I want to check how DexGuard works but it seems that it doesn't have a free trial version.
Can DexGuard encrypt an Android application? Or does it simply obfuscate the code? How does DexGuard encryption work? If you could provide code from a sample application run with DexGuard before and after decompilation, it would be great.
After encrypt Specified class, it store the encrypte data into another class via data array format with decryption method. The decryption method that is static block in Dex is clinit format method which obfuscated using control flow obfuscation and API hiding. So it is a little bit to deobfuscate the decryption method.
Hey everyone, I am in the process of buying a tool to replace ProGuard, I have tested 2 of them, DexGuard and DashO. Both tools seems to be working good and have much more capabilities than ProGuard, they both are asking for $4,000 yearly subscription, which seems a lot to me.
Code virtualization is a well-known sophisticated obfuscation technique that uses custom virtual machines (VM) to emulate the semantics of original native instructions. Commercial VM-based obfuscators (e.g., Themida and VMProtect) are often abused by malware developers to conceal malicious behaviors.
ProGuard provides name obfuscation: it can replace the original names of classes, methods, and fields by short, meaningless names. DexGuard additionally provides string encryption and class encryption. The term encryption may be confusing in this context, since these are basically more aggressive types of obfuscation. Designated strings and classes are stored in some intentionally complex encrypted form, and decrypted at runtime with keys and algorithms that are necessarily available to the application. In some ways similarly, the Google Play market can encrypt entire applications for Android 4.1. The runtime environment then decrypts the application before it is executed, in a controlled fashion.
(I am the developer of ProGuard and DexGuard -- feel free to get in touch if you're interested)
DexGuard in old version using “DES” Alg to encrypt specified class. Later it change "AES" alg. After encrypt Specified class, it store the encrypte data into another class via data array format with decryption method. The decryption method that is static block in Dex is clinit format method which obfuscated using control flow obfuscation and API hiding. So it is a little bit to deobfuscate the decryption method. In other classes , reference the specified class change to reflection opcode. Every time the APK runs, the encrypted class will be decrypted in static method first. And the decrypted classes will be load into dvm memory using reflection API. so other class can reference the specified class properly. That's it. In my opinion, DexGuard is very powerful obfuscation tool. If each feature obfuscations apply to APK, it will cost you a lot of time to reverse the whole real program.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With