I am using to DexGuard to process my android applications.
On DexGuard's Homepage they say it features: XML resource obfuscation
I already tested DexGuard and decompiled my output .apks with apktool.
The problem is ALL resource files are decompiled succesffully, so they have not been obfuscated apparently.
Now my question is, does DexGuard automatically obfuscate XML resources or do i have to activate it somehow in my dexguard-project.txt file?
Is it possible to obfuscate XML resources like strings.xml or am I misunderstanding this feature?
Why do you want to obfuscate strings.xml? is it because you have api keys or oauth secrets in there? If so, then better to move them to assets/config.properties file and load to a java.util.Properties object like this...
Properties appConfigProperties = new Properties();
appConfigProperties.load(context.getAssets().open("config.properties"))
String myApiKey = appConfigProperties.get("my_api_key");
(for brevity I've removed the exception handling)
Be sure to enable asset encryption in your DexGuard config file:
-encryptassetfiles assets/**
I received the following statement from DexGuard:
Resource XML files are obfuscated automatically in release builds,
although the differences may be subtle. You can compare the
differences with for instance aapt d xmltree application.apk
AndroidManifest.xml. We are working on more obfuscation of resources
for upcoming versions.
After executing the proposed command aapt d xmltree application.apk (where application.apk is a simple HelloWorld Application) i finally could see what DexGuard actually obfuscates in XML files:
Each attribute in an XML resource file is identified by a name, but often also by a numeric identifier.
In AndroidManifest.xml for example:
android:versionName(0x010102lc) = "1.0"
In the obfuscation step, DexGuard can remove the name of an attribute, but only if this attribute also has a numeric identifier.
After DexGuard obfuscation the above attribute will look like this:
:(0x010102lc) = "1.0"
As XML elements of strings.xml for instance only have a name and no numeric identifier, there won't be any differences in the decompiled XML file.
Related
My Android Studio was working fine, everything was good but after updating Android Studio to the latest version and updating gradle I got the following error
Could you please provide the solution, thank you
Task :app:processDebugResources FAILED
AGPBI: {"kind":"error","text":"Android resource linking failed","sources":[{}],"original":"AAPT: unknown option '--proguard-minimal-keep-rules'.\n\naapt2 link [options] -o arg --manifest arg files...\n\nOptions:\n -o arg Output path.\n --manifest arg Path to the Android manifest to build.\n -I arg Adds an Android APK to link against.\n -A arg An assets directory to include in the APK. These are unprocessed.\n -R arg Compilation unit to link, using overlay semantics.\n The last conflicting resource given takes precedence.\n --package-id arg Specify the package ID to use for this app. Must be greater or equal to\n 0x7f and can't be used with --static-lib or --shared-lib.\n --java arg Directory in which to generate R.java.\n --proguard arg Output file for generated Proguard rules.\n --proguard-main-dex arg Output file for generated Proguard rules for the main dex.\n --proguard-conditional-keep-rules Generate conditional Proguard keep rules.\n --no-auto-version Disables automatic style and layout SDK versioning.\n --no-version-vectors Disables automatic versioning of vector drawables. Use this only\n when building with vector drawable support library.\n --no-version-transitions Disables automatic versioning of transition resources. Use this only\n when building with transition support library.\n --no-resource-deduping Disables automatic deduping of resources with\n identical values across compatible configurations.\n --enable-sparse-encoding This decreases APK size at the cost of resource retrieval performance.\n -x Legacy flag that specifies to use the package identifier 0x01.\n -z Require localization of strings marked 'suggested'.\n -c arg Comma separated list of configurations to include. The default\n is all configurations.\n --preferred-density arg Selects the closest matching density and strips out all others.\n --product arg Comma separated list of product names to keep\n --output-to-dir Outputs the APK contents to a directory specified by -o.\n --no-xml-namespaces Removes XML namespace prefix and URI information\n from AndroidManifest.xml and XML binaries in res/*.\n --min-sdk-version arg Default minimum SDK version to use for AndroidManifest.xml.\n --target-sdk-version arg Default target SDK version to use for AndroidManifest.xml.\n --version-code arg Version code (integer) to inject into the AndroidManifest.xml if none is\n present.\n --version-code-major arg Version code major (integer) to inject into the AndroidManifest.xml if none is\n present.\n --version-name arg Version name to inject into the AndroidManifest.xml if none is present.\n --replace-version If --version-code and/or --version-name are specified, these\n values will replace any value already in the manifest. By\n default, nothing is changed if the manifest already defines\n these attributes.