3

I am very new to DexGuard and Proguard. I was going through their documentation and sample examples. They have dexguard_util which helps you detect if the application is tampered with and also helps in detecting if it is running in the environment it is supposed to run. The document suggests that this tamper and environment detection be encrypted using the following code is dexgaurd-project.txt.

 -encryptclasses A$D
 -encryptstrings A$D

follwing is the activity

public class A extends Activity
{


    @Override
    public void onCreate(Bundle savedInstanceState)
    {
        super.onCreate(savedInstanceState);

        new D().c();
    }

    private class D
    {
        public void c()
        {
            //some code to which detects the tampering and environment and takes action accordingly
        }
    }
}

What if a hacker inject this line of code.

public class A extends Activity
{


    @Override
    public void onCreate(Bundle savedInstanceState)
    {
        super.onCreate(savedInstanceState);
        //code commented by hacker
        //new D().c();
    }

    private class D
    {
        public void c()
        {
            //some code to which detects the tampering and environment and takes action accordingly
        }
    }
}

Then my application will run without running those tests which I think is a big problem. Is my understanding of how reverse engineering works wrong or there are better ways of doing this. Please share better methods of doing this if they exist. Thanks in advance. Note that public class A cannot be encrypted as it is an entry point and is kept using this command in progaurd-project.txt

-keep class somepackage.A
nsp
  • 378
  • 1
  • 4
  • 19

1 Answers1

1

When it comes to anti-tampering, it is important to keep in mind that their goal is not to stop any and all potential tampering efforts, but, rather, it's just a matter of raising the security bar of the target high enough to dissuade most attackers.

With that said, the

A bit of a tangent:

The document suggests that this tamper and environment detection be encrypted using the following code is dexgaurd-project.txt.

Class encryption does prevent basic static analysis of the application package, e.g. simply unzipping the package and loading it in jd-gui. However, as this answer shows, it's trivial to circumvent: one only has to hook into the static method that decrypts the apk on load, and dump it. But this allows the security bar to be raised.

Now back to your original question:

What if a hacker inject this line of code.

As an attacker, that would be the next step. However, that would require repackaging the app, and signing it with the hacker's signing key. Therefore, it is necessary to combine Dexguard's anti-tampering measures like checking the apk signature.

Is DexGuard tamper and Environment detection helpful?

In summary, yes, it is helpful in as far as it raises the bar above the vast majority of apps out there. But it's no silver bullet.

verybadalloc
  • 5,768
  • 2
  • 33
  • 49