[Update: Not leaked] Source code for DexGuard, commercial anti-piracy software, leaks online
DexGuard is a popular commercial anti-piracy software written by Guardsquare which can help obfuscate an APK file. It’s pretty easy to decompile an Android app and take a look at its internal workings, but obfuscation programs such as DexGuard make that pretty difficult. The software protects applications from reverse engineering attacks too, to prevent users from figuring out how the app does exactly what it does. This, in turn, prevents piracy, as it makes it a lot harder for attackers to figure out how to bypass anti-piracy checks. However, an older version of DexGuard has had its source code leaked on GitHub.
The code has been confirmed to be real, largely thanks to Guardsquare themselves filing a DMCA takedown request on the initial GitHub repository for copyright infringement.
“The listed folders (see below) contain an older version of our commercial obfuscation software (DexGuard) for Android applications. The folder is part of a larger code base that was stolen from one of our former customers.”
If you’ve never heard of DexGuard though, you may have heard of ProGuard. ProGuard is a generic Java obfuscator, while DexGuard applies specifically to Android applications. ProGuard is completely free and open source as well. Both work perfectly fine on Android apps.
The ramifications of the company’s source code being stolen are unclear at this point in time. The source code has popped up in many different places across the internet, so it doesn’t seem as if it’ll be going away any time soon. Over 200 forked repositories were discovered by Guardsquare containing the infringing code at the time of the DMCA takedown on the original. It may give an idea of the internal workings of its obfuscation methods to those trying to decompile and modify Android apps protected by the software, though it’s unknown how much of an advantage the source code may give. For developers relying on the security of DexGuard, there’s no reason to panic just yet.
Update: DexGuard source code not leaked
It appears that DexGuard’s source code hasn’t leaked, rather configuration files and other tools to get developers started in using it.
Source: TorrentFreak Via: AndroidPolice