Sukesh Goud
Nov 27, 2023
•
4 Min
TABLE OF CONTENTS
Share
Reverse engineering an APK (Android Package) file involves de-compiling and analyzing the compiled code of an Android application. It’s essential to note that reverse engineering can violate the terms of service of some applications and may be illegal in certain contexts. Make sure you have the right to reverse engineer the APK in question, and always respect intellectual property rights and laws
There are two methods to take an Android application part:
Alternatively you can use apktool to extract and disassemble resources directly from the APK archive and disassemble Java bytecode to Smali. apktool allows you to reassemble the package, which is useful for patching and applying changes to e.g. the Android Manifest.
A tool for reverse engineering 3rd party, closed, binary Android apps. It can decode resources to nearly original form and rebuild them after making some modifications. It also makes working with an app easier because of the project like file structure and automation of some repetitive tasks like building apk, etc.
APKtool
DEX → SMALI
DeX2jar
Installation for Apktool → Linux
Step:1 Download Linux wrapper script
URL https://github.com/iBotPeaches/Apktool/blob/master/scripts/linux/apktool
Step:2 Download apktool → apktool_2.6.1.jar
URL https://bitbucket.org/iBotPeaches/apktool/downloads/
Step:3 Downloaded jar to apktool_2.6.1.jar
Step:3 Renamed downloaded jar to apktool_2.6.1.jar → apktool.jar
Step:4 Move the files apktool to /usr/local/bin (root needed)
Step:5 Move the files apktool.jar to /usr/local/bin (root needed)
Step:6 Observe that you need permission.
Step:7 Permission → chmod 777 apktool.jar.
Step:8 Download apk
URL https://drive.google.com/u/0/uc?id=0Bx9OKN9cC4IKS0o4N2V2NzZiOUU&export=download
Step:9 Connect device to adb:
If you do not enable- first goto settings >> Developer options and enable debugging mode in device so that adb can communicate with the device → go to directory open terminal → adb devices
Step:10 install the apk – go to directory open terminal →
adb install -r myapp.apk
Step:11 installed the apk in emulator
Step:12 Open the apk and fill the name and Observe that an authenticated name is required.
Step:13 Observe that an authenticated user —> sabin.
Step:14 Let’s start bypassing the authenticated user.
Step:15 Decompile this application → myapp.apk
Step:16 Observe that Decompiled this application —> click on the smali folder.
Step:17 Go to smali file → com.example.sabin, Open folder myapplication → MainActivity.smali.
Step:18 Open this smali code and Observe that smali code : cond_0 const/4 v0, 0x0 condition = false
Step:19 Observe that manipulation → 0x0 → 0x1 condition = true, and Save this file.
Step:20 Disassemble apk file → apktool b myapp
Step:21 Go to disassemble apk file – Open dist
Step:22 Disassemble apk → right click open terminal.
Step:23 Generate a key for sign in → keytool -genkey -V -keystore key.keystore -alias APktool -keyalg RSA -keysize 2048 -validity 10000.
Step:24 Generated –> key.keystore → right click open terminal
Step:25 Signed APK → specify alias name → Apktool and password ->123456 → jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore key.keystore myapp.apk APktool
Step:26 Finally successfully signed Apk → myapp.apk
Step:27 Open the signed apk in emulator
Step:28 Observe that bypassed authenticate → Sukesh is VIP user
Before we go into how to protect an Android app from reverse engineering, let’s look at how to prevent an Android app from being reverse-engineered.
That’s all for this blog, I hope you enjoyed reading this. In future I will write one more blog that will include some other techniques.
References:
Share