There's nothing really complex about this post. In the past I've always maintained that reversing is kind of tough; and that's true if its an EXE,DLL etc. But in the case of an Android application; it really is very easy.
While all this information is already there, here is a very short blog post summarizing how you get from APK to Source. I used a Vuln app available here; but you can use anything really. Here goes:
1. Extract the APK to a folder. Its just a Zip file so any archiving program should do; I use the inbuilt Ubuntu GUI archiving tool.
2. Rename the folder to something like original_helloworld. That's because we will play around with all the files inside and it might be nice to have an original copy somewhere to look at when needed.
3. Look at the file AndroidManifest.xml. It'll open in a Text editor but its largely binary; hence unreadable. Use Apktool to decode this XML file as well as every other XML file in the APK. You can get it from http://code.google.com/p/android-apktool/. Download the main apktool package (contains a JAR) and the platform specific one as well (contains the apktool binary). Run apktool . It'll run and give you all the XML files totally decoded; so you can now read them.
4. You now want to recover code. All code is in classes.dex. Think of Dex as Android Byte code which is reversible to Java Byte Code....which eventually is reversible
to Java code. So we first 'dedex'. You can either use the output of apktool above; which after running gives you its output in a folder called 'smali'. A slightly more
'easy to read' format is given by dedexer though (less spaces; cleaner output) available at http://dedexer.sourceforge.net. You use it as follows to 'dedex' classes.d
ex - java -jar ddx1.22.jar -d /opt/Android/vulnapps/Tmp_test_apps/InsecureBankDeDexed /opt/Android/vulnapps/Tmp_test_apps/InsecureBank.apk_FILES/classes.dex. Look inside InsecureBankDeDexed for the output. So in a nutshell, after we DeDex we get Android Byte code.
5. Once you have Android byte code; since Android code 'looks' very much like Java, you can convert Android byte code to Java byte code. Use dex2jar downloaded from
http://code.google.com/p/dex2jar/ and run it as follows ./dex2jar.sh ../../vulnapps/Tmp_test_apps/InsecureBank.apk. This results in a JAR file getting created in the d
irectory where the APK is already present. The JAR file contains all the JAVA class files; namely the Java byte code - something that you get once you compile your Jav
a code.
6. The last step is to convert your Java byte code into actual Java code. You need something called a Java decompiler for this. You can download one called the Jd-Gui from here - http://java.decompiler.free.fr/?q=jdgui. Once its downloaded, unzip the JAR and store all its class files in a single folder like JavaClassFiles. Launch JD-GUI and select 1 class file. Save the source. Repeat for each class file [Painful I know :(]. You now have all the source code and can do some static analysis on the code :). There's probably some cooler way to decompile all the class files in a folder; but I won't dig too deep into that just now.
Largely this presentation was where I got almost everything from. Will write more when I do some static analysis.
While all this information is already there, here is a very short blog post summarizing how you get from APK to Source. I used a Vuln app available here; but you can use anything really. Here goes:
1. Extract the APK to a folder. Its just a Zip file so any archiving program should do; I use the inbuilt Ubuntu GUI archiving tool.
2. Rename the folder to something like original_helloworld. That's because we will play around with all the files inside and it might be nice to have an original copy somewhere to look at when needed.
3. Look at the file AndroidManifest.xml. It'll open in a Text editor but its largely binary; hence unreadable. Use Apktool to decode this XML file as well as every other XML file in the APK. You can get it from http://code.google.com/p/android-apktool/. Download the main apktool package (contains a JAR) and the platform specific one as well (contains the apktool binary). Run apktool
4. You now want to recover code. All code is in classes.dex. Think of Dex as Android Byte code which is reversible to Java Byte Code....which eventually is reversible
to Java code. So we first 'dedex'. You can either use the output of apktool above; which after running gives you its output in a folder called 'smali'. A slightly more
'easy to read' format is given by dedexer though (less spaces; cleaner output) available at http://dedexer.sourceforge.net. You use it as follows to 'dedex' classes.d
ex - java -jar ddx1.22.jar -d /opt/Android/vulnapps/Tmp_test_apps/InsecureBankDeDexed /opt/Android/vulnapps/Tmp_test_apps/InsecureBank.apk_FILES/classes.dex. Look inside InsecureBankDeDexed for the output. So in a nutshell, after we DeDex we get Android Byte code.
5. Once you have Android byte code; since Android code 'looks' very much like Java, you can convert Android byte code to Java byte code. Use dex2jar downloaded from
http://code.google.com/p/dex2jar/ and run it as follows ./dex2jar.sh ../../vulnapps/Tmp_test_apps/InsecureBank.apk. This results in a JAR file getting created in the d
irectory where the APK is already present. The JAR file contains all the JAVA class files; namely the Java byte code - something that you get once you compile your Jav
a code.
6. The last step is to convert your Java byte code into actual Java code. You need something called a Java decompiler for this. You can download one called the Jd-Gui from here - http://java.decompiler.free.fr/?q=jdgui. Once its downloaded, unzip the JAR and store all its class files in a single folder like JavaClassFiles. Launch JD-GUI and select 1 class file. Save the source. Repeat for each class file [Painful I know :(]. You now have all the source code and can do some static analysis on the code :). There's probably some cooler way to decompile all the class files in a folder; but I won't dig too deep into that just now.
Largely this presentation was where I got almost everything from. Will write more when I do some static analysis.
0 comments:
Post a Comment