java. Answering this question is not so easy. If the producer of the "real object" provides you a way, how to create a programs for that real object, then yes, it is possible, but this is quite rare. You can't just buy the cheapest web camera and write your own firmware. Google up some programmable devices, that you can fiddle with or if you are just curious and this is you hobby, then make an application for a smartphone. Android devices are programmed in Java and you can play also with the camera.
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 9 years ago.
Improve this question
I am currently in the process of analyzing the work of developing REST APIS for an Iphone Application using Java:
Firstly, Has anyone worked on development of REST APIs for iPad app or any other kind what is the kind of duration that requires to do it...and are there frequent changes in the REST APIs so that the project is a long one and my job is secure...or in general once you make APIS in 4-5 months maximum then that is THE END?
Are they something that a guy like me with no such experience in development of REST APIs can take up, are they in general something that only a guy with relevant experience can do?
If there are any good material on the internet about making them or anyway for me to get started with and go ahead with this:
I have just received the information that we need to develop 6-7 APIs for a start,,,any experienced guys about how much time it can take here is a sample workflow:
We have to click on Google maps..and based on longitude and lattitude we have to find a list of wholesale dealers related to our domain in that point and have to fetch them in JSON/XML Object...
Once the APIs are there, they are there and shouldn't change too often because it could break the app. So better put a lot of thought in the API design before you release it. How long it takes depends completely on the project. I can develop a REST API in a day, it could also take months, depending on the complexity.
It will take longer if you are inexperienced because you will need to do a lot of reading, especially when it comes to the architecture of the APIs. Again, impossible to say because we don't know your current skill-set. But in general: sure, if you are willing to learn you can do it, I don't see anything that would prevent you.
Lots of.. for a good framework have a look at Jersey. I also once found a good read about REST APIs in general: Link
As a conclusion, it's not necessarily only about developing the APIs, but also about the data you are trying to provide. Does that data already exist? Can you query it easily? How much logic do you still need in order to provide useful APIs? Those are the questions you should ask yourself as well.