can we detect odex modification?
Android1500 opened this issue · 3 comments
as title said
I apologize, it should be noted that it's likely not possible to detect whether an ODEX file has been modified. The reason is that different devices may produce completely different ODEX files, making this method ineffective for defense. Furthermore, simply detecting the ODEX file alone cannot prevent attacks from hackers. Attackers can intercept the ART interpreter to modify the code at runtime. Therefore, it's necessary to consider a broader range of detection methods, rather than solely focusing on detecting the ODEX file.
I apologize, it should be noted that it's likely not possible to detect whether an ODEX file has been modified. The reason is that different devices may produce completely different ODEX files, making this method ineffective for defense. Furthermore, simply detecting the ODEX file alone cannot prevent attacks from hackers. Attackers can intercept the ART interpreter to modify the code at runtime. Therefore, it's necessary to consider a broader range of detection methods, rather than solely focusing on detecting the ODEX file.
Thanks for your quick response actually i want to prevent modification of my app and even i added lots of think to detect and its works but now i m stuck here coz tool like lucky patcher take modify class.dex and inject into current installed app odex so any way i can prevent that?
I apologize, it should be noted that it's likely not possible to detect whether an ODEX file has been modified. The reason is that different devices may produce completely different ODEX files, making this method ineffective for defense. Furthermore, simply detecting the ODEX file alone cannot prevent attacks from hackers. Attackers can intercept the ART interpreter to modify the code at runtime. Therefore, it's necessary to consider a broader range of detection methods, rather than solely focusing on detecting the ODEX file.
Thanks for your quick response actually i want to prevent modification of my app and even i added lots of think to detect and its works but now i m stuck here coz tool like lucky patcher take modify class.dex and inject into current installed app odex so any way i can prevent that?
I understand your concerns, but increasing detection for different attack surfaces is the only way to improve defense, although it's not 100% guaranteed to prevent attacks. In reality, there's no way to completely prevent others from modifying your application; it's simply not possible. Applications must be run, and modifications might not be limited to changing individual files. However, regarding the class.dex you mentioned, you can localize some implementations into .so files. This way, you can add a certain degree of detection within the .so files and combine it with CRC or SHA2-like values for verification.