Reverse Engineering APK an Android app

Sukesh Goud

Sukesh Goud

Nov 27, 2023

4 Min

TABLE OF CONTENTS

  1. What is Reverse Engineering APK?
  2. Android Application build process
  3. Apk analysis workflow
  4. What we need installation
  5. How to Secure

What is Reverse Engineering APK?

Reverse engineering an APK (Android Package) file involves de-compiling and analyzing the compiled code of an Android application. It’s essential to note that reverse engineering can violate the terms of service of some applications and may be illegal in certain contexts. Make sure you have the right to reverse engineer the APK in question, and always respect intellectual property rights and laws

There are two methods to take an Android application part:

Decompile:

  • This method will restore the application to a replica of the source code, and we will be able to understand its components and how it works, but it will be hard to re-compile it again.
  • Tool – Jadx

Disassemble:

  • Using this method, we will take the application apart to some extent with the ability to edit its behavior and re-build it again, but all this will be in Smali instruction (hard to read).
  • Tool – APKtool

Alternatively you can use apktool to extract and disassemble resources directly from the APK archive and disassemble Java bytecode to Smali. apktool allows you to reassemble the package, which is useful for patching and applying changes to e.g. the Android Manifest.

Android Application build process

321.jpg

A tool for reverse engineering 3rd party, closed, binary Android apps. It can decode resources to nearly original form and rebuild them after making some modifications. It also makes working with an app easier because of the project like file structure and automation of some repetitive tasks like building apk, etc.

Apk analysis workflow

322.jpg

What we need installation

  • JRE installed
  • APKtools
  • SignAPK

APKtool

DEX → SMALI

DeX2jar 

  • DEX → JAR → JAVA

Installation for Apktool → Linux

Step:1 Download Linux wrapper script 

URL https://github.com/iBotPeaches/Apktool/blob/master/scripts/linux/apktool

Step:2 Download apktool → apktool_2.6.1.jar

 URL https://bitbucket.org/iBotPeaches/apktool/downloads/

Step:3 Downloaded jar to apktool_2.6.1.jar

323.jpg

Step:3 Renamed downloaded jar to apktool_2.6.1.jar → apktool.jar

324.jpg

Step:4 Move the files apktool to /usr/local/bin (root needed)

325.jpg

Step:5 Move the files apktool.jar to /usr/local/bin (root needed)

326.jpg

Step:6 Observe that you need permission.

327.jpg

Step:7 Permission → chmod 777  apktool.jar.

328.jpg

Step:8 Download apk 

URL https://drive.google.com/u/0/uc?id=0Bx9OKN9cC4IKS0o4N2V2NzZiOUU&export=download

329.jpg

Step:9 Connect device to adb:

If you do not enable- first goto settings >> Developer options and enable debugging mode in device so that adb can communicate with the device → go to directory open terminal → adb devices

330.jpg

Step:10 install the apk – go to directory open terminal → 

331.jpg

adb install -r myapp.apk

Step:11 installed the apk in emulator

332.jpg

Step:12 Open the apk and fill the name and Observe that an authenticated name is required. 

333.jpg

Step:13 Observe that an authenticated user —> sabin. 

334.jpg

Step:14 Let’s start bypassing the authenticated user.

335.jpg

Step:15 Decompile this application → myapp.apk

336.jpg

Step:16 Observe that Decompiled this application —> click on the  smali folder.

337.jpg

Step:17 Go to smali file → com.example.sabin, Open folder myapplication → MainActivity.smali.

338.jpg

Step:18 Open this smali code and Observe that smali code : cond_0  const/4 v0, 0x0 condition = false 

339.jpg

Step:19 Observe that manipulation → 0x0 → 0x1 condition = true, and Save this file.

340.jpg

Step:20 Disassemble apk file → apktool b myapp  

340.jpg

Step:21 Go to disassemble apk file  – Open dist 

341.jpg

Step:22 Disassemble apk → right click open terminal.

342.jpg

Step:23 Generate a key for sign in → keytool -genkey -V -keystore key.keystore -alias APktool -keyalg RSA -keysize 2048 -validity 10000.

343.jpg

Step:24 Generated –> key.keystore → right click open terminal

344.jpg

Step:25  Signed APK → specify alias name → Apktool and password ->123456 → jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore key.keystore myapp.apk APktool

345.jpg

Step:26 Finally successfully signed Apk → myapp.apk

346.jpg

Step:27 Open the signed apk in emulator 

347.jpg

Step:28 Observe that bypassed authenticate → Sukesh is VIP user

348.jpg

How to Secure

Before we go into how to protect an Android app from reverse engineering, let’s look at how to prevent an Android app from being reverse-engineered. 

  • Tamper Detection
  • ProGuard Assistance
  • Use PBKDF2,bcrypt and scrypt hash algorithms
  • Secure User Credentials
  • Hide Api keys
  • use of whitelist commands
  • Database Encryption
  • Add Multi-Factor Security

That’s all for this blog, I hope you enjoyed reading this. In future I will write one more blog that will include some other techniques.

References:

https://www.slideshare.net/

https://www.kali.org/tools/apktool/

Sukesh Goud
Sukesh GoudSecurity Consultant
linkedin

Sukesh Goud, Certbar’s Professional Service Manager, leads Mobile R&D with 5 years’ expertise, excelling in red teaming and mentoring. Distinguished by a robust Mobile and Web App Security research background.

Share

Share to Microsoft Teams
Copyright © 2019 - 2024 Certbar Security Pvt. Ltd. All rights reserved.