How It Works

This technology includes the dex code encryption, custom classloader, and implementation of "detect and reject" tactics for preventing interception as well as other hacker attacks. Dex Antidecompiler uses "hidden key encryption". It means that encryption key is not hard-coded but calculated at runtime and thus can't be extracted from the decompiled code. See Password.

Dex Antidecompiler work-flow

Dex Antidecompiler contains Antidecompiler itself and Android Launcher. Antidecompiler encrypts the whole dex file, adds Launcher to encrypted dex, and makes changes in AndroidManifest and Manifest files.

Android Launcher

includes decryptor, class loader and Sonar module. When VM starts it calls Launcher according to the modified Manifests. Android Launcher calls Sonar module that checks the environment integrity and the presence of hacker attacks. When Sonar detects suspicious changes in VM or hacking attempts it just stops the program execution. If everything is OK the execution is passed to decryptor and then to class loader. Finally, the main Activity/Application class of the original program is called.

Before/After

Source classes.dex



Protected APK



Thus, if usual obfuscators make the reverse engineering time consuming, painful, and complicated enough, Dex Antidecompiler makes it absolutely impossible.
Additional technological underpinnings of our algorithms can be found here Apology and DZone.