Android development decompilation and prevention of decompilation, android development Decompilation
Android development decompilation and prevention of Decompilation
Preventing decompilation is a required course for every programmer, because when you work hard to develop an application, it is embarrassing to be decompiled by others. So how can we prevent decompilation? Here we will use the built-in code mixing method of Google Android to prevent decompilation. Sun Tzu said well in the Art of War: "I know what I know and what I know." So Before explaining how to prevent decompilation, let's take a look at how to decompile an application.
1. decompile the Android Application lab environment:
Windows 8.1 enterprise, dex2jar-0.0.9.9
Decompilation Toolkit:
Android decompilation Toolkit (upgraded version)
1. perform the following steps to decompile the Apk to get the Java source code:
1) Change the suffix of the apk file to zip and decompress it to obtain the classes. dex, which is compiled by a java file and then packaged by the dx tool. copy dex to dex2jar. the dex2jar-0.0.9.9 folder in the directory where bat is located.
Locate the directory of dex2jar. bat in the command line and run
Dex2jar. bat classes. dex
Generate classes_dex2jar.jar
2) double-click jd-gui.exe in the jdguifolder, open the jar package classes_dex2jar.jar generated above, and you will see the source code, such:
2. decompile the apk to generate the program's source code and images, XML configuration, language resources, and other file steps:
1) Download The Decompilation toolkit and open the apktool1.4.1 folder under the apk2java directory, which contains three files: apktool. jar, aapt.exe, apktool. bat,
Note: apktool_bk.jar is the old backup version. It is best to use the latest apktool. jar
Go to the apktool. bat folder under the command line and enter the following command:Apktool. bat d-f abc123.apk abc123
For example:
Apktool. bat command line explanation: apktool. bat d-f [apk file] [Output Folder]
<?xml version="1.0" encoding="utf-8"?><manifest android:versionCode="1" android:versionName="1.0" package="com.jph.recorder" xmlns:android="http://schemas.android.com/apk/res/android"> <uses-sdk android:minSdkVersion="8" android:targetSdkVersion="18" /> <uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE" /> <uses-permission android:name="android.permission.RECORD_AUDIO" /> <uses-permission android:name="android.permission.VIBRATE" /> <uses-permission android:name="android.permission.SEND_SMS" /> <application android:theme="@style/AppTheme" android:label="@string/app_name" android:icon="@drawable/ic_launcher" android:allowBackup="true"> <activity android:label="@string/app_name" android:name="com.jph.recorder.Recorder"> <intent-filter> <action android:name="android.intent.action.MAIN" /> <category android:name="android.intent.category.LAUNCHER" /> </intent-filter> </activity> <activity android:label="@string/show_recordFile" android:name="com.jph.recorder.ShowRecordFiles" /> <activity android:theme="@android:style/Theme.Dialog" android:name=".AboutActivity" /> <activity android:label="@string/feedback_label" android:name=".FeedBackActivity" /> <service android:name="com.jph.recorder.RecordService" /> </application></manifest>
Re-package decompiled files into apk, which is easy to inputApktool. bat B abc123(You can compile the folder). The command is as follows:
The package apk file is in the directory C: \ HelloAndroid and two folders are generated:
Build
Dist
In this example, package the generated helloandroid.apk. In the above dist folder, OK
3. graphical decompilation apk
Steps 1 and 2 above describe the command line decompilation apk, and now provides a graphical decompilation tool: Androidfby
First, download the decompilation tool package, open the androidfbydirectory, and double-click the androiddecompilation tool .exe to open the decompilation apk file.
Ii. prevent application Decompilation
First, we will introduce what is code obfuscation:
Code obfuscation (Obfuscated code), also known as the flower command, is a behavior that converts the code of a computer program into a function equivalent, but is difficult to read and understand. Code obfuscation can be used for program source code or intermediate code compiled by a program. Programs that execute code obfuscation are called code obfuscators. There are already many different types of code obfuscators.
Rewrite the names of various elements in the Code, such as variables, functions, and classes into meaningless names. For example, if it is changed to a single letter, a short combination of meaningless letters, or even a symbol like "_", the reader cannot guess its purpose based on the name. Rewrite part of the logic in the code to convert it into a form that is functionally equivalent but harder to understand. For example, rewrite a for Loop To A while LOOP, transform the loop to recursion, and streamline intermediate variables. Disrupt the code format. For example, you can delete spaces, squeeze multiple lines of code into one line, or break one line of code into multiple lines.
Comparison of code decompiled before and after obfuscation:
Tip: If you are interested, you can find that the apk file generated after obfuscation is much smaller than the apk file generated before obfuscation. This not only reduces the project size, but also increases the code execution speed. For example:
Procedure:
1) Check whether proguard. cfg is in the project.
If not, download from here:
Proguard. cfg
Copy proguard. cfg to the project.
2) Add proguard. config = proguard. cfg to the project. properties file.
3) then sign your application according to the normal signature. After the generated apk is decompiled, it will be very different from the source code.
