[README]:{modify README.}

README.md

@@ -3,33 +3,41 @@
 [中文](https://github.com/BruceWind/AESJniEncrypt/blob/master/README_zh.md)
 
 
-# Reach high security in Android
-- [x] ~~AES algorithms~~,it is low-performance,so it has been deprecated.
-- [x] use chacha20 instead of AES. TLS1.3 used chacha20 on mobile device too,it is high-performance for arm.
+# Reach high security with libsodium in Android
+- [x] I have no longer supported ~~AES algorithms~~. If you still need it, check out tag: [v2.2](https://github.com/BruceWind/AESJniEncrypt/releases/tag/v2.2).
+- [x] Use chacha20 instead of AES. TLS1.3 has been used **CHACHA20** on mobile device too.It is high-performance for ARM architecture.
 - [x] Hide native function in JniOnload
 - [x] Use signature verification to avoid being packaged again (It is prevents that hacker call your jni method directly.)
-- [x] ~~key exists in the symbol table, and hides the character table~~ This scheme has been deprecated, [discard reason issues5](https://github.com/weizongwei5/AESJniEncrypt/issues/5), please see the next
+- [x] ~~key exists in the symbol table, and hides the character table~~. This method has been deprecated due to [discard reason issues5](https://github.com/weizongwei5/AESJniEncrypt/issues/5)
 - [x] Get the key from a complex function, to hide the key, current function is a simple solution. (Complex solution: divide the Key into several pieces, store them in different C files, and finally splicing them together. This function should be complicated to write and increase the decompiling difficulty.)
 
 - [x] Use "obfuscator" to confuse C code, [how to  deobfuscation?](https://blog.quarkslab.com/deobfuscation-recovering-an-ollvm-protected-program.html)
 - [x] Added support for x86 for obfucator. There is a link at the bottom of the tutorial for configuring obfucator.
-- [x] Anti-debugging the so, the current code is a relatively simple solution, there are more complicated and more sophisticated solutions, such as: each time you perform encryption and decryption sign to determine whether it is traced, you want to write more complicated after your fork
-- [x] Masking the simulator when the code is run: The code comes from my another repository [Check_Emulator_In_NDK](https://github.com/Scavenges/Check_Emulator_In_NDK)
+- [x] Anti-debugging, the current code is a relatively simple solution, there are more complicated and more sophisticated solutions, such as: each time you perform encryption and decryption sign to determine whether it is traced, you want to write more complicated after your fork
+- [x] Detect device is emulator in runtime : The code comes from my another repo [Check_Emulator_In_NDK](https://github.com/Scavenges/Check_Emulator_In_NDK)
 - [ ] TODO: Prevent SO file being code inject
 
-
-## Before you clone
+## before you clone.
 install GIT-LFS: https://git-lfs.github.com/
 
-## Build & Integration
+## build & run it.
+1. preparation：
+
+run the shell : aesjni/src/main/jni/build_libsodium_for_all_android_abi.sh
+2. click run app from Android Studio.
 
-a. Set ndk.dir in local.properties Requires that the ndk version must be 11-13b. High version ndk has not been tested, and may doesn't compiled.
+## Integration
+a. generating a chacha20 key: 
+
+run `test_in_exexutaing.sh`, and look at logcat. It will generate key and nonce. You can paste it into **JNIEntry.c**.
 
-b. Integrate into the project, please modify the class name and method name, dont expose the encryption algorithm, modify the key storage program into the code.
+b. Set ndk.dir in local.properties. Some versions of ndk I have not tested. Maybe you will encounter build errors.
 
-c. Generate and modify signatures.
+c. Integrate into the project, please modify the class name and method name, dont expose the encryption algorithm, modify the key storage program into the code.
 
