2

I'm developing an Android application which contains native code. The native code is compiled in a .so file that has important algorithms inside.

I'm really worrying about the possibility that my .so file can be edited or modified and then re-build (re-pack). Like apks they can be modified and repacked to create a new one

I have several questions here:

1) Is there any way to edit/modify .so files and re-build? 2) If there are, how do people do that? 3) How to prevent .so files from being edited then re-built?

Uni
  • 187
  • 2
  • 7
  • 18

1 Answers1

3

The short answer is that anything that a computer can read and understand, it can also modify. There is no bullet-proof signature mechanism in Android for Java or native code. Still, the so files are generally considered much less vulnerable than the Java code, even with obfuscation turned on.

Reverse engineering a shared library is hard but possible. Disassembly, change, and assembly back is not hard if one knows what to change.

There are many ways to strengthen protection of your C++ code against reverse engineering, but none will hold against a determined and well-funded attack. So, if the stakes are very high, consider running the important part of your algorithm on your server, and prey for its security.

Alex Cohn
  • 56,089
  • 9
  • 113
  • 307
  • Thank you Alex for your answer. May I ask you something? Could you suggest what is the best way to strengthen protection of C/C++ code? What are the common tricks that hackers can modify .so files? – Uni Apr 24 '16 at 03:58
  • see e.g. http://stackoverflow.com/questions/6481668/protecting-executable-from-reverse-engineering – Alex Cohn Apr 24 '16 at 08:24