Project 10: Obfuscating an Android App with ProGuard (10 points)

What You Need for This Project

A computer with Android Studio installed

Purpose

Obfuscating the code should make it far more difficult for attackers to reverse-engineer apps.

We'll use the free ProGuard tool to do that.

Problem Statement

First, let's review what you did in the previous project.

You started with an APK file, the sort that is used to distribute Android apps in the Google Play Store and elsewhere.

You disassembled it with apktool:

This created a set of smali files with descriptive names like "LoginActivity" and "RestClient":

Inside the files, there are variables with descriptive names like "username" and "password", as shown below in the "RestClient" file:

For reference, here are the occurrences of "password" in the decompiled APK file we've been using:

Those descriptive names are helpful for the app developer, but they are also helpful for the attackers reverse-engineering the code.

Obfuscation allows the developers to continue seeing helpful names, but conceals them from reverse engineers.

Downloading the Patched App

If you did the previous projects, you probably already have a version of the "EMM-Vulnerable" app.

If you don't have it, download this zip file:

https://samsclass.info/128/proj/AndroidLabs-Base-Sam.zip

Unzip the file.

A folder named "AndroidLabs-Base-Sam" appears.

Start Android Studio

Launch Android Studio.

Click File, "Import Project".

Navigate to the "AndroidLabs-Base-Sam" folder and click OK.

Click Next. Click Finish.

The source code for the app appears, as shown below.

Enabling ProGuard

In the top left pane, expand "Gradle Scripts" and double-click "build.gradle (Module: app)", as shown below.

In the top right pane, change "minifyEnabled" from "false" to true, as indicated by a red outine in the figure below.

Then, in the upper right, click "Sync Now".

Wait a few seconds for the sync to finish and the yellow bar to vanish.

Building the APK

In Android Studio, click Build, "Create Signed APK...".

In the first box, accept the default selection of app and click Next.

In the "Key store path" screen, the path to the key you created in project 9 shoud fill in automatically. All you need to do is to fill in the passwords, as shown below.

Click Next.

Click Finish.

The build fails. A message at the bottom says we need to provide a "proguard-rules.txt" file,

Note the Project Path

Read the error message carefully. It specifies precisely where the file it needs must be put.

On my system, it needs to be:

/Users/sambowne/Downloads/AndroidLabs-Base-Sam2/app/proguard-rules.txt

Finding the SDK Path

In Android Studio, click Tools, Android, "SDK Manager".

Note the SDK path shown at the top, as shown below.

On my system it is

/Users/sambowne/Library/Android/sdk

Copying the Proguard Rules File

We'll use a default proguard-rules file. In complex apps with multiple entry points and external libraries, this file must be customized, but for our simple app the default settings are fine.

If you use a Mac, open a Terminal window and execute this command, replacing the first path with your correct SDK path with "/tools/proguard/proguard-android.txt" appended to it, and the second path with the exact path and filename specified in the error message from Android Studio:

cp /Users/sambowne/Library/Android/sdk/tools/proguard/proguard-android.txt /Users/sambowne/Downloads/AndroidLabs-Base-Sam2/app/proguard-rules.txt

If you are using Windows, use a Command prompt window and the command "copy" instead of "cp".

Building the APK Again

In Android Studio, click Build, "Create Signed APK...".

In the first box, click Next.

In the "Key store path" screen, fill in the passwords, and click Next

Click Finish.

A box pops up saying "Signed APK's generated successfully", as shown below.

Click the "Reveal in Finder" button.

Creating a Workspace for Disassembly

Choose a folder to work in, such as Documents. Create a folder there named Proj10YOURNAME.

Copy the app-release.apk file to your working folder, as shown below.

Copying apktool to your Working Directory

Find "apktool_2.0.0rc3.jar" on your system. If you don't have it, download it from

https://bitbucket.org/iBotPeaches/apktool/downloads

Copy it to your working folder, which is probably a subfolder of the Documents folder.

The APK file and apktool should both be in the same folder, as shown below.

Disassembling an APK with apktool

Open a Command Prompt or Terminal.

Change directory to your working directory and decompile the app with java, as shown below.

cd ~/Documents/P10-YOURNAME
java -jar apktool_2.0.0rc3.jar d app-release.apk

Messages appear as apktool disassembles the app, as shown below.

Click Next.

Viewing Smali Code

Open Finder or Windows Explorer and navigate to your working folder.

Open this series of folders:

app-release
smali
com
securitycompass
androidlabs
base

There are several smali files in there, as shown below.

Notice that many of the filenames are now changed to single letters. The "RestClient" file is no longer visible, but "LoginActivity" is.

Saving a Screen Image

Make sure you can see files with single-letter filenames, such as a.smali and b.smali, as shown above.

Save a full-desktop image.

YOU MUST SUBMIT A FULL-SCREEN IMAGE FOR FULL CREDIT!

Save the image with the filename "YOUR NAME Proj 10", replacing "YOUR NAME" with your real name.

Searching for "password" with grep or FINDSTR

In a Terminal window, from your working directory, execute these commands:

cd app-release cd smali
grep -r password .

If you re using a PC, replace the last command with

FINDSTR /S password ./*

Now there are only three hits, as shown below.

So the attack surface has been decreased, but there are still some informative filenames present.

Turning in your Project

Email the image to cnit.128sam@gmail.com with the subject line: Proj 10 from YOUR NAME

Last modified 3-18-15 12:15 pm