I want to check how DexGuard works but it seems that it doesn’t have a free trial version.
Can DexGuard encrypt an Android application? Or does it simply obfuscate the code? How does DexGuard encryption work? If you could provide code from a sample application run with DexGuard before and after decompilation, it would be great.
ProGuard provides name obfuscation: it can replace the original names of classes, methods, and fields by short, meaningless names. DexGuard additionally provides string encryption and class encryption. The term encryption may be confusing in this context, since these are basically more aggressive types of obfuscation. Designated strings and classes are stored in some intentionally complex encrypted form, and decrypted at runtime with keys and algorithms that are necessarily available to the application. In some ways similarly, the Google Play market can encrypt entire applications for Android 4.1. The runtime environment then decrypts the application before it is executed, in a controlled fashion.
(I am the developer of ProGuard and DexGuard — feel free to get in touch if you’re interested)
DexGuard in old version using “DES” Alg to encrypt specified class. Later it change “AES” alg.
After encrypt Specified class, it store the encrypte data into another class via data array format with decryption method. The decryption method that is static block in Dex is clinit format method which obfuscated using control flow obfuscation and API hiding. So it is a little bit to deobfuscate the decryption method. In other classes , reference the specified class change to reflection opcode. Every time the APK runs, the encrypted class will be decrypted in static method first. And the decrypted classes will be load into dvm memory using reflection API. so other class can reference the specified class properly. That’s it. In my opinion, DexGuard is very powerful obfuscation tool. If each feature obfuscations apply to APK, it will cost you a lot of time to reverse the whole real program.
Although they use the term encryption, it seems that it is really obfuscation. I say this simply because although they may encrypt certain strings/values… the fact that the encryption key must also be stored in the app means that they are providing a “lock” for the code while at the same time packaging the “key” with it.