Android how to read obfuscated Java code after getting through reverse engineering

Umar Qureshi picture Umar Qureshi · Aug 27, 2012 · Viewed 8.9k times · Source

I got the Java classes from an APK after using some tools like dex2jar and JD-GUI. As everybody knows Java byte code can be converted to Java classes back so mostly it is optimized and obfuscated through some tools (like ProGuard is used in the case of Android) to make it secure from others. So what I got is obfuscated code and I want to make it error-free, readable, understandable so that I can further modify it for my own purpose (for my personal use only, I don't mean to violate any copyrights). So any help i.e advices, tools, helping material to make this obfuscated code much closer to what was written by a developer or to make it error-free and understandable will help me a lot. Currently my focus is about to reversing obfuscating techniques used by ProGuard like when I tried reverse engineering on my own projects and found that:

  • int resource values can be altered with ids by matching through the R file which is generated with reverse engineering.
  • The if/else conditions mostly converted to while(true) and some continues and breaks.
  • Inner classes mostly broke up to separate files

So, any other techniques and helping material for the above mentioned ways which can describe how to properly reverse them will be very helpful.

Answer

Jared Rummler picture Jared Rummler · Feb 9, 2017

There isn't a magical tool that will refactor obfuscated code into a buildable project. Most likely, you won't be able to decompile and de-obfuscate an APK to be clean and maintainable code. This is a good thing.

There are tools which are better than dex2jar and jd-gui. One of them is apk-deguard, which claims to reverse the process of obfuscation. From their about page:

DeGuard

DeGuard (http://www.apk-deguard.com) is a novel system for statistical deobfuscation of Android APKs, developed at the Software Reliability Lab, ETH Zurich, the same group which developed the widely used JSNice system. Similarly to JSNice, DeGuard is based on powerful probabilistic graphical models learned from thousands of open source programs. Using these models, DeGuard recovers important information in Android APKs, including method and class names as well as third-party libraries. DeGuard can reveal string decoders and classes that handle sensitive data in Android malware.

You should use Enjarify, which is owned by Google, instead of dex2jar. Also, apktool is good for decompiling an APK's resources, which is not handled by dex2jar and enjarify.

Other tools include jadx, procyon, fernflower, show-java, smali/baksmali.


You will need a good IDE for refactoring. JEB looks like a good tool for refactoring. This is a paid tool mostly used by Android security researchers.