How to Reverse Engineering an Android Application Package (APK)

October 5, 2016 | Views: 19949

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here


Have you wanted to look inside the code of your Android application to see how it works?
Here is a technique for you. I have done this on Kali. You can also perform this procedure on other Linux distros as well as Windows also (you need to download the required tools).

Prerequisites:

1) Basic knowledge of Android Programming

Tools required:

1) adb (can be installed by typing a simple ‘apt-get install adb’ at the shell prompt)
2) apktool (installed in Kali by default)
3) d2j-dex2jar (installed in Kali by default)
4) JD-GUI (download from http://jd.benow.ca)
5) a rooted android device to extract the apk

Steps:

  1. First check if adb is installed in your device by typing ‘adb’ at the terminal. You should be able to see help and options available for the tool.
  2. Next we need to choose the apk to the processed. In your rooted android device, make sure the ‘USB Debugging’ option is selected.
  3. Next at the terminal we type:

#adb start-server

This enables us to interact with the android device on a file system level. We would get a prompt like this,

shell@android:/$

Type ‘su‘ to get the root user prompt like this,

shell@android:/#

Now navigate to the /data/app/ folder to view the list of apk files installed in your device. Type ‘ls’ command at the prompt.

shell@android:/# ls

You will see a bunch of apk files. Now pick an apk file to be processed and note down its name.

Open another instance of the terminal and type the following command, to extract the chosen apk to a folder on the desktop

root@kali:~# adb pull /data/app/<filename.apk> /root/Desktop/Project

Now navigate to /root/Desktop/Project folder in the terminal and type the following command,

root@kali:~/Desktop/Project# apktool decode <filename.apk>

Via the GUI file explorer, go to the Project folder and view its contents. You will see a new folder with the name of the apk, which has been generated by ‘apktool’. Inside that folder you will see a file called ‘AndroidManifest.xml‘. This is the file that holds all the permissions of the Android App. When we download an application from the Google Play store, we will be shown a list of permissions to be granted or denied. Permissions like ‘this app needs permission to access the gallery’, ‘this app needs access to your contacts’, etc., are all dictated by this xml file. This file is useful in Malware Analysis, where an app may be getting extra permissions to run its own malicious code.

Now type the following command at the prompt:

root@kali:~/Desktop/Project# unzip <filename.apk>

Another bunch of files appear in your folder. The file which we will use in the next step is ‘classes.dex‘.

This dex file is a collection of the classes in your package. To be able to view those classes, we first convert the dex file to a jar file by typing the following command.

root@kali:~/Desktop/Project# d2j-dex2jar classes.dex

In few seconds you will notice a jar file appears in your folder.

The JD-GUI tool once downloaded is seen as a .deb package (On Debian machines). To install a .deb package, type in the terminal,

root@kali:~/Downloads# chmod +x jd-gui*.deb
root@kali:~/Downloads# dpkg -i jd-gui*.deb

The first command gives executable permissions to the package and the second command installs it.

Once installed, JD-GUI can be found in your Applications Menu. Open JD-GUI and search for a jar file to view, by clicking File -> Open.
Select the jar file that was the result of the d2j-dex2jar command.

On the left pane you can see a list of the packages that the APK has. Inside each package you will see a bunch of .class files.
which are the result of compiled Java code. Click on a class file and see in the middle pane, you can see the Android APIs that are in use by the application. You will also see variables like localParams, localBundle, etc. The variable names that have been used in the original .java file are displayed like this in the compiled class file.

You can use this technique to simply view the inner working of an Android Application or to tweak the code and recompile the apk to make your own version of the application. However, kindly note that this technique works only for user-installed apps. For system apps present in the /system/app folder, the ‘classes.dex’ file will not get generated by ‘unzipping’ the apk. Tools like baksmali and smali need to be used and it is a whole new procedure.

Thank you for reading! Hope you enjoyed Reverse Engineering an APK.

Share with Friends
FacebookTwitterLinkedInEmail
Use Cybytes and
Tip the Author!
Join
Share with Friends
FacebookTwitterLinkedInEmail
Ready to share your knowledge and expertise?
10 Comments
  1. Thanks me trying it at this weekend….
    loving cybrary loving Android loving Kali

    Thanks very interesting 🙂

  2. Just to add, you don’t really need to pull the apk out of your device. Use apkdrawer or similar sites to get the apks you want. One of the things missing in the article is to create an apk again from the reverse engineered code. From a Java perspective, I haven’t found any tool that can do that yet (maybe just using the normal android studio will suffice, but I haven’t personally tried that). There is something known as smali reverse engineering and a lot of tools available to decompile into smali and recompile back the apk. Search XDA/Google if you want to get your hands on one of these tools.

    For windows users, I can recommend Virtuous Ten Studio (VTS) ;). Enjoy!

  3. does Kali have to have the DHCP connection? I skipped this step when installing my kali 2.0 through VMware

  4. i am trying this, will contact you if i need any help

  5. thanks for the info, very interesting

Page 1 of 212»
Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel