27

I want to check how DexGuard works but it seems that it doesn't have a free trial version.

Can DexGuard encrypt an Android application? Or does it simply obfuscate the code? How does DexGuard encryption work? If you could provide code from a sample application run with DexGuard before and after decompilation, it would be great.

jaibatrik
  • 6,770
  • 9
  • 33
  • 62
Arci
  • 6,647
  • 20
  • 70
  • 98

3 Answers3

71

ProGuard provides name obfuscation: it can replace the original names of classes, methods, and fields by short, meaningless names. DexGuard additionally provides string encryption and class encryption. The term encryption may be confusing in this context, since these are basically more aggressive types of obfuscation. Designated strings and classes are stored in some intentionally complex encrypted form, and decrypted at runtime with keys and algorithms that are necessarily available to the application. In some ways similarly, the Google Play market can encrypt entire applications for Android 4.1. The runtime environment then decrypts the application before it is executed, in a controlled fashion.

(I am the developer of ProGuard and DexGuard -- feel free to get in touch if you're interested)

Eric Lafortune
  • 45,150
  • 8
  • 114
  • 106
  • Hi! Thanks for your reply! Yes, I got confused with the definition of encryption in DexGuard. Basically, my understanding is that encryption transforms data with the use of a secret key. However, if an Android application is encrypted, Dalvik won't be able to understand the encrypted application as Dalvik does not contain a decryptor for the application. Unless of course a decryptor is attached inside the application together with the key. In this way, the class will be decrypted by the application itself before being run by Dalvik. Is that how DexGuard works? – Arci Nov 08 '12 at 03:11
  • Can I used DexGuard together with Google Play's encyption for Android 4.1? Also, is it recommended to use DexGuard together with Proguard? I notice on Proguard's page that DexGuard doesn't preverify classes. How can I prevify the classes if I'm going to use DexGuard? Thank you! :D – Arci Nov 08 '12 at 03:13
  • 2
    Correct. Yes, from the outside, a processed application still looks like any other application; Google Play can still encrypt it. No, you don't need to combine ProGuard and DexGuard, since DexGuard already provides the functionality of ProGuard. Preverification is only required for Java Micro Edition and Java 6, not for Android. – Eric Lafortune Nov 08 '12 at 15:36
  • Thanks, Eric! May I know when was DexGuard first release? Or can you give me a link containing the release dates of different DexGuard versions? I'll be recommending it to our president so we can use it. Also, I know this is a different topic, but why is preverification required only on J2ME and Java 6 and not on Android? I'm not very knowledgeable on that topic. Thanks again! – Arci Nov 09 '12 at 01:43
  • We've first released DexGuard in May 2012. We're now providing continuous updates. – Eric Lafortune Nov 09 '12 at 09:00
  • 3
    The virtual machines and the bytecode for Android and for Java are quite different. Dalvik bytecode doesn't have preverification information, while Java bytecode may have preverfication information. The Java virtual machine uses the information to check that the program is well-constructed. The Android developers didn't consider this necessary, due to the different way in which applications are run. So DexGuard, which writes out Dalvik bytecode, doesn't need it. – Eric Lafortune Nov 09 '12 at 09:20
  • 1
    @EricLafortune, how does DexGuard play with (if at all) the new ART experimental runtime for Android? – Tony Chan Dec 16 '13 at 19:44
  • What is the overhead for app launching since we have reflection and decryption before every launch? – DmitryBorodin Dec 21 '15 at 23:40
  • @EricLafortune can we talk about DexGuard ? if interested then mail me at dalwadi2@gmail.com – Harsh Dalwadi Mar 30 '16 at 10:13
  • @EricLafortune You have mentioned that ` the Google Play market can encrypt entire applications for Android 4.1`. Does it mean that `google play market` will encrypt our app? – Gibbs Apr 03 '16 at 07:23
  • @EricLafortune I am using `proguard` for my application. But I realized that someone (or maybe several persons) had reverse engineering my apk and changing a critical part of it. I wanted to know if I provide an update, is it possible that `proguard` produce a new mapping for my application so as the class names that person identified before, mapped to another name this time? I don't want it to be easy to identify the same class in new version. – Akram Jan 22 '18 at 13:01
  • what configuration should be used to obfuscate classes names in dexguard? – Mohsin Jun 26 '18 at 08:05
3

DexGuard in old version using “DES” Alg to encrypt specified class. Later it change "AES" alg. After encrypt Specified class, it store the encrypte data into another class via data array format with decryption method. The decryption method that is static block in Dex is clinit format method which obfuscated using control flow obfuscation and API hiding. So it is a little bit to deobfuscate the decryption method. In other classes , reference the specified class change to reflection opcode. Every time the APK runs, the encrypted class will be decrypted in static method first. And the decrypted classes will be load into dvm memory using reflection API. so other class can reference the specified class properly. That's it. In my opinion, DexGuard is very powerful obfuscation tool. If each feature obfuscations apply to APK, it will cost you a lot of time to reverse the whole real program.

QianBin Piao
  • 271
  • 1
  • 2
  • 10
2

Although they use the term encryption, it seems that it is really obfuscation. I say this simply because although they may encrypt certain strings/values... the fact that the encryption key must also be stored in the app means that they are providing a "lock" for the code while at the same time packaging the "key" with it.

bleuf1shi
  • 830
  • 7
  • 12