Home Development for Android Protect Android apps from reverse engineering – ProGuard

Protect Android apps from reverse engineering – ProGuard

by admin

ProGuard is a utility for code reduction, optimization and obfuscation.The output is a smaller *.apk, which is much harder to reverse engineer.At developer.android.com says that ProGuard is embedded in the Android app build system. However, I noticed that this utility only appeared in my SDK folder after updating to r9.
ProGuard only runs when you run the build in "release" mode. For those who don’t know how to do it (in Eclipse): right-click to call the context menu of the project, then Export -> Android -> Export Android Application The configuration file appears automatically, when the project is created, in the root of the project, under the name proguard.cfg If it does not show up, check if the utility is in your SDK folder.
Next, to enable the obfuscator itself before building, you need to add to the file /root_of_your_project/default.properties line of the form proguard.config=/path/proguard.cfg where path is the path to the file. This way you can haul one config for a bunch of projects.
So, after the "release" build ProGuard makes a little mess in one of the following folders :

  • /root_of_your_project/proguard – when using Eclipse
  • /root_of_your_project/bin/proguard – when using Ant

Files are created :

  • dump.txt – describes the guts of all the class files in your *.apk
  • mapping.txt – Represents mapping between source and obfuscated classes, class fields, and methods.
  • seeds.txt – list of unobfuscated classes
  • usage.txt – code taken from *.apk

Also, developer.android.com warns that there may be complications with ProGuard’s code processing in the form of ClassNotFoundException To avoid this, you can add a line to the config :

-keep public class <MyClass>

Read more about configuring the configure here In fact, there you can also find a couple of samples
In addition, in the folder /path_to_your_SDK/tools/proguard/bin there is some script called retrace.bat (for Linux/Mac OS X – retrace.sh ). It lets you convert obfuscated to readable, using the above mapping.txt
Syntax for using :

retrace.bat|retrace.sh [-verbose] mapping.txt [<stacktrace_file> ]

For example :

retrace.bat -verbose mapping.txt obfuscated_trace.txt

The script also accepts standard manual text input, in case you are too lazy to write the path to <stacktrace_file> .
If on the first start in "release" mode with ProGuard (with default settings) an error with code 1 will pop up, then most likely you have blanks in the path to your SDK – remove them and everything will work.
Have a nice obfuscation!

You may also like