How to reverse-engineer / decompile an Android APK which was obfuscated using ProGuard?

jenzz picture jenzz · Feb 9, 2013 · Viewed 11k times · Source

Unfortunately, I have lost the source code of one of my apps which I obfuscated using ProGuard.
I still have the .apk file and some config files which were generated by ProGuard:

  1. dump.txt
  2. mapping.txt
  3. seeds.txt
  4. usage.txt

What have I done so far?

  1. Decoded resource files using apktool.
    Yay, I've got those back!

  2. Extracted .apk file and converted the classes.dex file into a .jar file using dex2jar.

If I now view the source code (.jar file) using JD-Gui, I see my obfuscated code. Something like this:

class c {
  TextView a;
  TextView b;
  TextView c;
  TextView d;
  CheckBox e;
}

protected List a(Uri[] paramArrayOfUri) { ... }

protected void a(List paramList) { ... }

Also some loops look a bit weird. I don't write infinite loops:

while (true) {
     if (!localIterator.hasNext())
        return localArrayList;
     ProviderInfo[] arrayOfProviderInfo = ((PackageInfo)localIterator.next()).providers;
     if (arrayOfProviderInfo == null)
        continue;
     int i = arrayOfProviderInfo.length;
}

Is it possible to re-map the obfuscated code to my original source code using any of ProGuard's .txt files? I would like to see my own variable names / method signatures.
Or can these files only be used to follow crash report stack traces?

Answer

Godfrey Nolan picture Godfrey Nolan · Mar 9, 2013

Everything you're looking for is in the mapping.txt file, but I've never seen a tool that would reverse it all. Some of the obfuscations that Proguard performs are not just simple renaming of the methods and variables so chances are you won't be able to do what you're trying to do. retrace.jar that comes with the Proguard download might get you a bit further but I'm pretty sure you have to use that with a stacktrace file.