\n --compile-sdk-version-code arg Version code (integer) to inject into the AndroidManifest.xml if none is\n present.\n --compile-sdk-version-name arg Version name to inject into the AndroidManifest.xml if none is present.\n --shared-lib Generates a shared Android runtime library.\n --static-lib Generate a static Android library.\n --proto-format Generates compiled resources in Protobuf format.\n Suitable as input to the bundle tool for generating an App Bundle.\n --no-static-lib-packages Merge all library resources under the app's package.\n --non-final-ids Generates R.java without the final modifier. This is implied when\n --static-lib is specified.\n --stable-ids arg File containing a list of name to ID mapping.\n --emit-ids arg Emit a file at the given path with a list of name to ID mappings,\n suitable for use with --stable-ids.\n --private-symbols arg Package name to use when generating R.java for private symbols.\n If not specified, public and private symbols will use the application's\n package name.\n --custom-package arg Custom Java package under which to generate R.java.\n --extra-packages arg Generate the same R.java but with different package names.\n --add-javadoc-annotation arg Adds a JavaDoc annotation to all generated Java classes.\n --output-text-symbols arg Generates a text file containing the resource symbols of the R class in\n the specified folder.\n --allow-reserved-package-id Allows the use of a reserved package ID. This should on be used for\n packages with a pre-O min-sdk\n \n --auto-add-overlay Allows the addition of new resources in overlays without\n tags.\n --rename-manifest-package arg Renames the package in AndroidManifest.xml.\n --rename-instrumentation-target-package arg Changes the name of the target package for instrumentation. Most useful\n when used in conjunction with --rename-manifest-package.\n -0 arg File extensions not to compress.\n --no-compress Do not compress any resources.\n --warn-manifest-validation Treat manifest validation errors as warnings.\n --split arg Split resources matching a set of configs out to a Split APK.\n Syntax: path/to/output.apk:[,[...]].\n On Windows, use a semicolon ';' separator instead.\n -v Enables verbose logging.\n --debug-mode Inserts android:debuggable=\"true\" in to the application node of the\n manifest, making the application debuggable even on production devices.\n --strict-visibility Do not allow overlays with different visibility levels.\n -h Displays this help menu\n\n ","tool":"AAPT"}
AAPT: unknown option '--proguard-minimal-keep-rules'.
aapt2 link [options] -o arg --manifest arg files...
Options:
-o arg Output path.
--manifest arg Path to the Android manifest to build.
-I arg Adds an Android APK to link against.
-A arg An assets directory to include in the APK. These are unprocessed.
-R arg Compilation unit to link, using overlay semantics.
The last conflicting resource given takes precedence.
--package-id arg Specify the package ID to use for this app. Must be greater or equal to
0x7f and can't be used with --static-lib or --shared-lib.
--java arg Directory in which to generate R.java.
--proguard arg Output file for generated Proguard rules.
--proguard-main-dex arg Output file for generated Proguard rules for the main dex.
--proguard-conditional-keep-rules Generate conditional Proguard keep rules.
--no-auto-version Disables automatic style and layout SDK versioning.
--no-version-vectors Disables automatic versioning of vector drawables. Use this only
when building with vector drawable support library.
--no-version-transitions Disables automatic versioning of transition resources. Use this only
when building with transition support library.
--no-resource-deduping Disables automatic deduping of resources with
identical values across compatible configurations.
--enable-sparse-encoding This decreases APK size at the cost of resource retrieval performance.
-x Legacy flag that specifies to use the package identifier 0x01.
-z Require localization of strings marked 'suggested'.
-c arg Comma separated list of configurations to include. The default
is all configurations.
--preferred-density arg Selects the closest matching density and strips out all others.
--product arg Comma separated list of product names to keep
--output-to-dir Outputs the APK contents to a directory specified by -o.
--no-xml-namespaces Removes XML namespace prefix and URI information
from AndroidManifest.xml and XML binaries in res/*.
--min-sdk-version arg Default minimum SDK version to use for AndroidManifest.xml.
--target-sdk-version arg Default target SDK version to use for AndroidManifest.xml.
--version-code arg Version code (integer) to inject into the AndroidManifest.xml if none is
present.
--version-code-major arg Version code major (integer) to inject into the AndroidManifest.xml if none is
present.
--version-name arg Version name to inject into the AndroidManifest.xml if none is present.
--replace-version If --version-code and/or --version-name are specified, these
values will replace any value already in the manifest. By
default, nothing is changed if the manifest already defines
these attributes.
--compile-sdk-version-code arg Version code (integer) to inject into the AndroidManifest.xml if none is
present.
