Android anti-decompilation series: how to defend against JD-GUI

Android anti-decompilation series: how to defend against JD-GUI

This is the sorrow of programmers who have nothing to do at home by the weekend. Now, we will continue to introduce another method to prevent decompilation of android apk over the weekend.

I. Protection against the principle of JD-GUI

The two most frequently used tools for decompilation of apk are apk-tool and dex2jar. The two tools are used to decompile the apk into classes first. dex and then the classes. dex decompile into a jar file or decompile the apk directly into a jar file; after obtaining the jar file, you can use the JD-GUI to open the jar file, you can directly view the java source code of the apk. We spent so much effort to write the program so easily by others to get the source code is not very unwilling, now I will tell you against the JD-GUI to view the source code method. When we look at the source code with a JD-GUI, sometimes some functions do not see the direct error prompt, we use this to protect our apk. When the original JD-GUI converted the class bytecode file in the jar that has been obfuscated into a java file, it will prompt the function error when encountering the special implementation of the branch that cannot be implemented in the function. In this case, you only need to check the source code of the file or function that prompts error, adding these statements to our source code can prevent the use of JD-GUI to view our apk source code.

 

Ii. Principle implementation

(1) assume that our function of apk onCreate is implemented as follows:

1 2 3 4 5

@Override protected void onCreate(Bundle savedInstanceState) { super.onCreate(savedInstanceState); setContentView(R.layout.activity_main); }

 

 

(2) After obfuscation, our apk is signed and exported. We use the dex2jar tool to convert our apk into a jar file.

 

(3) open our jar file with the JD-GUI to see the source code of our apk onCreate function. As follows:

 

(4) In this case, we add the impossible Special Branch statement in the apk onCreate function. The Code is as follows:

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 19 20 21 22 23 24

@Override protected void onCreate(Bundle savedInstanceState) { super.onCreate(savedInstanceState); setContentView(R.layout.activity_main); switch(0) { case 1: JSONObject jsoObj; String date=null; String second=null; try { jsoObj=new JSONObject(); date=jsoObj.getString(date); second=jsoObj.getString(second); } catch(JSONException e) { e.printStackTrace(); } test.settime(date,second); break; } }

1 2 3 4

class test { public static void settime(String a,String b){} }

 

(5) We use the same method in (2) to convert the apk into a jar file, and then open it with a JD-GUI and you will see an error. As follows:

 

According to the above tells I believe that everyone has a certain understanding of the method against JD-GUI, I just cited one of the methods, the reason is that it is a special branch statement because not all branch statements can cause an error to the JD-GUI. We can pay more attention to some of these special branch statements based on the principle to protect our apk. Next we will explain another android apk anti-decompilation technology and look forward to your support. If you have any questions about the technology described in this article: