1

I want to dynamically load an encrypted jar file. I have loaded a Dex file dynamically and it works fine. I have tried it both on emulator and my android device. Now i want to load the encrypted file. As far as i understand i will have to customize the Class-loader so that it can first decrypt the file on the fly before executing it.

I will be glad if someone can guide me how i will actually implement this. I have an idea but m not an experienced programmer.

Thanks in advance

public class MainActivity extends Activity {

@SuppressWarnings("unchecked")
@Override
protected void onCreate(Bundle savedInstanceState) {
    super.onCreate(savedInstanceState);
    setContentView(R.layout.activity_main);

    try {
        final String libPath = Environment.getExternalStorageDirectory() + "/shoaib.jar";
        final File tmpDir = getDir("dex", 0);

        final DexClassLoader classloader = new DexClassLoader(libPath, tmpDir.getAbsolutePath(), null, this.getClass().getClassLoader());
        final Class<Object> classToLoad = (Class<Object>) classloader.loadClass("com.example.custom.MyClass");

        final Object myInstance  = classToLoad.newInstance();
        final Method doSomething = classToLoad.getMethod("doSomething");

        doSomething.invoke(myInstance);

    } catch (Exception e) {
        e.printStackTrace();
    }
}


@Override
public boolean onCreateOptionsMenu(Menu menu) {
    // Inflate the menu; this adds items to the action bar if it is present.
    getMenuInflater().inflate(R.menu.main, menu);
    return true;
}

}

Shoaib
  • 65
  • 7
  • would you mind show your current class loading code? – Robin Sep 03 '13 at 12:41
  • @Robin check out the code i added – Shoaib Sep 03 '13 at 18:21
  • Since the dex loader only takes a path for the parameter, it seems not possible to provide a decrypted stream for it. I am sorry I can help now. – Robin Sep 04 '13 at 00:41
  • @Robin - can or can't?? isn't it possible that encrypted file is loaded from external storage, which is decrypted and stored and then executed. – Shoaib Sep 04 '13 at 07:37
  • Sorry, typo, I CANNOT help on this. You cannot load a encrypted jar file via a standard dex loader. However, as you mentioned that you can decrypt it into your private diretory like /data/data/com.pkg.name/files and then load it. And delete it as soon as possible. I thinks this should be safe enough but it is still technically possible that your decrypted jar will be leaked on rooted devices. – Robin Sep 04 '13 at 08:08
  • You got it right. That is what i m thinking to do. But I just want a little guidance on how to customize the loader to accomplish it. – Shoaib Sep 04 '13 at 08:13

1 Answers1

0

A DexClassLoader is-a ClassLoader so you should (as in I haven't done this!) be able to write an EncryptedDexClassLoader extends DexClassLoader that can deal with the encryption.

Looking at the ClassLoader's protected methods - in particular getResourceAsStream() - may give you some idea as to how to proceed. I would suggest overriding all the protected methods, calling the super. implementation but logging their parameters (and reporting on the results), to get an idea of how they're used.

Jon Shemitz
  • 1,235
  • 13
  • 29
  • @John SHemitz Thanks for your reply. I have an idea that i would need to extend the Dexclass loader, Its just that i want some implementation details as I am not very good at JAVA programming. – Shoaib Sep 19 '13 at 12:04
  • People get good at programming by solving their own problems. Eclipse will make it easy to override all the protected methods of ClassLoader; what you have to do is log all the parameters and results, so you can figure out what your EncryptedDexClassLoader needs to do. I'll be happy enough to answer any specific questions, but at this point there's not much more I can do for you than what I've already done. – Jon Shemitz Sep 19 '13 at 17:09