What methods are being used to protect this Android APK: Reflection? Encryption? How do I reverse engineer it and analyze it?

Question

I know the basics to java programming, but I\'m new to reverse engineering APKs, so explanations would be nice!

---

I have an APK file file, but not the Java source. A

Answer 1

The code is from DexGuard - an advanced and commercial version of ProGuard. It works differently.

Try reading the answers here: Stackoverflow: How does DexGuard encrypts classes?

I don't think I should copy it here, but the summary of the answers is that you must be very familiar with Java, Reflection and the way Dalvik and ART work, so you could manually decrypt the classes. It's hard enough even for a professional.

Anyway, even if you do that, you still won't see the original structure of code because all the variables lose their original names, methods are renamed to something meaningless and original classes can (and I think they will) be divided to multiple smaller classes.

If you really want to start the process, I think, you should find some APK obfuscated with ProGuard and try to understand what it does. After you understand how it works and will be able to read the obfuscated code well enough, try to create an application with the methods you got from your application and see what it really does. I think at some point you will get classes and methods that decrypt the .dat files and will be able to see their content. Good luck.