How to deploy and use Obfuscapk

How to deploy and use Obfuscapk

When I going to use Obfuscapk,I find its introduction is not very clear,which makes me puzzled. In this blog I’d like to give a more clear introduction with pictures and commands. I am not a native English speaker,so this blog may has a lot of grammatical errors. I am so sorry about these errors. Above all, I hope this blog can help you.

Operating System :Ubuntu 22.04

Docker:lastest version

What is Obfuscapk

Obfuscapk is an open source python to for obfuscating apk code. Nowadays,the reversing tools such as apktools or jd-gui are widely used,it is very easy to analyze your source code. In this case, Obfuscapk aims to make your source code hard to read by obfuscating code in many different ways.

How to install it

In this blog I will teach you how to deploy obfuscapk on your computer by docker. Before we deploy this subject, you have to install docker first.

1. pull the image

sudo docker pull claudiugeorgiu/obfuscapk

2. give this image a tag

sudo docker tag claudiugeorgiu/obfuscapk obfuscapk

after this we can use “docker images” to see our images.

if you can see obfuscapk,that means you have pull it successfully. We can use this command to make a test.

sudo docker run --rm -it obfuscapk --help

if you can see following picture,that means you have deployed it successfully.

how to use it

What we need to do is that put the apk into the docker images. The best way to do this is mounted a local directory. Put your apk in the directory.

Using this order

sudo docker run --rm -it -u $(id -u):$(id -g) -v "<this is your local directory>":"/workdir" obfuscapk  -o ClassRename -o MethodRename -o ResStringEncryption -o Rebuild -o NewAlignment -o NewSignature test.apk

After doing this ,you will find a folder in your local directory.

In this folder you can find obfuscated apk.

We can use reversing tool to reverse the apk and analyze what happened to this apk.

We can get this:

Something you have to remind

The first thing you have to remind is that you have to make sure the sequence of the obfuscating options.

-o Rebuild -o NewAlignment -o NewSignature

these option must be placed at the tail of the sequence.

Another thing is that if you use jd-gui to reverse apk, don’t use open-jdk,download jdk from oracle.

That’s all,hope this blog will help you.