项目中遇到了Reversing的需求，查阅了不少资料，给大家分享下我的方案。

Ready to learn more? Subscribe to our newsletter for weekly tutorials and tips.

正文

Reversing an Android app Protector, Part 3 – 代码 Virtualization

The third part of this series is about bytecode virtualization. The analyses that follow were done statically.

Bytecode virtualization is the most interesting and technically challenging feature of this protector.

(Android menu) will point you to p-代码 VM routines.

– For even clearer results, rename opaque predicates of the 方法 to

(refer part 1 of this blog for details) 什么是 代码 Virtualization

Relatively novel, 代码 virtualization is possibly one of the most effective 保护 technique there is

. With it come relatively heavy disadvantages, such as hampered speed of execution

and the difficulty to troubleshoot production 代码. The advantages are heightened reverse-engineering hurdles over other more traditional software 保护 techniques.

Virtualization in the 上下文 of 代码 保护 means: Generating a virtual machine

, into a semantically-equivalent 代码 对象 While the general features of

are stack machines with such and such characteristics), the Instruction Set 架构 (ISA) of

may not necessarily be. For 示例, opcodes, microcodes and their 实现 may vary from generation to generation. As for

, the characteristics of a generation are only constrained by the capabilities of the converter. Needless to say, standard 代码混淆 techniques can be applied on

. The virtualization 进程 can possibly be recursive (

更多内容

除了上面提到的内容，还有几个点值得注意。首先是浏览器的兼容性，不同浏览器对Web Crypto API的支持程度有所不同。其次是性能问题，加密操作在大量数据时可能会影响用户体验。最后是密钥管理，如何安全地存储和传输密钥也是一个需要考虑的问题。

篇幅原因就先写这么多，后面有空会再补充更多实战案例。有问题评论区见。

Reference: Reversing an Android app Protector, Part 3 – Code Virtualization - JEB