There's nothing really complex about this post. In the past I've always maintained that reversing is kind of tough; and that's true if its an EXE,DLL etc. But in the case of an Android application; it really is very easy.
While all this information is already there, here is a very short blog post summarizing how you get from APK to Source. I used a Vuln app available here; but you can use anything really.
If all you want is the source, do the following:
1. Use dex2jar downloaded from here and run ./dex2jar.sh. This results in a JAR
file getting created in the directory where the APK is already
present. The JAR file contains all the JAVA class files; namely the Java
byte code - something that you get once you compile your Java code.
2. Convert your Java byte code into actual Java code. You need something called a Java decompiler for this. You can download one called the Jd-Gui from here - http://jd.benow.ca/#jd-gui-download.Load the JAR into it and use the 'Save all sources' feature to save all the source (Java) files to your disk. Now you can review it like you would review any Java code.
Some other interesting things about APKs though:
1. An APK can be extracted to a folder. Its just a Zip file so any archiving program should do; I use the inbuilt Ubuntu GUI archiving tool. You can also use unzip, 7z, WinRar or anything you want.
2. Look at the file AndroidManifest.xml. It'll open in a Text editor but its largely binary; hence unreadable. Use Apktool to decode this XML file as well as every other XML file in the APK. You can get it from here. Run apktool against the APK. It'll run and give you all the XML files totally decoded; so you can now read them.
3. All the application code is in classes.dex. This is Android Byte code, reversible to Java Byte Code. So we first 'dedex'. Use 'dedexer' that can be found here. Run it as follows: java -jar ddx1.22.jar -d
Nothing in this post is original. I just wanted a place to refer to instead of Googling a million times for the syntax.
While all this information is already there, here is a very short blog post summarizing how you get from APK to Source. I used a Vuln app available here; but you can use anything really.
If all you want is the source, do the following:
1. Use dex2jar downloaded from here and run ./dex2jar.sh
2. Convert your Java byte code into actual Java code. You need something called a Java decompiler for this. You can download one called the Jd-Gui from here - http://jd.benow.ca/#jd-gui-download.Load the JAR into it and use the 'Save all sources' feature to save all the source (Java) files to your disk. Now you can review it like you would review any Java code.
Some other interesting things about APKs though:
1. An APK can be extracted to a folder. Its just a Zip file so any archiving program should do; I use the inbuilt Ubuntu GUI archiving tool. You can also use unzip, 7z, WinRar or anything you want.
2. Look at the file AndroidManifest.xml. It'll open in a Text editor but its largely binary; hence unreadable. Use Apktool to decode this XML file as well as every other XML file in the APK. You can get it from here. Run apktool
3. All the application code is in classes.dex. This is Android Byte code, reversible to Java Byte Code. So we first 'dedex'. Use 'dedexer' that can be found here. Run it as follows: java -jar ddx1.22.jar -d
Nothing in this post is original. I just wanted a place to refer to instead of Googling a million times for the syntax.
3 comments:
The Java decompiler now lives at http://jd.benow.ca/
nice blog.
nice blog.
Post a Comment