1

I try to obfuscate my project so that I enable a few settings in Gradle. then I try to reverse the code but not fully obfuscate

I refer many sites I did not find an exact solution yet

I try to decompile very famous apps like any google app & Facebook from the play store (code seems fully obfuscated).

can anyone give a suggestion of what should I do exactly to make full code obfuscate

  • Below 3 Steps No use for code obfuscate

Step 1: Gradle Properties:

# Kotlin code style for this project: "official" or "obsolete":
kotlin.code.style=obsolete
android.enableR8.fullMode=true

Step 2: App level Gradle:

 buildTypes {
        release {
            useProguard true
            minifyEnabled true
            shrinkResources true
            proguardFiles getDefaultProguardFile('proguard-android-optimize.txt'), 'proguard-rules.pro'
        }
    }

Step 3: proguard-rules.pro I also try proguard rules

# If you keep the line number information, uncomment this to
# hide the original source file name.
-renamesourcefileattribute SourceFile

Here is my kotlin code :

package com.android.myapplication
import android.os.Build
import android.os.Bundle
import android.util.Log
import androidx.appcompat.app.AppCompatActivity
import kotlinx.android.synthetic.main.activity_main.*

class MainActivity : AppCompatActivity() {
    override fun onCreate(savedInstanceState: Bundle?) {
        super.onCreate(savedInstanceState)
        setContentView(R.layout.activity_main)
        Log.d("myTag","on create")
        try{
            val deviceInfo = " MOBILE: Android" +
                    " APP VERSION:" + BuildConfig.VERSION_NAME +
                    " MODEL:" + Build.MODEL +
                    " Manufacture:" + Build.MANUFACTURER +
                    " BRAND:" + Build.BRAND +
                    " SDK:" + Build.VERSION.SDK +
                    " OS: " + Build.VERSION.RELEASE
            //Sets the text to be displayed.
            android_info.text =deviceInfo
        } catch (e: Exception){
            android_info.text =e.message
        }

    }
}

here I try to reverse code my release build. Android Apk decompiler: http://www.javadecompilers.com/apk

Decompiler output:

package com.android.myapplication;

import android.os.Build;
import android.os.Bundle;
import android.util.Log;
import android.view.View;
import android.widget.TextView;
import java.util.HashMap;
import p000a.p002b.p003c.C0034n;
import p082c.p083a.p084a.C0741a;

public final class MainActivity extends C0034n {

    /* renamed from: o */
    public HashMap f2788o;

    /* renamed from: o */
    public View mo2896o(int i) {
        if (this.f2788o == null) {
            this.f2788o = new HashMap();
        }
        View view = (View) this.f2788o.get(Integer.valueOf(i));
        if (view != null) {
            return view;
        }
        View findViewById = findViewById(i);
        this.f2788o.put(Integer.valueOf(i), findViewById);
        return findViewById;
    }

    public void onCreate(Bundle bundle) {
        super.onCreate(bundle);
        setContentView((int) R.layout.activity_main);
        Log.d("myTag", "on create");
        try {
            TextView textView = (TextView) mo2896o(R.id.android_info);
            C0741a.m1859a(textView, "android_info");
            textView.setText(" MOBILE: Android APP VERSION:1.0 MODEL:" + Build.MODEL + " Manufacture:" + Build.MANUFACTURER + " BRAND:" + Build.BRAND + " SDK:" + Build.VERSION.SDK + " OS: " + Build.VERSION.RELEASE);
        } catch (Exception e) {
            TextView textView2 = (TextView) mo2896o(R.id.android_info);
            C0741a.m1859a(textView2, "android_info");
            textView2.setText(e.getMessage());
        }
    }
}

Notes: After enabling the above Gradle setting:

  • App size is reduced 40%
  • It also removed unused classes & res files in my project.
Bolt UIX
  • 5,988
  • 6
  • 31
  • 58
  • 1
    Please do not use `useProguard true`. That setting has been deprecated, and I am not sure exactly what it does right now. With just `minifyEnabled true` R8 will be used to shrink, and with `android.enableR8.fullMode=true` the most aggressive shrinking will be used. You can also experiment with `-repackageclasses` to move to the root package. If you see a class/method which is not obfuscated, you can use the `-whyareyoukeeping` to see what keep rule is being used for that item. – sgjesse Jan 21 '21 at 07:26

1 Answers1

2

It is not possible to obfuscate 100%, because the entry-points would get lost. For example, if you'd obfuscate MainActivity, then the reference in the AndroidManifest.xml would become invalid and you couldn't launch it anymore. This is working as intended, there's nothing to worry about.

Martin Zeitler
  • 1
  • 19
  • 155
  • 216
  • thank u for a response, I disable all below-grade setting, getting the same output when I decompile. I try to decompile very famous app like transit, miles,.. but the code fully obfuscated, I can not find the class name itself. (i think they are uploading some mapping file) (minifyEnabled false/ shrinkResources false/ kotlin.code.style=official/ android.enableR8.fullMode=false) – Bolt UIX Jan 20 '21 at 05:23
  • They do nothing else, else their applications wouldn't run either ...people usually have far more of a problem when obfuscating too much (which may break the application) and not too little. The mapping file is only good for Crashlytics, but is obviously not installed on any end-device. There's even a whole lot more classes, member variables and alike which one must not obfuscate. `Serializable` might be another good example. So how would you use it when it's obfuscated? – Martin Zeitler Jan 20 '21 at 05:37