I know there is apktool for reverse engineering, dex2jar to extract as a jar file. I also heard about proguard which optimizes the codes to make it difficult to understand. But is proguard enough to give protection against reverse engineering? As far as I understand, resource files can still be altered even after using proguard (I am not sure though). Is there any other better techniques? Is there a way so that if someone tries with apktool, the codes as well as the resources both will be corrupted?
Asked
Active
Viewed 1,347 times
2
-
Pay close attention to the actual ROI, not the one you're thinking in your head. – Dave Newton Jun 09 '13 at 13:36
-
Sorry I didn't find the similar post in search. Should I delete this one now? – Nafis Abdullah Khan Jun 09 '13 at 15:12
1 Answers
3
But is proguard enough to give protection against reverse engineering?
Only you can define what "enough" is.
As far as I understand, resource files can still be altered even after using proguard
Anything can be altered even after using ProGuard, including resources.
Is there any other better techniques?
It is mathematically impossible to stop reverse engineering. After all, if a CPU can read an instruction and process it, a CPU can read an instruction and decompile it.
ProGuard, DexGuard (an enhanced ProGuard that encrypts resources), putting more logic in C/C++ than Java, and such can help slow down reverse engineering, but they cannot stop it. Hence, once again, only you can define what "enough" is.
Is there a way so that if someone tries with apktool, the codes as well as the resources both will be corrupted?
Well, IMHO, ProGuard doesn't "corrupt" the output of apktool for code. If, however, you think that ProGuard is "enough" for protecting your code, then DexGuard should be "enough" for protecting your resources. DexGuard is a commercial product, though, the last I looked.
If you are worried about reverse engineering, don't write client-side software.
CommonsWare
- 986,068
- 189
- 2,389
- 2,491
-
At least, I don't want it to be reversed coded easily. Because, as far I know, many people, just use those tools and alter the resources and doesn't bother much to learn how the code is written and publish it. Where, the main coder might have spent lots of efforts behind coding. – Nafis Abdullah Khan Jun 09 '13 at 13:48
-
@NafisAbdullahKhan: "Where, the main coder might have spent lots of efforts behind coding" -- there are zero people on the planet, other than perhaps that "main coder", that care about how much effort it took. Again, if you are worried about reverse engineering, don't write client-side software. – CommonsWare Jun 09 '13 at 13:54
-
That sounds unethical to me, although I am not sure what is considered unethical in this case. Yet, if it's acceptable to everyone then perhaps I should also begin my journey with it. :) But is there any rule where it says, "If you are accused as a copier/modifier of this application, you will be punished"? If not, then I'm good to go. (Or should I post another question about it?) – Nafis Abdullah Khan Jun 09 '13 at 14:18
-
1@NafisAbdullahKhan: "That sounds unethical to me, although I am not sure what is considered unethical in this case" -- I never said that reverse engineering was ethical. "But is there any rule where it says, "If you are accused as a copier/modifier of this application, you will be punished"?" -- please consult with an attorney to discuss copyright laws (and related laws) in your nation with respect to reverse engineering of software. – CommonsWare Jun 09 '13 at 14:25