Break open the .apk!

I actually started blogging 3 years ago, when I had little to no confidence in what I could be able to do with my blogs. But, I think the right point to pick myself up and start building blocks on those foundation layers would be to resume it.

So, let’s start with this tutorial, which has got 15k views on the video with a lot of people asking questions errors popping up and a lot of drama. This tutorial would be more sophisticated with a lot of tech questions answered, which weren’t earlier.


 

Apktool, so this tool basically unwraps your box of code that you wrote for creating something useful in the tech world hopefully to benefit someone. Ignoring the explanation, basically, this tool helps you look at the structure of the app the contents used to build it like the images, logos and other XML files. You can also look at the code written behind, but sadly it is still in a compiled stage called as smali which we will look at in a different perspective with another tool known as dex2jar which we will look that in a moment.

Before we start any of the stuff, we need to make sure, your computer has Java 1.7 or latest installed for these applications to work. So, let’s start with installing JDK 10 which will install java in return. Head over to this link JDK1.8-Oracle and accept the license agreement and download the suitable file. Windows, Linux, and Mac all are easy to install, you can just open those setup files and install as any other program.

Once installed, for a final testing fire up Terminal (Linux or Mac) or CMD (Windows) and type the command java. If you see some list of options or version name, you are good to get. Else, a quick thing would be to restart your system and test for it again, still doesn’t then reinstall if not the comments section is ready for your firing questions.

Lets, start with downloading a couple of files required for this “thing” to happen. Fire up your favorite internet destination and download the zip file. It has three components that we will be using for decompiling and recompiling the APK file.

Link to download: Apktool-JDGUI-DEX2JAR-TOOLKIT.zip

  1. ApkTool
  2. JD-GUI
  3. DEX2JAR

Once you downloaded the files, extract the zip file. You would see Apktool, JD-GUI, and Dex2JAR. Go ahead into Apktool folder, Based on your operating system choose the folder and grab both the files.

Windows:

  • Move both files (apktool.jar & apktool.bat) to your Windows directory (Usually C://Windows)

Mac and Linux:

  • Move both files (apktool.jar & apktool.sh) to /usr/local/bin (root needed)
  • Make sure both files are executable (chmod +x)

Once you have completed above steps you need to open up terminal/command prompt and test for the command ‘apktool‘. To make sure you have it installed properly.

Now, we need to grab your favorite app file. Lets, go with the Instagram apk for the purpose of this tutorial. You can grab the latest apk here: https://apkpure.com/instagram/com.instagram.android

Lets, begin the action. Once you download the apk, rename the file to Instagram.apk.

  • Fire your terminal/CMD and lets type some of the commands to decode the apk.
  • $ apktool d Instagram.apk
  • It will take a while. Once completed you can see a folder that generated. You get all the assets and smali code of the app and all the other libraries used in the app. Now to recompile we use the same folder to generate the apk back.
  • $ apktool b Instagram/
  • The apk will be built in the folder called ‘dist‘ inside the Instagram folder.

I will talk more about the contents of the application and its structure in the Youtube video.

Second step would be to translate the ‘smali‘ code to java code. There are two methods of doing this. We will look at both one by one.

  1. First method we will convert our apk to jar file using dex2jar utility.
  2. Move to the Dex2JAR/dex2jar-2.0 folder. Make sure to provide the permission to execute for all the scripts.
  3. Move your apk to this folder.
  4. $ ./d2j-dex2jar.sh Instagram.apk
  5. You will see Instagram-dex2jar.jar generated.
  6. Use JD-GUI in the other folder and install JD-GUI for your OS. If you face problems, then you can use jd-gui-1.4.0.jar. To run the jar file use the following command:
  7. $ java -jar jd-gui-1.4.0.jar

Once you see the JD-GUI fire up, just drag and drop the generated JAR file in the step 5. You have finally decompiled the apk, and now can see the project class structure and navigate to all the files.

Youtube video will be more informative and interactive. And I will be updating this post based on the questions posted on the Youtube comment as well as this blog post.

More info on the tools here:

Apktool: https://ibotpeaches.github.io/Apktool/install/

Dex2JAR: https://tools.kali.org/reverse-engineering/dex2jar

JD-GUI: http://jd.benow.ca/

 

Aditya Karnam
Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.