From da6154b8c5e6636293b43b1573c1b8d2f387f76a Mon Sep 17 00:00:00 2001 From: 4ra1n <2023503307@qq.com> Date: Tue, 16 Jan 2024 17:59:11 +0800 Subject: [PATCH] update readme --- .github/ISSUE_TEMPLATE/bug-report.md | 31 ------ .github/ISSUE_TEMPLATE/feature-request.md | 20 ---- README.md | 14 ++- doc/README-en.md | 105 ++++++++++++++++++ .../org/y4sec/encryptor/core/Constants.java | 2 +- 5 files changed, 114 insertions(+), 58 deletions(-) delete mode 100644 .github/ISSUE_TEMPLATE/bug-report.md delete mode 100644 .github/ISSUE_TEMPLATE/feature-request.md create mode 100644 doc/README-en.md diff --git a/.github/ISSUE_TEMPLATE/bug-report.md b/.github/ISSUE_TEMPLATE/bug-report.md deleted file mode 100644 index d05b844..0000000 --- a/.github/ISSUE_TEMPLATE/bug-report.md +++ /dev/null @@ -1,31 +0,0 @@ ---- -name: Bug Report -about: Create a report to help us improve -title: "[BUG] " -labels: bug -assignees: 4ra1n - ---- - -## Describe the bug -A clear and concise description of what the bug is. - -## To Reproduce -Steps to reproduce the behavior: -1. Go to '...' -2. Click on '....' -3. Scroll down to '....' -4. See error - -## Expected behavior -A clear and concise description of what you expected to happen. - -## Screenshots -If applicable, add screenshots to help explain your problem. - -## Environment (please complete the following information): - - OS: Windows / Linux - - Version: Windows 10 64bit - -## Additional context -Add any other context about the problem here. diff --git a/.github/ISSUE_TEMPLATE/feature-request.md b/.github/ISSUE_TEMPLATE/feature-request.md deleted file mode 100644 index b0ae5cc..0000000 --- a/.github/ISSUE_TEMPLATE/feature-request.md +++ /dev/null @@ -1,20 +0,0 @@ ---- -name: Feature Request -about: Suggest an idea for this project -title: "[FEATURE] " -labels: enhancement -assignees: 4ra1n - ---- - -## Is your feature request related to a problem? Please describe. -A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] - -## Describe the solution you'd like -A clear and concise description of what you want to happen. - -## Describe alternatives you've considered -A clear and concise description of any alternative solutions or features you've considered. - -## Additional context -Add any other context or screenshots about the feature request here. diff --git a/README.md b/README.md index 69b8fc9..cda7325 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,9 @@ -# code-encryptor-plus +# code-encryptor -[![](https://img.shields.io/github/v/release/Y4Sec-Team/code-encryptor-plus)](https://github.com/Y4Sec-Team/code-encryptor-plus/releases/latest) -![](https://img.shields.io/github/downloads/Y4Sec-Team/code-encryptor-plus/total) +[English Doc](doc/README-en.md) + +[![](https://img.shields.io/github/v/release/4ra1n/code-encryptor)](https://github.com/4ra1n/code-encryptor/releases/latest) +![](https://img.shields.io/github/downloads/4ra1n/code-encryptor/total) ## 介绍 @@ -42,15 +44,15 @@ 加密你的`Jar`包:(指定`Jar`包和`package`加密包名以及密钥`key`) ```shell - java -jar code-encryptor-plus.jar patch --jar your-jar.jar --package com.your.pack --key your-key + java -jar code-encryptor.jar patch --jar your-jar.jar --package com.your.pack --key your-key ``` ![](img/004.png) -导出解密`DLL/SO`文件:(默认导出到`code-encryptor-plus-temp`目录不建议修改) +导出解密`DLL/SO`文件:(默认导出到`code-encryptor-temp`目录不建议修改) ```shell -java -jar code-encryptor-plus.jar export +java -jar code-encryptor.jar export ``` ![](img/005.png) diff --git a/doc/README-en.md b/doc/README-en.md new file mode 100644 index 0000000..6c328fc --- /dev/null +++ b/doc/README-en.md @@ -0,0 +1,105 @@ +# code-encryptor + +[![](https://img.shields.io/github/v/release/4ra1n/code-encryptor)](https://github.com/4ra1n/code-encryptor/releases/latest) +![](https://img.shields.io/github/downloads/4ra1n/code-encryptor/total) + +## Introduction + +Encrypt bytecode using `JNI`, and decrypt it via `JVMTI` to protect the code. + +Provides two `DLL` files, one for encryption and the other for decryption. For actual operation, only the decryption `DLL` is needed. Supports custom keys and package names. + +The encrypted `Class` files become