Anti-compilation and encryption for Android APK

These days in Shanghai on business, sneak in to learn the APK's anti-compilation tool basic use. Here's a quick introduction to how to decompile the APK file we downloaded from the Web to get the resource file and source code we want to get.

One, apk file composition

Android app apk file is also a compressed file, then you can unzip the contents of the file inside, but obviously, when you go to the end of the extract to check, found that many of the things in the inside and you think not quite the same. Resource files and other XML files are basically not open, even if the Open is also garbled (and this is the Android encryption), some applications will be the image resources and other encryption (such as QQ music).

And since the direct decompression can not see the normal application, then you need to use the anti-compilation software to implement the anti-compilation apk.

Second, anti-compilation necessary tools and use

Android project files are mainly composed of resource files and source code. In order to view the resource files need a tool, this article uses the Apktool tool to decompile, after compiling the correct view of the XML file and other non-XML resource files, which is of great significance to the Chinese. In order to view the source code, you need to use both the Dex2jar and Jd-gui tools, where the Dex2jar tool is responsible for converting the Dex file into a jar file, while Jd-gui is used to view the jar file.

1) Apktool

A failed experience-----use apktool times wrong

Cause: The version of Apktool is too low to resolve the current version of the APK.

Correction:

After updating the latest version of Apktool, the latest Apktool version used in this article is 2.2.2.

You can then discover that XML files, such as resource files, can open normally.

2) Dex2jar

Next, you need to decompile the source code.

Tools Dex2jar and Jd-gui are required. Where Dex2jar, as the name implies, is to decompile the Dex file as a jar file. The Jd-gui is used to view the source code in the jar package directly.

The specific step is to extract the apk file, Get the Classes.dex, it is the Java file is compiled and then packaged by the DX tool, and then extract the downloaded Dex2jar, the classes.dex copy to the Dex2jar root directory, under the command line to navigate to the directory, run D2j-dex2jar.bat Classes.dex Classes.dex

Can be found to get a Classes-dex2jar.jar file. This file is the source code we need to get.

3) Jd-gui

The next step is to browse the file in Jd-gui, which is the final result.

Of course, you also find that the source code is confusing, that is, using meaningless letters to rename classes, member variables, methods and properties, and delete useless comments.

Third, the APK encryption process

Now that we have mentioned this, we can also learn about the encryption process of Android APK.

Because of the particularity of Java bytecode, making it very easy to decompile, (as we have just done, with the help of the tool to decompile a QQ music apk), so obviously we will have some protection measures to the compiled class file to protect some. Often we use Proguard to obfuscate the APK and rename the class, member variables, methods, and properties with meaningless letters. (Of course it can delete some useless classes, member variables, methods and properties, and delete useless annotations to maximize the optimization of bytecode files)

And now we generally use Android Studio as a development platform, under the platform can be very convenient to use Proguard, under the Gradle Script folder, open the Build.gradle (module:app) file, displayed as follows:

The minifyenable here is to control whether the switch to start Proguard is set to True to turn on proguard for obfuscation and optimization.

While the proguardfiles is divided into two parts, the first half is a system default obfuscation file, located in the SDK directory of the tools/proguard/ Proguard-android.txt, generally use this default file, the other part of the project is a custom obfuscation file, you can find this file in the app folder in the project, in this folder can define the introduction of third-party dependency package confusion rules. Once the Proguard is configured, the obfuscated bytecode file can be generated as long as the APK is exported using as.

Anti-compilation and encryption for Android APK