Using apkdefender
XTD Protect for Android: Command Line Tools
APKDefender Tool
The apkdefender tool protects an unprotected Android application (APK).
apkdefender operation is controlled with configuration directives given via command line and a JSON configuration file.
The protected application file is named \<original-name>-protected.apk and placed in the same directory as the original application. During protection bytecode is translated to native code, and anti-tamper protections and obfuscation then applied. The protection step can be integrated into your development process, for example in gradle builds.
As much of the bytecode as possible is translated to native code, for best protection. However, specific classes and methods may be excluded, either by default or through manual configuration.
apkdefender directs output information to the stdout. More extensive debug output is saved to the apkdefender.log file in the current working directory.
Basic Usage
To use apkdefender
- Generate a configuration file
- Update the configuration file with your certificate information
- If required, tune the protection by adjusting configuration parameters
- Protect the applicationTo generate a new JSON configuration fileIn the directory containing apkdefender and your .apk file, enter the following command:apkdefender -b new-config <app-release.apk>where app-release.apk is the name of your .apk file.Example JSON configuration fileTo update the configuration file Before protection, your must update the signing certificate location in the configuration file. In a text editor, open the configuration file Signing_certificate: A file path or a list of the file paths for one or more signing certificates. Only RSA certificates are supported, and the certificate must be given in DER or PEM format.
The generated configuration file creates protection scope based on the contents of the .apk file. To validate the scope or to tune it, refer to Defining the Protection Scope.For information on the configuration options refer to Configuration.To protect the applicationEnter the following command:apkdefender -c <path-to-configuration-file> <app-release.apk>The protected app is named app-release-protected.apk.
Command Reference
| Option | Description |
|---|---|
| -c / --configuration-file | Required. Path to the JSON configuration file. |
| -m / --mapping-file | Required. Path to the R8 mapping file. For details on how to use the mapping file for filtering, see section R8 mapping file support <05app_development_considerations.html#r8mappingsupport>__. |
| -b / --build-mode | Optional. Build mode options: new-config: Generate a new sample configuration JSON file, with a protection scope derived from the application activities. The produced scope must be validated, and the signing_certificate <#signingcertificate>__ option value must be added before use. check-protection-status: Check protection status of the application. |
| -w / --working-directory | Optional. The absolute path to a working directory where directory mfjava/mfjava-<app-ID> containing the build files is created. The default working directory location is: - Linux: /tmp/mfjava/mfjava-<app-ID>- macOS: $TMPDIR/mfjava/mfjava-<app-ID>- Windows: %TEMP%/mfjava/mfjava-<app-ID>On Windows, the working directory must be on the same drive as the NDK. |
| -G / --generate-report | Optional. Outputs the protection report file under the current working directory, with name <app-filename>-efficacy_report-<timestamp>, for example app-release.apk-efficacy_report-2024-06-24T11-30-52Z.json. |
| -v / --version | Optional. Outputs the apkdefender tool version information and build date. |
Updated 4 days ago