Android code obfuscation prevention decompilation Solution Research, android Decompilation

Source: Internet
Author: User

Android code obfuscation prevention decompilation Solution Research, android Decompilation

All Android Developers Know How To obfuscation to prevent apk decompilation and cracking, and use proguard to obfuscation Java code. However, can obfuscation of Android Code actually play a substantial role? See the following analysis

1. Android code obfuscation

 



For example, after obfuscation of the Android code, the obfuscator encrypts the names of all variables, functions, and classes in the Code into short letters, after the APP is cracked, it increases the difficulty for the attacker to read the code.

However, the obfuscation function only works after the APP has been cracked, and only increases the difficulty time of the attacker. It does not play a major role in preventing cracking.

So, Android code obfuscation cannot fundamentally Prevent Cracking. What else can be done? Next, let's take a look:

2. Anti-tool cracking-pseudo Encryption

 


Pseudo-encryption is one of the most popular encryption methods before the release of Android4.2.x. It uses java code to perform pseudo-encryption on APK (compressed files, the modification principle is to modify the last 5th bytes marked as "p k 01 02" for four consecutive bytes. The odd number indicates that the even number is not encrypted. The pseudo-encrypted APK not only prevents the PC from decompressing and viewing it, but also prevents decompilation tools.

However, the market cannot perform security checks on its APK encrypted by pseudo-encryption, and some markets will reject such APK uploads to the market. The encrypted and decrypted pseudo-encryption methods have been published, which greatly reduces the security level. The Android4.2.x system cannot install a pseudo-encrypted APK.

From the above, the obfuscation of Android code is indeed worse than that of pseudo-encryption. However, Android code obfuscation and pseudo-encryption are not the most reliable methods. Next, let's continue.

3. brute-force cracking: APK compressed file cracking

 

 


APK can be seen as a compressed file on the PC. In Android, It is a software file of the mobile phone system. The Android system recognizes the APK from the flag header to the flag end, and other redundant data will be ignored. Therefore, adding other data at the end of the flag will corrupt the file on the PC end that regards the APK as a compressed file. Therefore, if you decompress or view the APK file, the file will be damaged, the Decompilation tool also prompts that the file is corrupted, but it does not affect the normal operation and installation of the Android system and is compatible with all systems.

However, the destruction of such APK packages has the same problem of APK pseudo-encryption. Some markets may be unidentifiable and thus cannot be uploaded to the market. The compressed file repair tool can also fix it so that our protection will disappear.

Three analyses: Android code obfuscation, pseudo-encryption, and compressed file cracking cannot fundamentally solve the problem of anti-decompilation and cracking of Android code obfuscation. So we will continue to explore.

 

4. encryption on a third-party platform

Google's Security Processing for Android apps is to provide simple APK encryption, java-layer source code shelling protection, but does not provide any protection for core so libraries, resource files, Master configuration files, and third-party jar packages. The protection has already been cracked by hackers but has not been upgraded or maintained. As a result, the Android APP does not have any security.

Taking the third-party platform of the mobile application security industry-"Love encryption", based on obfuscation of Android code, the APK is fully protected by source code shelling protection, so library CORE code shelling protection, resource file signature protection, and APK secondary protection. In addition, the encrypted APP does not affect its operation efficiency and user experience, and its compatibility is optimal.

To sum up, the Android Code cannot be obfuscated only. to truly protect the security of the Android code, we still need to seek a more secure encryption protection technology! The table is only mixed with Android code!


Android code obfuscation to prevent the apk program from being decompiled

The following describes how to enable proguard under SDK2.3. the cfg file works. Let's take a look at android-sdk-windows \ tools \ lib \ proguard. cfg content: view plain 1. -optimizationpasses 5 2. -dontusemixedcaseclassnames 3. -dontskipnonpubliclibraryclasses 4. -dontpreverify 5. -verbose 6. -optimizations! Code/simplification/arithmetic ,! Field /*,! Class/merging/* 7. 8. -keep public class * extends android. app. activity 9. -keep public class * extends android. app. application 10. -keep public class * extends android. app. service 11. -keep public class * extends android. content. broadcastReceiver 12. -keep public class * extends android. content. contentProvider 13. -keep public class * extends android. app. backup. backupAgentHelper 14. -keep public class * extends android. preference. preference 15. -keep public class com. android. vending. licensing. ILicensingService 16. 17. -keepclasseswithmembernames class * {18. native <methods>; 19 .} 20. 21. -keepclasseswithmembernames class * {22. public <init> (android. content. context, android. util. attributeSet); 23 .} 24. 25. -keepclasseswithmembernames class * {26. public <init> (android. content. context, android. util. attributeSet, int); 27 .} 28. 29. -keepclassmembers enum * {30. public static ** [] values (); 31. public static ** valueOf (java. lang. string); 32 .} 33. 34. -keep class * implements android. OS. parcelable {35. public static final android. OS. parcelable $ Creator *; 36 .} from the script, we can see that the obfuscation retains the basic components inherited from Activity, Service, Application, BroadcastReceiver, ContentProvider, and so on ...... remaining full text>

Android code obfuscation to prevent the apk program from being decompiled

The following describes how to enable proguard under SDK2.3. the cfg file works. Let's take a look at android-sdk-windows \ tools \ lib \ proguard. cfg content: view plain 1. -optimizationpasses 5 2. -dontusemixedcaseclassnames 3. -dontskipnonpubliclibraryclasses 4. -dontpreverify 5. -verbose 6. -optimizations! Code/simplification/arithmetic ,! Field /*,! Class/merging/* 7. 8. -keep public class * extends android. app. activity 9. -keep public class * extends android. app. application 10. -keep public class * extends android. app. service 11. -keep public class * extends android. content. broadcastReceiver 12. -keep public class * extends android. content. contentProvider 13. -keep public class * extends android. app. backup. backupAgentHelper 14. -keep public class * extends android. preference. preference 15. -keep public class com. android. vending. licensing. ILicensingService 16. 17. -keepclasseswithmembernames class * {18. native <methods>; 19 .} 20. 21. -keepclasseswithmembernames class * {22. public <init> (android. content. context, android. util. attributeSet); 23 .} 24. 25. -keepclasseswithmembernames class * {26. public <init> (android. content. context, android. util. attributeSet, int); 27 .} 28. 29. -keepclassmembers enum * {30. public static ** [] values (); 31. public static ** valueOf (java. lang. string); 32 .} 33. 34. -keep class * implements android. OS. parcelable {35. public static final android. OS. parcelable $ Creator *; 36 .} from the script, we can see that the obfuscation retains the basic components inherited from Activity, Service, Application, BroadcastReceiver, ContentProvider, and so on ...... remaining full text>

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.