September 3, 2016 in Android
Sometimes, you may have a situation to reverse engineer your existing APKs for legitimate analysis reasons such as making queries on the app source (including used third party libraries) for getting more inside information.
This post shows you how to revere engineer an existing APK for the purpose of such good reasons (again for purpose of *good* reasons).
Detailed way / Using Mainly Three Tools
In order to reverse engineer an APK file from its source, you need to do the following:
- Exploding APK
- Extracting Java Classes
- Decompiling Java Sources
- Inspecting APK Content
Now, let’s go through them quickly.
First of all, we need to explode the apk file to mainly the apk resources (assets, libraries, and manifest files).
In order to achieve this step, you need to download and use ApkTool which can be found in:
After downloading the jar, execute the library jar as follows.
java -jar apktool_2.2.0.jar decode --no-src myApk.apk
Note that if you do not specify the
no-src parameter, then the Apk tool will decode sources and generate SMALI code (Not Java).
Extracting Java Classes
The second step is to convert the APK DEX file(s) into Java jar file(s). You will be find the DEX files whose names
classes(i).dex pattern under the exploded apk file directory (note that if your apk is multi-dex then beside the main
classes.dex file, you can find
classes3.dex … and so on).
In order to make this extraction, you can use a very good tool called (dex2jar) which can be found below:
Download the zip file and extract it, then run the
dex2jar tool from command line as follows (assuming
dex2jar directory is directly located in the same level of the DEX file(s)).
sh d2j-dex2jar.sh ../myApk/classes.dex -o ../myApk/src.jar
Decompiling Java Sources
After having the jars, now we can simply decompile these jars into original Java sources. For this, we can use the command line Java Decompiler which is available in:
For every jar we have, we can simply decompile it by running
jd-cli as follows.
Inspecting APK Content
Finally, we can inspect the APK content as much as we wish. For example, we can get all the strings in the content which are following a URL pattern by executing the following grep command on the exploded apk root folder.
grep -Eo '(http|https)://[^/"]+' -R .
This command will output the complete list of files whose contents are matching this grep regular expression.
Fast way / Using Jadx
Jadx is a powerful tool for directly converting an APK to its original sources, it can be found in:
So for our myApk.apk, all what we need to get its original source is to use Jadx tool as follows.
Executing the previous command will do all the previous explained three steps for you.
Now, we are done, see you in the next post.