Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How does DexGuard encrypt classes?

I want to check how DexGuard works but it seems that it doesn't have a free trial version.

Can DexGuard encrypt an Android application? Or does it simply obfuscate the code? How does DexGuard encryption work? If you could provide code from a sample application run with DexGuard before and after decompilation, it would be great.

like image 699
Arci Avatar asked Nov 06 '12 06:11

Arci


People also ask

How DexGuard works?

After encrypt Specified class, it store the encrypte data into another class via data array format with decryption method. The decryption method that is static block in Dex is clinit format method which obfuscated using control flow obfuscation and API hiding. So it is a little bit to deobfuscate the decryption method.

How much does DexGuard cost?

Hey everyone, I am in the process of buying a tool to replace ProGuard, I have tested 2 of them, DexGuard and DashO. Both tools seems to be working good and have much more capabilities than ProGuard, they both are asking for $4,000 yearly subscription, which seems a lot to me.

What is code virtualization?

Code virtualization is a well-known sophisticated obfuscation technique that uses custom virtual machines (VM) to emulate the semantics of original native instructions. Commercial VM-based obfuscators (e.g., Themida and VMProtect) are often abused by malware developers to conceal malicious behaviors.


2 Answers

ProGuard provides name obfuscation: it can replace the original names of classes, methods, and fields by short, meaningless names. DexGuard additionally provides string encryption and class encryption. The term encryption may be confusing in this context, since these are basically more aggressive types of obfuscation. Designated strings and classes are stored in some intentionally complex encrypted form, and decrypted at runtime with keys and algorithms that are necessarily available to the application. In some ways similarly, the Google Play market can encrypt entire applications for Android 4.1. The runtime environment then decrypts the application before it is executed, in a controlled fashion.

(I am the developer of ProGuard and DexGuard -- feel free to get in touch if you're interested)

like image 151
Eric Lafortune Avatar answered Sep 25 '22 04:09

Eric Lafortune


DexGuard in old version using “DES” Alg to encrypt specified class. Later it change "AES" alg. After encrypt Specified class, it store the encrypte data into another class via data array format with decryption method. The decryption method that is static block in Dex is clinit format method which obfuscated using control flow obfuscation and API hiding. So it is a little bit to deobfuscate the decryption method. In other classes , reference the specified class change to reflection opcode. Every time the APK runs, the encrypted class will be decrypted in static method first. And the decrypted classes will be load into dvm memory using reflection API. so other class can reference the specified class properly. That's it. In my opinion, DexGuard is very powerful obfuscation tool. If each feature obfuscations apply to APK, it will cost you a lot of time to reverse the whole real program.

like image 29
QianBin Piao Avatar answered Sep 24 '22 04:09

QianBin Piao