--compile-sdk-version-name arg Version name to inject into the AndroidManifest.xml if none is present.
--shared-lib Generates a shared Android runtime library.
--static-lib Generate a static Android library.
--proto-format Generates compiled resources in Protobuf format.
Suitable as input to the bundle tool for generating an App Bundle.
--no-static-lib-packages Merge all library resources under the app's package.
--non-final-ids Generates R.java without the final modifier. This is implied when
--static-lib is specified.
--stable-ids arg File containing a list of name to ID mapping.
--emit-ids arg Emit a file at the given path with a list of name to ID mappings,
suitable for use with --stable-ids.
--private-symbols arg Package name to use when generating R.java for private symbols.
If not specified, public and private symbols will use the application's
package name.
--custom-package arg Custom Java package under which to generate R.java.
--extra-packages arg Generate the same R.java but with different package names.
--add-javadoc-annotation arg Adds a JavaDoc annotation to all generated Java classes.
--output-text-symbols arg Generates a text file containing the resource symbols of the R class in
the specified folder.
--allow-reserved-package-id Allows the use of a reserved package ID. This should on be used for
packages with a pre-O min-sdk
--auto-add-overlay Allows the addition of new resources in overlays without
tags.
--rename-manifest-package arg Renames the package in AndroidManifest.xml.
--rename-instrumentation-target-package arg Changes the name of the target package for instrumentation. Most useful
when used in conjunction with --rename-manifest-package.
-0 arg File extensions not to compress.
--no-compress Do not compress any resources.
--warn-manifest-validation Treat manifest validation errors as warnings.
--split arg Split resources matching a set of configs out to a Split APK.
Syntax: path/to/output.apk:[,[...]].
On Windows, use a semicolon ';' separator instead.
-v Enables verbose logging.
--debug-mode Inserts android:debuggable="true" in to the application node of the
manifest, making the application debuggable even on production devices.
--strict-visibility Do not allow overlays with different visibility levels.
-h Displays this help menu
I had the same problem after updating AS and grade plugin, the problem is with Gradle version 6.1.1 try downgrading to the latest stable one from the project structure till the release of another Gradle version.
Go to -
file -> project structure
This is a common issue
Try these basic solutions:
(Check if it works after trying every solution)
File->Invalidate Cache and restart
Build -> clean project.
Delete the build folder from your code.
Make sure that you have updated all dependencies in the project-level Gradle
file.
I have the .aab that I'm planning to upload on play store for publish, and before publishing I'm trying a decompile to see which data may be exposed to user in a reverse engineering process.
In .aab_FILES/base/ I see the assets.pb and resources.pb protobuffs - can these files be open some in some way? Cause for the moment I haven't found any method to reveal their content.
I am actually looking to see where are values/strings.xml packed - cause they are missing from .aab_FILES/base/res/ location and I wanna make sure my maps API key (which resides in strings.xml) won't be exposed to users.
The resources.pb is a serialization of the strings data, so they can't be directly extracted to xml.
There are 2 ways to go around this:
Convert from aab to apk
Use bundletool to convert the aab to a universal apk and read the xmls from there:
java -jar bundletool-all-1.8.0.jar build-apks --mode=universal --bundle=~/test.aab --output=~/universal.apks
The universal.apks file can now be unzipped. It contains a universal.apk file, which the resources can be taken from like any apk. The easiest way to get readable xml files from the apk is by using apktool:
apktool d ~/unzipped_universal_apks/universal.apk -o ~/unzipped_universal
The folder ~/unzipped_universal now contains the decoded universal.apk and the xml resources should be decoded and readable inside it.
Read the protobuf values directly from the protobuf file
In order to read a protobuf file, you need its scheme (or proto file).
The proto files for an aab are in the aapt2 repository:
Resources.proto which depends on Configuration.proto.
These files can be compiled to workable code in a number of programming languages. I'll show it using python as described here.
First though, the Resources.proto should be modified to import Configuration.proto from the same folder location instead of the original (unless you create the whole necessary folder structure).
So, change:
import "frameworks/base/tools/aapt2/Configuration.proto";
To:
import "Configuration.proto";
Now, in the terminal, run:
protoc --python_out=~/proto_output Configuration.proto Resources.proto
Inside ~/proto_output there will now be 2 files: Configuration_pb2.py Resources_pb2.py.
These files contain the python code to access the protobuf structure for the resources.pb file, as well as the protobuf encoded AndroidManifest.xml.
