2

I know there is apktool for reverse engineering, dex2jar to extract as a jar file. I also heard about proguard which optimizes the codes to make it difficult to understand. But is proguard enough to give protection against reverse engineering? As far as I understand, resource files can still be altered even after using proguard (I am not sure though). Is there any other better techniques? Is there a way so that if someone tries with apktool, the codes as well as the resources both will be corrupted?

Improve this question
2
  • Pay close attention to the actual ROI, not the one you're thinking in your head. Commented Jun 9, 2013 at 13:36
  • Sorry I didn't find the similar post in search. Should I delete this one now? Commented Jun 9, 2013 at 15:12

1 Answer 1

Reset to default
3

But is proguard enough to give protection against reverse engineering?

Only you can define what "enough" is.

As far as I understand, resource files can still be altered even after using proguard

Anything can be altered even after using ProGuard, including resources.

Is there any other better techniques?

It is mathematically impossible to stop reverse engineering. After all, if a CPU can read an instruction and process it, a CPU can read an instruction and decompile it.

ProGuard, DexGuard (an enhanced ProGuard that encrypts resources), putting more logic in C/C++ than Java, and such can help slow down reverse engineering, but they cannot stop it. Hence, once again, only you can define what "enough" is.

Is there a way so that if someone tries with apktool, the codes as well as the resources both will be corrupted?

Well, IMHO, ProGuard doesn't "corrupt" the output of apktool for code. If, however, you think that ProGuard is "enough" for protecting your code, then DexGuard should be "enough" for protecting your resources. DexGuard is a commercial product, though, the last I looked.

If you are worried about reverse engineering, don't write client-side software.

Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

At least, I don't want it to be reversed coded easily. Because, as far I know, many people, just use those tools and alter the resources and doesn't bother much to learn how the code is written and publish it. Where, the main coder might have spent lots of efforts behind coding.
@NafisAbdullahKhan: "Where, the main coder might have spent lots of efforts behind coding" -- there are zero people on the planet, other than perhaps that "main coder", that care about how much effort it took. Again, if you are worried about reverse engineering, don't write client-side software.
That sounds unethical to me, although I am not sure what is considered unethical in this case. Yet, if it's acceptable to everyone then perhaps I should also begin my journey with it. :) But is there any rule where it says, "If you are accused as a copier/modifier of this application, you will be punished"? If not, then I'm good to go. (Or should I post another question about it?)
@NafisAbdullahKhan: "That sounds unethical to me, although I am not sure what is considered unethical in this case" -- I never said that reverse engineering was ethical. "But is there any rule where it says, "If you are accused as a copier/modifier of this application, you will be punished"?" -- please consult with an attorney to discuss copyright laws (and related laws) in your nation with respect to reverse engineering of software.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.