Shulou(Shulou.com)06/01 Report--

This article mainly talks about "the method of decompilation and encryption of Apk in Android". Interested friends may wish to have a look. The method introduced in this paper is simple, fast and practical. Let's let the editor take you to learn "the method of Apk decompilation and encryption in Android".

I. composition of Apk files

In the final analysis, the APK file of Android's application is also a compressed file, so you can type the contents of the file by unzipping it, but obviously, when you unzip it and check it out, you will find that many of the things inside are different from what you think. Xml files such as resource files can not be opened, and even if they are opened, they are garbled (which is exactly what Android has encrypted), and some applications will also encrypt image resources (such as QQ Music).

Since you can't see the normal application directly, you need to decompile APK with the help of decompiler software.

2. Necessary tools for decompilation and their use

Android project files are mainly composed of resource files and source code. In order to view the resource files need a tool, this paper uses the apktool tool for decompilation, after compilation can correctly view XML files and other non-XML resource files, which is of great significance for Sinicization. In order to view the source code, you need the help of dex2jar and jd-gui, in which the dex2jar tool is responsible for converting dex files into jar files, while jd-gui is used to view jar files.

1) apktool

A failed experience-wrong use of the apktool Times

Reason: the version of apktool is too low to resolve the current version of apk.

Fix:

It is normal to update the latest version of apktool. The latest version of apktool used in this article is 2.2.2.

Then you can find that xml files such as resource files can be opened normally.

2) Dex2jar

Next, you need to decompile the source code.

The tools Dex2jar and jd-gui are needed. Dex2jar, as its name implies, decompiles dex files into jar files. Jd-gui is used to view the source code in the jar package directly.

The specific step is to extract the apk file to get the classes.dex, which is compiled and packaged by the dx tool, then decompress the downloaded dex2jar, copy the classes.dex to the dex2jar root directory, navigate to that directory under the command line, and run d2j-dex2jar.bat classes.dex classes.dex

You can find a classes-dex2jar.jar file. This file is the source code we need to get.

3) jd-gui

Next, you need to browse the file in jd-gui, and this is the final result

Of course, you also find that the source code is confused, that is, renaming classes, member variables, methods and properties with meaningless letters and deleting useless comments.

III. Encryption process of Apk

Now that it's all mentioned here, let's also take a look at the encryption process of Android Apk.

Because of the particularity of Java bytecode, it is very easy to decompile (as we did just now, with the help of a tool to decompile a QQ Music's Apk), so obviously we will have some protection measures to protect the compiled Class files. We usually use ProGuard to confuse Apk, renaming classes, member variables, methods, and properties with two meaningless letters. (of course, it can delete some useless classes, member variables, methods and properties, delete useless comments, and optimize bytecode files to the maximum)

Now we generally use Android Studio as the development platform. Under this platform, we can easily use ProGuard. Under the Gradle Script folder, open the build.gradle (Module:app) file and display as follows:

MinifyEnable here is the switch that controls whether to start ProGuard. If set to true, ProGuard is enabled for confusion and optimization.

ProguardFiles is divided into two parts, the first half is a system default confusion file, located in the SDK directory tools/proguard/proguard-android.txt, generally use this default file, the other part is the project custom confusion file, you can find this file in the project App folder, in this folder you can define the introduction of third-party dependency package confusion rules. After configuring ProGuard, you can generate obfuscated bytecode files as long as you export Apk using AS.

At this point, I believe you have a deeper understanding of "the method of Apk decompilation and encryption in Android". You might as well do it in practice. Here is the website, more related content can enter the relevant channels to inquire, follow us, continue to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.