Android Obfuscation Techniques

Android Obfuscation

• Android Obfuscation is a technique to make reverse engineering harder by transforming the code to fool analysis tools.
• It requires an understanding of Android internals and reverse engineering tools and techniques.

Types of Obfuscation

• Source Code Level: Manipulate the source code files before building, renaming variables, using java reflection, and code flattening.
• Byte Code Level: Convert dex to smali, obfuscate smali files, and repackage the APK with new smali files.

Obfuscation Tools

• ProGuard: An open-source optimizer and obfuscator from Guardsquare, used for source code level obfuscation, comes with Android Studio.
• DexGuard: A commercial version from Guardsquare, more powerful with sophisticated obfuscations, encryption techniques, and obfuscation of native code, control flow, and arithmetic instructions.
• iXGuard: From Guardsquare, for iOS applications, provides name obfuscation, arithmetic obfuscation, string encryption, and is catered for Objective C.
• Obfuscapk: An open-source tool, applies multiple obfuscations at source code and bytecode level.
• DashO: A powerful obfuscation tool, provides control flow obfuscation, string encryption, watermarking, pruning, and renaming.
• Allatori: A Java obfuscator, provides control flow obfuscation, removes debugging information, used for Android applications, and string encryption and variable renaming.
• Quixxi: Provides code obfuscation, malware detection, and tamper detection.

Obfuscation Techniques

• Renaming: Rename variables, class names, and function names to obscure their meaning.
• Overloading: Use multiple methods and fields with the same name but different arguments and return types.
• Hierarchy Flattening: Repackage classes to obscure the class hierarchy.
• Encryption: Encrypt strings, classes, and functions to provide better security.
• Reflection: Use Java reflections to replace direct access of classes and methods.
• Native Call Wrappers: Use native call wrappers to obscure the nature of the function.
• Opaque Predicates: Use predicates that always evaluate to true or false to generate false branches and increase the control flow complexity.
• Packing Numeric Variables: Pack multiple variables into a single variable to obscure their values.
• Injecting Bad Code: Inject junk code into unreachable areas to increase the complexity of the code without affecting its functionality.
• Control Flow Flattening: Flatten the control flow to hide the logic of the program.

When to Obfuscate

• During Development: Obfuscate source code during development, requires access to source code and understanding of the consequences of the transformation.
• After Building: Obfuscate bytecode after building the program, requires access to the building tool's internals and consideration of the bytecode structure.

Dex Code Analyzing Tools

• Dexdump: Uses linear sweep, comes with Android Studio.
• Dedexer: Uses linear sweep, analyzes data and layout, and provides low-level obfuscation.