ProGuard and DexGuard

[AdaG]

Hello,

Has anyone done a manual compilation of B4A project through ProGuard or DexGuard ?

I am trying to figure out the process.

Thanks in advance.

 

[KZero]

i know its an old post but anyway as Erel mentioned in other topic Proguard and Dexguard is not compatible.
but i found a new great alternative to Dexguard and support Basic4Android APKs
www.dexprotector.com
i'm using it and strongly recommend it

 

[MaFu]

Sounds good.
But the description says "DexProtector is licensed per seat". Does this mean i can install on one computer only?
Because i need my developer tools on desktop and notebook as minimum.

 

[KZero]

Sounds good.
But the description says "DexProtector is licensed per seat". Does this mean i can install on one computer only?
Because i need my developer tools on desktop and notebook as minimum.

that's true
but you can use this single pc to protect unlimited number of apks

 

[MaFu]

Sure, but it is not a satisfactory solution.
Normally, i have all my actual sources on my notebook if i'm on the way for more than a few days. If DexProtector is installed on my desctop pc, i cannot update.
On the other side if installed on the notebook, i must always run my notebook and transfer the current source on it which is normally not the case at home.

I will have a look on it with the trial license. Maybe a small Win7 virtual machine is a solution.

 

[KZero]

Sure, but it is not a satisfactory solution.
Normally, i have all my actual sources on my notebook if i'm on the way for more than a few days. If DexProtector is installed on my desctop pc, i cannot update.
On the other side if installed on the notebook, i must always run my notebook and transfer the current source on it which is normally not the case at home.

I will have a look on it with the trial license. Maybe a small Win7 virtual machine is a solution.

VM would be good solution if it worked on it also remote connection may help
btw you don't have to move the source code , the app works on the apk file

 

[MaFu]

Now i installed the trial version in a win8 virtual machine. dexprotector works fine without problems. But only with class and resource encryption. If i activate string encryption then my app produces runtime errors.

 

[KZero]

Now i installed the trial version in a win8 virtual machine. dexprotector works fine without problems. But only with class and resource encryption. If i activate string encryption then my app produces runtime errors.

String encryption is a bit heavy if you applied it for all classes
you can use it only on sensitive classes ex : com.application.name.modservice.**
also u can use B4A obfuscation , it provide string encryption

 

[MaFu]

It seems the most (or only) errors with string encryption belongs to events.
My program i used for dexprotector test updates sqlite databases on program start with aftp library.
If the databases are up to date, nothing happens and the program works fine. On database update, the program runs into error and cannot call the aftp event subs.

But you're right, its not needed to encrypt all strings in the program.
I could set all strings which must be secure in a class and protect only this class.
If my program name is "de.opb.opbinfo" and the class "secure" ("secure.bas") then i must use the filter "de.opb.opbinfo.secure.**". Is this correct?

Another good question (which certainly can not be answered here):
What's the difference between B4A obfuscation and dexprotector string encryption?

 

[KZero]

It seems the most (or only) errors with string encryption belongs to events.
My program i used for dexprotector test updates sqlite databases on program start with aftp library.
If the databases are up to date, nothing happens and the program works fine. On database update, the program runs into error and cannot call the aftp event subs.

But you're right, its not needed to encrypt all strings in the program.
I could set all strings which must be secure in a class and protect only this class.
If my program name is "de.opb.opbinfo" and the class "secure" ("secure.bas") then i must use the filter "de.opb.opbinfo.secure.**". Is this correct?

Another good question (which certainly can not be answered here):
What's the difference between B4A obfuscation and dexprotector string encryption?

i didn't face any problems with string encryption except it make the app a bit slower, may be there is conflict with events names as u said

i'm not sure about the filter but i think the right that u try "de.opb.opbinfo.secure" or "de.opb.opbinfo.secure.**" and check the result how many strings encrypted

B4A provide great and fast string encryption that not affecting the app speed but technically i have no idea how both work

here is some extra information about dexprotector

StringEncryption
This mechanism is designed for string encryption in classes. We recommend to encrypt Strings that may contain sensitive data, it’s also useful to encrypt some more Strings in order to knock a malicious person out of the way, and to make the reverse engineering task much more complicated. Our integrity protection mechanism also depends on String Encryption, so the good idea is to have as many strings encrypted until its ok for the performance of an application. To use String Encryption for certain classes, click Select in String Encryption configuration box in the GUI, and set class names, where strings must be encrypted (logins, passwords, API credentials and keys, and so on), for example com.somepackage.**
ClassEncryption
This mechanism is designed for encryption of entire classes. We recommend to use this feature for all your classes, so first try to leave filter empty and check your app’s performance out. If you are satisfied than it is ok, if not than add classes where you have valuable logic, and other sensitive things you want to hide from third eyes in the filter. You also can apply two or more mechanisms on the same classes at the same time, thus String Encryption, Class Encryption may have the same classes in the filters.

ResourceEncryption
This mechanism is designed for resource/assets encryption. Just turn it on, without any filters. We have tried this technique on Minion Rush for example, and the game’s experience, launch time and performance were not significantly degraded.
HideAccess
This technique is experimental at the time. It allows you to hide Google API calls or API of third-party libraries you are using in your project. It would be very hard to start reverse engineering for a potential cracker if this mechanism is turned on.
Anyway there should be some experiments performed in order to get best configuration.


So please consider to have a few classes “String Encrypted”. You might to add such classes to the filter that will not have significant influence on the app’s performance.