Android decompilation and prevention of Decompilation

Android is based on Java, and Java decompilation tools are powerful. Therefore, android can achieve 100% decompilation and restoration for normal APK applications.

Therefore, if developers do not prepare their own open-source projects, they need to know how to prevent decompilation and decompilation from others' projects.

If Version 2.3 or later is added to the default. properties file automatically generated by ECLIPSE, "proguard. Config = proguard. cfg" can be used to confuse the code, which is hard to understand after decompilation.

It doesn't matter if the SDK version is earlier than 2.3. Copy the above proguard. cfg file to the project and perform the same operation.

When the Android-proguard obfuscator is used and a third-party jar package is referenced, the following error occurs: you may need to specify additional library jars (using '-libraryjars. add-dontwarn com. To the top of the cfg file. motorola. **-keep class COM. motorola. ** {*;} Note: The-dontwarn and-keep parameters are used together to keep the classes in the third-party library intact.-dontwarn COM. motorola. ** it means to keep COM. motorola. ** all classes in this package are not confused with all methods.

-Keep class com. Motorola. ** {*;} indicates that proguard does not warn against reference to the class in the com. Motorola. ** package. Change the package name to the top package of your jar package.

For more information, see the official documentation http://developer.android.com/tools/help/proguard.html

 

After some applications are decompiled, Java code cannot be opened using JD-ui, and even obfuscated code cannot be seen, I tried multiple times and couldn't do it. (on the Internet, some obfuscation tools are intended for decompilation tools.) I want to know how to handle this problem.

-- Note: I have tried several times to find some reasons for the above problem. the version used is relatively low, now the latest version is dex2jar-0.0.9.7, 2. the dex2jar directory must not contain Chinese characters. class. dex is dragged directly to dex2jar. BAT to generate classes. dex. dex2jar. jar. If a bunch of at com. googlecode. dex2jar. IR. ts. topologicalsort. dfsremove (topologicalsort. java: 135) the error still cannot be opened. After reading the official issue report, many people have similar problems, which seem to have entered an endless loop, which is somewhat related to the APK file size, it should be a bug in dex2jar.

Note: The above functions only confuse Java code. xml and resource files and images are not confused, some game app images are important to convert to DAT files and use their own encryption and decryption algorithms to restore them.

In addition, after the obfuscation function is added, there is a compression function. The APK after obfuscation is smaller than the original one (the specific proportion depends on the amount of code repeat)

 

After that, let's talk about how to decompile the program.

Let's talk about the decompilation process and principle:

1. Use apktool to change the APK --> resource package (the Java code becomes invisible to the smali file). You can modify the files in the resource package.

2.apk suffix name changed to zip or RAR decompress, get classes. dex file, which is converted into a jar package using dex2jar. (Note: The resource file directly extracted cannot be opened directly. Use the decompilation tool in step 1, dex2jar. BAT file directory should not contain Chinese characters ).

------------------------------------------

New Version instructions (you do not need to change the APK to zip to decompress it. You can drag the APK file to dex2jar. Bat directly-it cannot contain Chinese names)Download the latest version of dex2jar http://code.google.com/p/dex2jar/downloads/listdecompress dex2jar-version.zip to a directory. for example,/home/panxiaobo/, c: \ unzip-x dex2jar-version.zip-D/home/panxiaobo is generated using dex2jar. JAR file. dex2jarwill generate a someapk_dex2jar.jar file in the directory where someapk.apk is located. linux sh/home/panxiaobo/dex2jar-version/dex2jar. SH/home/panxiaobo/someapk.apk windows c: \ dex2jar-version \ dex2jar. bat someapk.apk

--------------------------------------------------

3. Use Java decompilation tools such as JD-UI to directly view Java code.

4. Integrate the Java code with the first version of the resource package to form a new application.

5. Use apktool to re-compile.

6. Use the signature tool to re-sign.

7. re-release the application with the new signature.

Note: If you do not need to change the Java code, you do not need to change the style and the Chinese version 2.3.4 step.

 

Open-source projects on Google Code

Apktool http://code.google.com/p/android-apktool/

Dex2jar http://code.google.com/p/dex2jar/ PS: This is written by Chinese

In addition, someone made a tool set and integrated apktool dex2jar JD-UI. However, after downloading and running, I don't know if the environment is not paired.

Hackapk http://code.google.com/p/hackapk/

 

In addition, someone encapsulated apktool into an EXE file and made it easy to use the GUI. Let's take a picture and show it to you.

 

Note: If the software above cannot be signed, use another software (apksign) to sign the signature, as shown below:

 

In addition, the download and connection of the above two tools are provided on the Apsara stack forum. It is estimated that you cannot directly click the connection to download the tool.

Xwindows with graphic interface:Apktool.rar(3.33 MB) --> after this download, you can go to the http://code.google.com/p/android-apktool/ to download the latest version of apktool. jar to replace the original.

Signature tool:Auto-sign.rar(312.45 KB)

In addition, there are some command line tools that I have provided to the APK editor for different versions. The above descriptions do not waste a lot of time.

1. Common APK files (third-party software downloaded from various websites)

(1) Put it in the place-APK-here-for-modding folder. (If there is no space or Chinese, convert Chinese to English (2) Open script.exe and enter 22 or 23 (set the current project), Select the ID of the APK file to be edited, and press enter to confirm

 

Above: Some versionsSet the current project option to 23,It indicates that the file has not been changed, and APK cannot be selected for press 22 for a long time. The reason is not easy to find.

We recommend that you use the graphic interface.