-c.1.Generate keystore
+d. Generate and modify signatures.
+
+d.1. Generate keystore
 ```
 / / Then the current directory
 $ mkdir keystore
@@ -50,7 +58,7 @@ c.2. Get the hash value of the current keystore and modify the package name and
 
 Base64 algorithm from: https://github.com/willemt/pearldb
 
-AES128 Algorithm From: https://github.com/kokke/tiny-AES128-C
+libsodium Algorithm From: https://github.com/jedisct1/libsodium
 
 Native code obfuscator: [obfuscation-o-llvm-ndk](https://fuzion24.github.io/android/obfuscation/ndk/llvm/o-llvm/2014/07/27/android-obfuscation-o-llvm-ndk)
 
@@ -60,10 +68,11 @@ Native code obfuscator: [obfuscation-o-llvm-ndk](https://fuzion24.github.io/andr
 ![unconfused so](https://github.com/weizongwei5/AESJniEncrypt/raw/master/img/unobfscator_debugapk.png)
 ![confused so](https://github.com/weizongwei5/AESJniEncrypt/raw/master/img/obfscator_screen.png)
 
-Contrast: So confused is three times the size before confusion.
+Contrast: Confused  SO file is three times the size before confusion.
+If the size of SO file bother you, you can disable obfscator-lvvm. It is unnecessary.
 
-### PS:
-Because you need to do signature verification, i cann't provide jcenter dependencies, pls forgive me! 
+### In addition, I have to told you:
+Because you need to do signature verification, I cann't provide jcenter dependencies, pls forgive me! 
 
 Regardless of how secure the code, I still against that the key being stored in the code.
 
@@ -76,7 +85,13 @@ This is my NDK configuration obfuscator tutorial: [Obfuscator-LLVM-4.0-BUILD-NDK
 
 If you want to ask me,please click [![Gitter chat](https://badges.gitter.im/gitterHQ/gitter.png)](https://gitter.im/askbruce/community).
 
+If you encounter crash, you can look into **FigureOutJNICrash.md** to find where code crash at.
+
 -------------------
+## Legal
+If you live in China, you should take care about [checking apk signature](https://github.com/BruceWind/AESJniEncrypt/blob/master/aesjni/src/main/cpp/check_emulator.h#L15).
+I have called PackageManger that may be misunderstood to collect list of installed apps. 
+You should look at [工信部整治八项违规](http://www.miit.gov.cn/n1146295/n7281315/c7507241/part/7507297.docx).
 
 ## Contributing
 
@@ -92,8 +107,3 @@ In case you would like to add information to this repository or suggest some ide
 [https://github.com/zxp0505](https://github.com/zxp0505)
 
 [https://github.com/baoyongzhang](https://github.com/baoyongzhang)
-
-
-## Legal
-If you live in China, you should take care about [checking apk signature](https://github.com/BruceWind/AESJniEncrypt/blob/master/aesjni/src/main/cpp/check_emulator.c#L43).
-I have called PackageManger ,it might be considered to read installed apps list,look at [工信部整治八项违规](http://www.miit.gov.cn/n1146295/n7281315/c7507241/part/7507297.docx).

README_zh.md

@@ -4,27 +4,32 @@
 
 # 追求极致的代码安全性保障 
 - [x] ~~ndk实现AES加密~~,性能不佳,已废弃此方式
-- [ ] 使用chacha20加密,TLS1.3在移动端都用了chacha20了,性能更好
-- [x] 使用JniOnload 隐藏c函数
+- [ ] 使用chacha20加密,TLS1.3在移动端都用了chacha20了,性能对ARM架构CPU更好。
+- [x] 使用JniOnload 隐藏C函数
 - [x] 使用签名校验避免被再次打包（这是绕过破解加密算法直接调用你的jni函数）
-- [x] ~~key存在符号表中,同时隐藏字符表~~ 该方案已经废弃,[废弃原因issues5](https://github.com/weizongwei5/AESJniEncrypt/issues/5)，请看下一条
+- [x] ~~key存在符号表中,同时隐藏字符表~~ 该方案已经废弃,[废弃原因issues5](https://github.com/weizongwei5/AESJniEncrypt/issues/5)
 - [x] 手工处理隐藏key,最复杂的方案：将密钥分成不同的几段,存储在不同的代码中,最后将他们拼接起来,可以将整个操作写的很复杂,增加逆向难度。（目前代码里用的是稍微简单的方案）
 - [x] 使用obfuscator混淆C的代码,[关于破解obfuscator](https://blog.quarkslab.com/deobfuscation-recovering-an-ollvm-protected-program.html)
 - [x]  增加obfucator对x86的支持,具体配置obfucator的教程底部有链接。
 - [x] 反动态调试 , 目前代码里是比较简单的方案, 有更复杂更高明的方案,比如：每次执行加密解密签先去判断是否被trace,想要更复杂的自己fork之后去写
-- [x] 代码run的时候屏蔽模拟器 :代码来自我的另外一个仓库[Check_Emulator_In_NDK](https://github.com/Scavenges/Check_Emulator_In_NDK)
+- [x] 代码运行时屏蔽模拟器 :代码来自我的另外一个仓库[Check_Emulator_In_NDK](https://github.com/Scavenges/Check_Emulator_In_NDK)
 - [ ] TODO：防止so代码被code inject
 
-## 克隆代码准备
-先安装GIT-LFS:
-https://git-lfs.github.com/
-
+## 尝试编译，并跑起来
+1.准备：
+运行这个shell ： aesjni/src/main/jni/build_libsodium_for_all_android_abi.sh
+2.打开AS运行app，并查看日志。 
 ## 集成
+先安装GIT-LFS:https://git-lfs.github.com/
 
 a.先配置local.properties中ndk.dir 要求使用ndk版本必须11-13b,新版本ndk没有测试过,或许不能编译通过。
 
 b.集成到项目中请修改类名方法名,不要暴露加密算法,自行修改key存储到代码里的方案.
 
+b.1. 生成 chacha20 key: 
+
+run `test_in_exexutaing.sh`,然后请看logcat. 随机生成的key & nonce会显示出来. 你需要粘贴到 **JNIEntry.c**.
+
 c.生成和修改签名.
 
 **c.1.生成**
@@ -38,8 +43,6 @@ $ keytool -genkey -alias client1 -keypass 123456 -keyalg RSA -keysize 1024 -vali
 ...
 ...
 
-
-
 ```
 
