Ready to Start Your Career?

How to Reverse Engineering an Android Application Package (APK)

Divya Lakshmanan's profile image

By: Divya Lakshmanan

October 5, 2016

android-techHave you wanted to look inside the code of your Android application to see how it works?Here is a technique for you. I have done this on Kali. You can also perform this procedure on other Linux distros as well as Windows also (you need to download the required tools).Prerequisites:1) Basic knowledge of Android ProgrammingTools required:1) adb (can be installed by typing a simple 'apt-get install adb' at the shell prompt)2) apktool (installed in Kali by default)3) d2j-dex2jar (installed in Kali by default)4) JD-GUI (download from a rooted android device to extract the apkSteps:
  1. First check if adb is installed in your device by typing 'adb' at the terminal. You should be able to see help and options available for the tool.
  2. Next we need to choose the apk to the processed. In your rooted android device, make sure the 'USB Debugging' option is selected.
  3. Next at the terminal we type:
#adb start-serverThis enables us to interact with the android device on a file system level. We would get a prompt like this,shell@android:/$Type 'su' to get the root user prompt like this,shell@android:/#Now navigate to the /data/app/ folder to view the list of apk files installed in your device. Type 'ls' command at the lsYou will see a bunch of apk files. Now pick an apk file to be processed and note down its name.Open another instance of the terminal and type the following command, to extract the chosen apk to a folder on the desktoproot@kali:~# adb pull /data/app/<filename.apk> /root/Desktop/ProjectNow navigate to /root/Desktop/Project folder in the terminal and type the following command,root@kali:~/Desktop/Project# apktool decode <filename.apk>Via the GUI file explorer, go to the Project folder and view its contents. You will see a new folder with the name of the apk, which has been generated by 'apktool'. Inside that folder you will see a file called 'AndroidManifest.xml'. This is the file that holds all the permissions of the Android App. When we download an application from the Google Play store, we will be shown a list of permissions to be granted or denied. Permissions like 'this app needs permission to access the gallery', 'this app needs access to your contacts', etc., are all dictated by this xml file. This file is useful in Malware Analysis, where an app may be getting extra permissions to run its own malicious code.Now type the following command at the prompt:root@kali:~/Desktop/Project# unzip <filename.apk>Another bunch of files appear in your folder. The file which we will use in the next step is 'classes.dex'.This dex file is a collection of the classes in your package. To be able to view those classes, we first convert the dex file to a jar file by typing the following command.root@kali:~/Desktop/Project# d2j-dex2jar classes.dexIn few seconds you will notice a jar file appears in your folder.The JD-GUI tool once downloaded is seen as a .deb package (On Debian machines). To install a .deb package, type in the terminal,root@kali:~/Downloads# chmod +x jd-gui*.debroot@kali:~/Downloads# dpkg -i jd-gui*.debThe first command gives executable permissions to the package and the second command installs it.Once installed, JD-GUI can be found in your Applications Menu. Open JD-GUI and search for a jar file to view, by clicking File -> Open.Select the jar file that was the result of the d2j-dex2jar command.On the left pane you can see a list of the packages that the APK has. Inside each package you will see a bunch of .class files.which are the result of compiled Java code. Click on a class file and see in the middle pane, you can see the Android APIs that are in use by the application. You will also see variables like localParams, localBundle, etc. The variable names that have been used in the original .java file are displayed like this in the compiled class file.You can use this technique to simply view the inner working of an Android Application or to tweak the code and recompile the apk to make your own version of the application. However, kindly note that this technique works only for user-installed apps. For system apps present in the /system/app folder, the 'classes.dex' file will not get generated by 'unzipping' the apk. Tools like baksmali and smali need to be used and it is a whole new procedure.Thank you for reading! Hope you enjoyed Reverse Engineering an APK.
Schedule Demo