A Android application protection system that implements signature verification using native assembly code to defeat common hooking and tampering tools.
- Native Assembly Implementation: Core signature verification logic written in assembly language
- Lightweight: Minimal performance impact on your application
- Easy Integration: Simple implementation for existing Android projects
The application implements signature verification at the assembly level, making it significantly harder for attackers to:
- Hook verification functions
- Bypass security checks through runtime manipulation
- Analyze protection mechanisms using standard reverse engineering tools
By operating at the native assembly level, the verification process remains largely invisible to high-level hooking tools and provides enhanced security for your Android applications.
- Android API Level 21+ (Android 5.0)
- NDK support
- Supports all Android architectures (armeabi-v7a, arm64-v8a, x86, x86_64)
- Clone the repository
- Open the project in Android Studio
- Replace the signature hash in
native-lib.cpp:const string MySignature = OBF("YOUR_APP_SIGNATURE_SHA256_HERE");
- Build and integrate into your project
To get your application's signature SHA256 hash:
keytool -list -v -keystore your-keystore.jks -alias your-aliasOr programmatically:
// Get your app's signature SHA256 and replace it in native-lib.cpp
PackageManager pm = getPackageManager();
PackageInfo info = pm.getPackageInfo(getPackageName(), PackageManager.GET_SIGNATURES);
// Extract SHA256 from signatureReplace the MySignature constant in native-lib.cpp with your application's actual signature SHA256 hash, then build and integrate the native library into your Android project.
The application supports various configuration options through the native code:
- Signature Hash: Replace with your application's SHA256 signature
- Verification Logic: Customize the assembly-level verification process
- Error Handling: Configure response to verification failures
- Always use this protection in conjunction with other security measures
- Test thoroughly on different devices and Android versions
- Consider additional obfuscation for your application code
- Keep your signature hash secure and never expose it in plain text
Contributions must be submitted via Pull Request.
This project is licensed under the MIT License - see the LICENSE file for details.
This tool is intended for legitimate application protection purposes. Users are responsible for ensuring compliance with applicable laws and regulations. The authors are not responsible for any misuse of this software.
If you encounter any issues or have questions, please create a new issue on GitHub with detailed information including:
- Device information
- Android version
- Build configuration
- Error logs (if applicable)
Note: This application is designed for legitimate app protection. Please use responsibly and in accordance with applicable laws and platform policies.