 **c.2.取得当前keystore的hash值,并修改native代码中的包名和hash**
@@ -50,18 +53,10 @@ $ keytool -genkey -alias client1 -keypass 123456 -keyalg RSA -keysize 1024 -vali
 ## 鸣谢
 
 Base64 算法 来自：https://github.com/willemt/pearldb
-
-AES128 算法 来自：https://github.com/kokke/tiny-AES128-C
-
+Libsodium 算法 来自：https://github.com/jedisct1/libsodium
 Native代码混淆器：[obfuscation-o-llvm-ndk](https://fuzion24.github.io/android/obfuscation/ndk/llvm/o-llvm/2014/07/27/android-obfuscation-o-llvm-ndk)
 
-### 贡献者
-
-[https://github.com/larry19840909](https://github.com/larry19840909)
 
-[https://github.com/zxp0505](https://github.com/zxp0505)
-
-[https://github.com/baoyongzhang](https://github.com/baoyongzhang)
 
 
 
@@ -72,26 +67,35 @@ Native代码混淆器：[obfuscation-o-llvm-ndk](https://fuzion24.github.io/andr
 
 对比： 混淆后的so是混淆前的三倍大小。
 
-### PS:
+如果SO文件大小对您的项目有影响，你可以选择停用SO扰乱的，因为还有其他安全检查。
+
+### 补充:
 因为需要做签名校验,所以无法提供jcenter依赖了,望见谅！！
 
 不管代码安全性多高,我依旧反对key存到代码里。
 
+有问题及时提:[new issues](https://github.com/weizongwei5/AESJniEncrypt/issues/new)
 
 想要编译出混淆过native代码的so需要修改aesjni/build.gradle文件中的externalNativeBuild,并配置NDK下的Obfuscator-LLVM。
 
 这是我的NDK配置混淆器教程：[Obfuscator-LLVM-4.0-BUILD-NDK](https://github.com/weizongwei5/Obfuscator-LLVM-4.0-BUILD-NDK)
 
 [其他语言怎么配合加解密？](https://github.com/weizongwei5/AESJniEncrypt/issues/8)
 
-如果要直接问我，请点这里[![Gitter chat](https://badges.gitter.im/gitterHQ/gitter.png)](https://gitter.im/askbruce/community).
-
+如果你遇到了崩溃，请看**FigureOutJNICrash.md**，这个是个so崩溃定位的教程。
 
 -------------------
 
-有问题及时提:[new issues](https://github.com/weizongwei5/AESJniEncrypt/issues/new)
-
 ## 合规
 如果你生活在中国，请注意[工信部整治八项违规](http://www.miit.gov.cn/n1146295/n7281315/c7507241/part/7507297.docx).
 我调用了PackageManger[检查签名](https://github.com/BruceWind/AESJniEncrypt/blob/master/aesjni/src/main/cpp/check_emulator.c#L43)，我只是**读取当前安装的app**, 这可能被认为**收集了安装列表**。从规定上来讲并不违规，只是读取了，并没**收集**，收集是违规的，读取是合规的。
 只是目前有可能被误认为**收集**。
+
+
+### 贡献者
+
+[https://github.com/larry19840909](https://github.com/larry19840909)
+
+[https://github.com/zxp0505](https://github.com/zxp0505)
+
+[https://github.com/baoyongzhang](https://github.com/baoyongzhang)

aesjni/src/main/java/com/androidyuan/aesjni/EncryptEntry.java

@@ -2,14 +2,11 @@
 
 /**
  * Created by wei on 16-12-2.
- *
- * 秘文的key 在 C 的代码，如需修改请先修改JNIEncrypt.c
- * 另外native做了签名校验
+ * key is stored in JNIEncrypt.c, you may need to change it.
  *
  * @Date: 21-02-22:
  * AES algorithm has been instead with chacha20.
  * And algorithm is written by libsodium.
- *
  */
 public class EncryptEntry {
 

aesjni/src/main/jni/JNIEncrypt.c

@@ -56,13 +56,15 @@ unsigned char *getNonce()
 //__attribute__((section (".mytext")))
 unsigned char *getKey()
 {
+    //TODO I need to split this string.
     const char *key_hex = "9876c42f2f61bee24cc27ebd6155897c46950a83c9b0cc95a9650f9ae7421d07";
     const unsigned char *KEY = chacha20_hexkey2bin(key_hex);
     return KEY;
 }
 
 JNIEXPORT jstring JNICALL encode(JNIEnv *env, jobject instance, jobject context, jstring str_)
 {
+    //TODO
     sodium_init();
     //firstly, detect the apk is repackaged.
     if (check_signature(env, instance, context) != 1 || check_is_emulator(env) != 1)

aesjni/src/main/jni/build_libsodium_for_all_android_abi.sh

@@ -9,7 +9,7 @@
 # Some error might be thrown. You may need to install certain applications
 # (such as python, libtool-bin) to resolve those errors.
 
-LIBSODIUM_GIT_TAG=1.0.18 # it is the last stable version.
+LIBSODIUM_GIT_TAG=1.0.18 # it is the last stable version that I have tested.
 
 #ROOT_DIR=$(pwd)