# Exercise 2

## Smali and Baksmali

Assembler/disassembler for the DEX format used by Dalvik.

* smali = "assembly" of the DEX bytecode.
* backsmaling = decompiling to smali.

Allows converting a DEX blob to something “more human friendly”.

* Similar to Assembly language in a common CPU.

Why? Isn’t DEX <- -> class possible?

* With recent compiler optimizations (and Kotlin, and obfuscation) not always.
* It’s possible to compile DEX (smali) -> class -> Java, but the code may not be correct.
* Use of smali enables patching DEX bytecode directly (although it’s more complex).

## HelloWorld.smali

<figure><img src="https://1103423335-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FvyEajzuIz0PAtDiV6JcU%2Fuploads%2FVh33jdPDn8b7QnoojMfa%2Fa.png?alt=media&#x26;token=91e133ad-5ef2-4304-ac8a-ccfbd6c55028" alt=""><figcaption></figcaption></figure>

## Hello Android App

<figure><img src="https://1103423335-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FvyEajzuIz0PAtDiV6JcU%2Fuploads%2FeQBS0yUoKIJ7L6WoHf3z%2Fa.png?alt=media&#x26;token=c9895d13-64b1-467a-b32d-2dc64526fe67" alt=""><figcaption></figcaption></figure>

<figure><img src="https://1103423335-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FvyEajzuIz0PAtDiV6JcU%2Fuploads%2Fu9fWda5HstK3WwqbVZsT%2Fa.png?alt=media&#x26;token=b4cfcee0-54f1-4699-a12f-ebc32cc1eb64" alt=""><figcaption></figcaption></figure>

## Obfuscation

Quite a few DEX “obfuscators” exist, with different approaches:

* Functionally similar to binutils’ strip, either java (ProGuard) or sDEX.
* Rename methods, fields and class names.
* Break down string operations to “chop” hard-coded strings, or encrypt them.
* Can use dynamic class loading (DexLoader classes) to impede static analysis.
* Can add dead code and dummy loops (with minor impact on performance).
* Can also use *goto* into other instructions (or switches).

Additional advantage: As obfuscators remove dead code, applications become smaller.

In practice, obfuscation is quite limited, due to:

* Reliance on Android Framework APIs (which remain unobfuscated).
* JDWP and application debuggability at the Java level.
* If Dalvik can execute it, so can a proper analysis tool.
* Popular enough obfuscators have de-obfuscators...
* Cannot obfuscate Activities.

About 25% of applications have some form of obfuscation.

### Objectives

**Code shrinking (or tree-shaking)**: detects and safely removes unused classes, fields, methods, and attributes.

**Resource shrinking**: removes unused resources from a packaged app, including unused resources in the app’s library dependencies.

**Obfuscation**: shortens the name of classes and members, which results in reduced DEX file sizes.

**Optimization**: inspects and rewrites your code to further reduce the size of your app’s DEX files.

* Unreachable code is removed from the application.

### How to enable

<figure><img src="https://1103423335-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FvyEajzuIz0PAtDiV6JcU%2Fuploads%2FYgezal03bfqtU7J0owSm%2Fa.png?alt=media&#x26;token=b1eb9842-32ac-41a9-89dc-3d8f9830373c" alt=""><figcaption></figcaption></figure>