In order to read the protobuf file run:
from google.protobuf.json_format import MessageToDict
from Resources_pb2 import ResourceTable
res_obj = ResourceTable()
res_pb_file_path = '~/unzipped_app_bundle/base/resources.pb'
with open(res_pb_file_path, 'rb') as f:
content = f.read()
res_obj.ParseFromString(content)
# converting the protobuf object to a nice dictionary representation
res_dict = MessageToDict(res_obj)
Try this given de-compile jar BundleDecompiler
de-compile option:
java -jar BundleDecompiler.jar decompile --in=input_app.aab --out=output_dir
I'm using shortcuts in my application and I have multiple product flavors. I want to get the application Id dynamically for target package.
I've given ${applicationId}, but it's not working. I tried with ${packageName} didn't work. any other alternative?
<shortcut
android:enabled="true"
android:icon="#drawable/ic_barcode_icon"
android:shortcutId="bar_code"
android:shortcutShortLabel="#string/shortcuts_my_bar_code">
<intent
android:action="android.intent.action.VIEW.myBarCode"
android:targetClass="com.appemirates.clubapparel.home.HomeActivity"
android:targetPackage="${applicationId}" />
</shortcut>
Manifest placeholders like ${applicationId} are only supported for the manifest, not arbitrary other XML files, such as shortcut metadata resources.
You could try:
Have a copy of your shortcut XML in each product flavor's source set, where that copy has the hardcoded application ID
Use resValue in Gradle to set up a string resource with the application ID (per flavor), and use #string/... notation to refer to it in the shortcut XML
The first one definitely works but is tedious due to the code duplication. I have not tried the second one.
Otherwise, you would be looking at building your own Gradle plugin or similar processor that could dynamically generate these resources from a template.
you can create BuildConfig parameter through gradle.
You need to add below in specific build flavor
resValue "string", "APP_ID", "com.example.myapp.india"
that will generate string resource as per your build flavor.And you can directly use it as below in your code.
<shortcut
android:enabled="true"
android:icon="#drawable/ic_barcode_icon"
android:shortcutId="bar_code"
android:shortcutShortLabel="#string/shortcuts_my_bar_code">
<intent
android:action="android.intent.action.VIEW.myBarCode"
android:targetClass="com.appemirates.clubapparel.home.HomeActivity"
android:targetPackage="#string/APP_ID" />
</shortcut>
Let me know for more help :)
In your app's build.gradle.kts (Gradle Kotlin DSL) you could add:
android {
// your setup...
androidComponents {
onVariants { variant ->
variant.resValues.put(
variant.makeResValueKey("string", "app_id"),
ResValue(variant.applicationId.get())
}
}
}
Which will write a string into the resources with the name app_id and use the application ID of the variant. You will then be able to reference the string resource using #string/app_id inside your XML resource files. ${applicationId} unfortunately only works in Manifest files, as has been mentioned in the other answers.
This solution should also work with flavours and build types which augment the application ID by using applicationIdSuffix, and thus answers the comment from Get application Id in XML dynamically.
I have a project with following locale values directory:
values
values-en-rHK
values-en-rTH
values and values-en-rHK contains:
<string name="currency">$</string>
values-en-rTH contains:
<string name="currency">฿</string>
After the APK is compiled, it removed the currency key from the values-en-rHK directory. I have verified this by decompiling the APK and looking into the resources.
This causes the app to show ฿, even when the locale is en-HK. Also noticed that all the strings with same text as in values were removed from values-en-rHK in the compiled APK.
Your localized directories are not named correctly. They should follow the pattern specified here:
<resource type>-b+<language code>[+<country code>]
I'm not entirely sure what you were attempting, the following could possibly work:
values
values-b+en+HK
values-b+en+TH
Values that are identical in different localization versions may be removed when compiling the APK, since there is no point to have the same value in multiple resources.
In Xamarin Android, I am working with a DialogPreference class and need to access the full path of the class from the XML. I was having a hard time doing it and checked the obj/Debug where I found this:
The name of the namespace is "IntervalAndroid", and all the corrosponding files are placed in the directory with the hash name.
What am I doing wrong?
I suspect you have updated to Xamarin.Android 5.1, and that this md5 directory is a consequence of the breaking change in the "name mangling scheme for Android Callable Wrappers".
See also:
The release notes: http://developer.xamarin.com/releases/android/xamarin.android_5/xamarin.android_5.1/#Breaking_Changes
The "Android breaking changes" section of the release announcement on the forums http://forums.xamarin.com/discussion/37277/stable-release-xamarin-android-5-1-0-breaking-changes-new-features-and-bug-fixes/p1