Note: The application must be signed using the normal signature method. The apk file generated in the bin directory of the project uses the default system signature method, which does not achieve mixed Code compiling.
If the signature is unsuccessful, go to the following link:
4) However, you may encounter many problems in this step, and the signature is not successful at all. For example: ① if the project introduces the jar class library of the android-support-v4, then in the project packaging obfuscation, the error will prompt you: you may need to specify additional library jars (using '-libraryjars '). ② Reference third-party packages and other issues
If the project introduces the jar class library for the android-support-v4, add the following content after proguard. cfg:
-Libraryjars/android-support-v4.jar
-Dontwarn android. support. v4 .**
-Keep class android. support. v4 .**{*;}
-Keep public class * extendsandroid. support. v4 .**
-Keep public class * extendsandroid. app. Fragment
Then you can package it and check that the apk installation package can be generated normally.
If: "class 1 can't find referenced class 2" literally means class 1 cannot find the reference of class 2; It will suggest you: "You may need to specify additional library jars (using '-libraryjars '). ";
You need to use-libraryjars and the third-party libraries used in the project.
Example:-libraryjars/android-support-v4.jar
Note: The reference method here is the root directory of the current project (other directories can also be configured), that is, you need to put the third-party jar under the current directory, otherwise, a warning is reported that the jar file cannot be found!
If the following error occurs: can't find superclass or interfaceandroid. OS. Parcelable $ ClassLoaderCreator, you can use-dontwarncom. xx. yy. ** to warn against the error.
Note: to use this method, make sure you do not use the class in this library! Otherwise, the ClassNotFoundException will be thrown!
If the class is used in the project, the above method is not feasible. At this time, we need to add another item:-keep class com. xx. yy. ** {*;} to keep the current class from being confused.
Summary:
To reference a third-party package, use the following method to avoid packaging errors:
-Libraryjars/aaa. jar
-Dontwarn com. xx. yy .**
-Keep class com. xx. yy .**{*;}
Finally, the package is successful. I wish you a successful obfuscation of encryption!
How to Prevent Android program from being decompiled
The following describes how to enable proguard under SDK2.3. the cfg file works. Let's take a look at android-sdk-windows \ tools \ lib \ proguard. cfg content:-optimizationpasses 5-dontusemixedcaseclassnames-dontskipnonpubliclibraryclasses-dontpreverify-verbose-optimizations! Code/simplification/arithmetic ,! Field /*,! Class/merging/*-keep public class * extends android. app. activity-keep public class * extends android. app. application-keep public class * extends android. app. service-keep public class * extends android. content. broadcastReceiver-keep public class * extends android. content. contentProvider-keep public class * extends android. app. backup. backupAgentHelper-keep public class * extends android. prefer Ence. preference-keep public class com. android. vending. licensing. ILicensingService-keepclasseswithmembernames class * {native;}-keepclasseswithmembernames class * {public (android. content. context, android. util. attributeSet);}-keepclasseswithmembernames class * {public (android. content. context, android. util. attributeSet, int);}-keepclassmembers enum * {public static ** [] values (); publi C static ** valueOf (java. lang. string);}-keep class * implements android. OS. parcelable {public static final android. OS. parcelable $ Creator *;} from the script, the obfuscation retains basic components inherited from Activity, Service, Application, BroadcastReceiver, ContentProvider, and com. android. vending. licensing. ILicensingService, retains all Native variable names and class names, And some of all classes Use constructors with fixed parameter formats, enumerations, and so on .) It is easy to make proguard. cfg take effect, that is, add "proguard. config = progua ...... the remaining full text> to the default. properties file automatically generated by eclipse.
How does android prevent decompilation and protect its own resource images? Please.
1. Perform source code protection detection. Detects DEX file protection and checks whether DEX files are protected. This prevents attackers from decompiling program source code to prevent malicious advertisement insertion and malicious fee deduction code implantation, ensure the user experience and complete functions of the APP. 2. source code obfuscation protection detection. This project is mainly used to make up for program developers to exploit obfuscation source code for program vulnerabilities, because obfuscation source code is not strict as a common basic protection measure. If it is used by professionals, it will still cause considerable damage. 3. Resource file protection detection. If there is a lack of effective protection for audio, video, images, text, and other files in the APP, they are easily tampered with, replaced, and stolen. For example, if the audio format or text content in the program is tampered with into an advertisement image or a prohibited pornographic image, it is also a violation of the rights and interests of developers and users. 4. Android primary file protection detection. This free source code detection platform can effectively protect the security of each component in the main configuration file of Android, prevent other people from inserting code in the XML file, and destroy and steal relevant information, tampered with the function settings of the application. 5. APK secondary protection detection. During the second packaging, the program personnel decompress the Downloaded Program, delete the original signature, and set a signature tool to sign the installation package. This is a type of theft, infringing the rights and interests of the original program designer. Through the free detection platform, you can effectively check whether the signature of the installation package has been changed, which can effectively prevent the appearance of secondary packaging. 6. so file protection to prevent APP applications from being modified and packaged by a third party. 7. Love encryption www.ijiami.cn/