Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Android how to read obfuscated Java code after getting through reverse engineering

I got the Java classes from an APK after using some tools like dex2jar and JD-GUI. As everybody knows Java byte code can be converted to Java classes back so mostly it is optimized and obfuscated through some tools (like ProGuard is used in the case of Android) to make it secure from others. So what I got is obfuscated code and I want to make it error-free, readable, understandable so that I can further modify it for my own purpose (for my personal use only, I don't mean to violate any copyrights). So any help i.e advices, tools, helping material to make this obfuscated code much closer to what was written by a developer or to make it error-free and understandable will help me a lot. Currently my focus is about to reversing obfuscating techniques used by ProGuard like when I tried reverse engineering on my own projects and found that:

  • int resource values can be altered with ids by matching through the R file which is generated with reverse engineering.
  • The if/else conditions mostly converted to while(true) and some continues and breaks.
  • Inner classes mostly broke up to separate files

So, any other techniques and helping material for the above mentioned ways which can describe how to properly reverse them will be very helpful.

like image 285
Umar Qureshi Avatar asked Aug 27 '12 17:08

Umar Qureshi


People also ask

Can you reverse engineer obfuscated code?

The results show that it is possible to reverse engineer obfuscated code but some parts. Obfuscation does protect the code, as all the variable names are changed and every unused method are removed, as well as some methods changed to non-con- ventional ways to program.

How do I obfuscate Java code in Android?

You can obfuscate Android code to provide security against reverse engineering. You can use the Android ProGuard tool to obfuscate, shrink, and optimize your code. Obfuscated code can be more difficult for other people to reverse engineer.


2 Answers

There isn't a magical tool that will refactor obfuscated code into a buildable project. Most likely, you won't be able to decompile and de-obfuscate an APK to be clean and maintainable code. This is a good thing.

There are tools which are better than dex2jar and jd-gui. One of them is apk-deguard, which claims to reverse the process of obfuscation. From their about page:

DeGuard

DeGuard (http://www.apk-deguard.com) is a novel system for statistical deobfuscation of Android APKs, developed at the Software Reliability Lab, ETH Zurich, the same group which developed the widely used JSNice system. Similarly to JSNice, DeGuard is based on powerful probabilistic graphical models learned from thousands of open source programs. Using these models, DeGuard recovers important information in Android APKs, including method and class names as well as third-party libraries. DeGuard can reveal string decoders and classes that handle sensitive data in Android malware.

You should use Enjarify, which is owned by Google, instead of dex2jar. Also, apktool is good for decompiling an APK's resources, which is not handled by dex2jar and enjarify.

Other tools include jadx, procyon, fernflower, show-java, smali/baksmali.


You will need a good IDE for refactoring. JEB looks like a good tool for refactoring. This is a paid tool mostly used by Android security researchers.

like image 121
Jared Rummler Avatar answered Sep 22 '22 01:09

Jared Rummler


This should help: DeObfuscator

like image 38
dragostis Avatar answered Sep 22 '22 01:09

dragostis