Whitehat: Reverse Engineering Android APK.

Android Apk files

Android Apk file extension is an android operating systems executable normally referred to as applications. If further understanding , Apk (Android packaging) is a package that contains program files that lets the Apk run in the operating system.

To be a able to reverse engineer an apk , we will first want to know what it is contained in the package, An Apk contains the following ;

res
META-INF
lib
assets
classes.dex
Android manifest

The above contents contains different files that includes signing , the XML files ,images and icons that gives the graphical layout of an android application. The most important content that has the source code of an Apk is the classes.dex file. This is where our interest lies.

So we have to decompile it to the source programming language - normally java but before we do that we first have to make sure we have all requirements . We must have the following,

An Apk file (Android app- open source)

Winrar for windows (windows)

Apk tool.zip (windows)

Dex2jar.exe(windows)

STEP 1
- Install all the windows softwares above (get their tutorials if it looks new to you)
- Rename your apk extension to zip. Eg name.apk to name.zip
- This enables you to open the app in winrar unpackaging software. As shown in the image bellow
- Extract file to a folder ie on your desktop e.tc
STEP 2
- We are going to decompile the classes.dex file using Dex2jar program to get java source code
NB
- Performing this requires you to have java programming skills.
STEP 3
- After you have decompiled and edited the java script, at times you may use Apk tool to get the .smali file (not for the Novice reverse engineers) so as to edit the java strings. Editing is called debugging .
- After recompiling the codes , you have to change the java classes to classes.dex.
This is done using Apktool or Eclipse SDK (check manual on how to convert java classes to classes.dex by pressing F1 in Eclipse)

STEP 4
- Replace the classes.dex with the new one in the mothe folder.
- Zip it using Winrar to get a zipped file.
- Change the extension Zip to Apk file.
STEP 5
- Now you need to sign your APK file.
- When publishing an application you need to sign the .apk file with a certificate using a private key. The Android system uses the certificate to identify the author of an application and establish trust relationship between applications. The classic way of doing this was to use keytool then sign it with jarsigner but because most of us don’t have a keystore we can use a alternative called SignAPK.
GET THE STEP BY STEP PROCEDURE TO REVERSE AN APK APP BY THE USE OF APKTOOL HERE

Search Whitehat Blog

Tuesday, 1 April 2014

Reverse Engineering Android APK.

Android Apk files

Android Apk file extension is an android operating systems executable normally referred to as applications. If further understanding , Apk (Android packaging) is a package that contains program files that lets the Apk run in the operating system.

To be a able to reverse engineer an apk , we will first want to know what it is contained in the package, An Apk contains the following ;

res

META-INF

lib

assets

classes.dex

Android manifest

The above contents contains different files that includes signing , the XML files ,images and icons that gives the graphical layout of an android application. The most important content that has the source code of an Apk is the classes.dex file. This is where our interest lies.

So we have to decompile it to the source programming language - normally java but before we do that we first have to make sure we have all requirements . We must have the following,

An Apk file (Android app- open source)

Winrar for windows (windows)

Apk tool.zip (windows)

Dex2jar.exe(windows)

STEP 1

Install all the windows softwares above (get their tutorials if it looks new to you)

Rename your apk extension to zip. Eg name.apk to name.zip

This enables you to open the app in winrar unpackaging software. As shown in the image bellow

Extract file to a folder ie on your desktop e.tc

STEP 2

We are going to decompile the classes.dex file using Dex2jar program to get java source code

NB

Performing this requires you to have java programming skills.

STEP 3

After you have decompiled and edited the java script, at times you may use Apk tool to get the .smali file (not for the Novice reverse engineers) so as to edit the java strings. Editing is called debugging .

After recompiling the codes , you have to change the java classes to classes.dex.

This is done using Apktool or Eclipse SDK (check manual on how to convert java classes to classes.dex by pressing F1 in Eclipse)

STEP 4

Replace the classes.dex with the new one in the mothe folder.

Zip it using Winrar to get a zipped file.

Change the extension Zip to Apk file.

STEP 5

Now you need to sign your APK file.

GET THE STEP BY STEP PROCEDURE TO REVERSE AN APK APP BY THE USE OF APKTOOL HERE

No comments:

Post a Comment