malformed and uninterpretable. + +![jd-gui](../img/002.png) + +Apart from the initial `Magic` part, the subsequent bytes are uninterpretable. + +![hex](../img/003.png) + +Launching with specified parameters can prevent `Java Agent` from dynamically dumping the bytecode. + +![](../img/007.png) + +For more experienced hackers, they might think of using `sa-jdi`'s `HSDB` to dump the bytecode. + +Taking inspiration from Master Beichen's discussion, I disabled the `gHotSpotVMStructs` function inside the `JVM`. + +Supports `Windows` system. + +![WINDOWS](../img/008.png) + +Supports `Linux` system. + +![LINUX](../img/009.png) + +## Quick Start + +The encryption and decryption use `C` for one layer of encryption and assembly for bitwise operation in the second layer. Compiled `Release` versions of `DLL/SO` files are provided to embed in the `Jar` package. + +Built-in support is for `JDK-8`; other versions have not been tested. In theory, it requires replacing the `JNI.h` header file and recompiling. It supports both `Windows` and `Linux`. + +Encrypt your `Jar` package: (Specify `Jar` package, `package` encryption package name, and `key`) + +```shell + java -jar code-encryptor.jar patch --jar your-jar.jar --package com.your.pack --key your-key +``` + +![](../img/004.png) + +Export the decryption `DLL/SO` file: (Default export to `code-encryptor-temp` directory, not recommended to modify) + +```shell +java -jar code-encryptor.jar export +``` + +![](../img/005.png) + +Launch the `Jar` package with the decryption `DLL/SO`: (Use the `-agentpath` parameter) + +Note that two parameters `PACKAGE_NAME` and `KEY` are required. + +Note: In some cases, it may not start the first time. Repeat the command to start. + +```shell +java -XX:+DisableAttachMechanism -agentpath:D:\abs-path\decrypter.dll=PACKAGE_NAME=com.your.pack,KEY=your-key --jar your-jar.jar +``` + +![](../img/006.png) + +## Features + +Compared to publicly available articles/codes on the internet, this project has the following advantages and features: +- The original article fixed the package name, requiring users who want to encrypt their own package names to recompile the `DLL`. +- In the original article, the encryption and decryption `DLL` were the same, making it vulnerable to simple `JNI` call decryption. +- The original article's code was only at the `Demo` level and not ready for direct testing and use. +- The original article lacked a specific encryption algorithm, only employing simple operations that needed strengthening. +- There were some `BUGs` and optimization spaces in the original article's code. +- Employing certain magic operations to prevent bytecode from being `dumped`, further ensuring security. + +Current encryption and decryption algorithms: +- Multiple bitwise operations, byte swapping, etc. +- Based on the `XXTEA` algorithm, with multiple rounds of encryption. +- Supports custom keys for further protection. + +## Building + +Compilation Environment: +- Windows 11 / Ubuntu 22.04 +- JDK 8 / Maven +- MSVC + ml64 (Windows) / gcc + nasm (Linux) +- CMake 3.x +- Python 3.x + +## Others + +Not suitable for projects that scan for `class` files at startup (typical projects like `SpringBoot`). + +Currently working on solving this issue. + +## References + +Thanks to the following projects or articles for their ideas: +- https://mp.weixin.qq.com/s/89Bmvy_uY97TZm3vR9lyWw +- https://juejin.cn/post/6844903487784894477 +- https://github.com/sea-boat/ByteCodeEncrypt \ No newline at end of file diff --git a/src/main/java/org/y4sec/encryptor/core/Constants.java b/src/main/java/org/y4sec/encryptor/core/Constants.java index a6186f8..a321786 100644 --- a/src/main/java/org/y4sec/encryptor/core/Constants.java +++ b/src/main/java/org/y4sec/encryptor/core/Constants.java @@ -9,7 +9,7 @@ public interface Constants { String DecrypterSo = "libdecrypter.so"; String EncryptorDLL = "libencryptor.dll"; String EncryptorSO = "libencryptor.so"; - String TempDir = "code-encryptor-plus-temp"; + String TempDir = "code-encryptor-temp"; String NewFileSuffix = "encrypted"; String DllFile = ".dll"; String SOFile = ".so";