（1）APK文件伪加密
（2）资源文件防反编译
（3）apk打包流程
（4）apk反编译流程
（5）apk回编译流程

0x01 APK文件伪加密

（1）zip不加密
（2）zip真加密
（3）双方对比
（4）伪加密
（5）APK实现

2.ZIP不加密

2.2 version needed to extract

version needed to extract (2 bytes)

The minimum supported ZIP specification version needed to
extract the file, mapped as above.  This value is based on
the specific format features a ZIP program must support to
be able to extract the file.  If multiple features are
applied to a file, the minimum version should be set to the
feature having the highest value. New features or feature
changes affecting the published format specification will be
implemented using higher version numbers than the last
published value to avoid conflict.

Current minimum feature versions are as defined below:

1.0 - Default value
1.1 - File is a volume label
2.0 - File is a folder (directory)
2.0 - File is compressed using Deflate compression
2.0 - File is encrypted using traditional PKWARE encryption
2.1 - File is compressed using Deflate64(tm)
2.5 - File is compressed using PKWARE DCL Implode
2.7 - File is a patch data set
4.5 - File uses ZIP64 format extensions
4.6 - File is compressed using BZIP2 compression*
5.0 - File is encrypted using DES
5.0 - File is encrypted using 3DES
5.0 - File is encrypted using original RC2 encryption
5.0 - File is encrypted using RC4 encryption
5.1 - File is encrypted using AES encryption
5.1 - File is encrypted using corrected RC2 encryption**
5.2 - File is encrypted using corrected RC2-64 encryption**
6.1 - File is encrypted using non-OAEP key wrapping***
6.2 - Central directory encryption

* Early 7.x (pre-7.2) versions of PKZIP incorrectly set the
version needed to extract for BZIP2 compression to be 50
when it should have been 46.

** Refer to the section on Strong Encryption Specification
for additional information regarding RC2 corrections.

*** Certificate encryption using non-OAEP key wrapping is the
intended mode of operation for all versions beginning with 6.1.
Support for OAEP key wrapping should only be used for
backward compatibility when sending ZIP files to be opened by
versions of PKZIP older than 6.1 (5.0 or 6.0).

When using ZIP64 extensions, the corresponding value in the
Zip64 end of central directory record should also be set.
This field currently supports only the value 45 to indicate
ZIP64 extensions are present.

2.3 general purpose bit flag

demo的标志位为00 08

APK文件的标志位是00 00，这里我们发现这里并不一样。我们来仔细看一下官方文档的说明。

general purpose bit flag: (2 bytes)

Bit 0: If set, indicates that the file is encrypted.

(For Method 6 - Imploding)
Bit 1: If the compression method used was type 6,
Imploding, then this bit, if set, indicates
an 8K sliding dictionary was used.  If clear,
then a 4K sliding dictionary was used.
Bit 2: If the compression method used was type 6,
Imploding, then this bit, if set, indicates
3 Shannon-Fano trees were used to encode the
sliding dictionary output.  If clear, then 2
Shannon-Fano trees were used.

(For Methods 8 and 9 - Deflating)
Bit 2  Bit 1
0      0    Normal (-en) compression option was used.
0      1    Maximum (-exx/-ex) compression option was used.
1      0    Fast (-ef) compression option was used.
1      1    Super Fast (-es) compression option was used.

Note:  Bits 1 and 2 are undefined if the compression
method is any other.

Bit 3: If this bit is set, the fields crc-32, compressed
size and uncompressed size are set to zero in the
local header.  The correct values are put in the
data descriptor immediately following the compressed
data.  (Note: PKZIP version 2.04g for DOS only
recognizes this bit for method 8 compression, newer
versions of PKZIP recognize this bit for any
compression method.)

Bit 4: Reserved for use with method 8, for enhanced
deflating.

Bit 5: If this bit is set, this indicates that the file is
compressed patched data.  (Note: Requires PKZIP
version 2.70 or greater)

Bit 6: Strong encryption.  If this bit is set, you should
set the version needed to extract value to at least
50 and you must also set bit 0.  If AES encryption
is used, the version needed to extract value must
be at least 51.

Bit 7: Currently unused.

Bit 8: Currently unused.

Bit 9: Currently unused.

Bit 10: Currently unused.

Bit 11: Currently unused.

Bit 12: Reserved by PKWARE for enhanced compression.

Bit 13: Used when encrypting the Central Directory to indicate
hide their actual values.  See the section describing
the Strong Encryption Specification for details.

Bit 14: Reserved by PKWARE.

Bit 15: Reserved by PKWARE.

compression method: (2 bytes)

(see accompanying documentation for algorithm
descriptions)

0 - The file is stored (no compression)
1 - The file is Shrunk
2 - The file is Reduced with compression factor 1
3 - The file is Reduced with compression factor 2
4 - The file is Reduced with compression factor 3
5 - The file is Reduced with compression factor 4
6 - The file is Imploded
7 - Reserved for Tokenizing compression algorithm
8 - The file is Deflated
9 - Enhanced Deflating using Deflate64(tm)
10 - PKWARE Data Compression Library Imploding
11 - Reserved by PKWARE
12 - File is compressed using BZIP2 algorithm

2.4compression method

 (see accompanying documentation for algorithm
descriptions)

0 - The file is stored (no compression)
1 - The file is Shrunk
2 - The file is Reduced with compression factor 1
3 - The file is Reduced with compression factor 2
4 - The file is Reduced with compression factor 3
5 - The file is Reduced with compression factor 4
6 - The file is Imploded
7 - Reserved for Tokenizing compression algorithm
8 - The file is Deflated
9 - Enhanced Deflating using Deflate64(tm)
10 - PKWARE Data Compression Library Imploding
11 - Reserved by PKWARE
12 - File is compressed using BZIP2 algorithm

demo的日期。

2.7 crc-32

CRC即循环冗余校验码（Cyclic Redundancy Check[1] ）：是数据通信领域中最常用的一种查错校验码，其特征是信息字段和校验字段的长度可以任意选定。

apk中的crc-32

0x02 结束语

2018年1月26日00:42:02

Android逆向-Android基础逆向（1）