Intro to Android app structure | mobile pentesting | part 1
بِسْمِ اللَّـهِ الرَّحْمَـٰنِ الرَّحِيم
In the name of Allah
Hello there, I’m Ahmed Hesham currently I'm studying mobile pentesting, i want to share what I’m learning with others maybe it can help u to understand the basic app structure, so sorry for any mistake, I’ll do my best to make it clear as possible.
Ok here we go
What is APK ?
Apk stands for “Android Package Kit.” It is the file format used to distribute and install applications on Android devices. An APK file contains all the necessary components of an Android app, including code, resources, assets, and manifest files. We can easily unzip it and get its components, but it will still be encoded:(
Users can download and install APK files from various sources, such as the Google Play Store or third-party app stores.
Unzipping APK
unzipping APK will give us the components, it will be something like this
Decompiling with APKTool:
APKTool is a popular open-source tool used to decompile and reverse-engineer Android APK files. It allows developers and researchers to extract the APK’s resources, manifest, and smali code (Dalvik bytecode) into a human-readable format. The decompiled code provides insights into how the app functions, its resources, and even allows making modifications to the code.
Advantages:
- Provides human-readable code in smali format, making it easier to understand and analyze.
- Retains the original file structure and resources, making it suitable for modifying and recompiling the APK.
for example decompiling apk with apktool
and you will find all the files decompiled and u can read and analyze them.
In summary, unzipping an APK gives you access to its non-code assets, but the code remains in a compiled form, making it challenging to understand. On the other hand, decompiling with APKTool provides a more insightful view into the app’s functionality and code, as it converts the bytecode into smali, which is human-readable.
we usually care about Assets, lib, META-INF, AndroidManifest.xml, strings.xml.
Dalvik (.dex)
On Android, applications are written in Java but run on the Dalvik virtual machine, designed to work efficiently on battery-powered devices. The Java source code is compiled into a different byte format called the Dalvik executable format, optimized for ARM architecture. This format helps conserve resources and battery life on mobile devices.
The Dalvik executable format is represented as an optimized text file format called .dex . It contains classes that are generated from the Java source code in the Dalvik executable format. If needed, the .dex file can be converted back to a regular text file format.
One important limitation of the .dex file is that it can only contain 65,535 methods. If an application exceeds this limit, it will result in multiple .dex files, named classes.dex, classes2.dex, and so on. Libraries, frameworks, and the Android system itself may also lead to multiple .dex files due to the number of methods they contain.
Overall, the Dalvik virtual machine and .dex file format are crucial components of the Android platform, enabling efficient execution of Java-based applications on ARM architecture-based devices.
“ghex” tool is suitable to disassemble the code sections of the “classes.dex” file, revealing the dalvik executable code (smali code)
we said smali four times before but what is this ??
Smali is an assembly-like programming language used in Android app development and reverse engineering. It is the output of the Dalvik bytecode decompilation process and represents the low-level code that runs on Android’s Dalvik Virtual Machine (DVM), Smali can be considered analogous to assembly language, but for Android applications. Both smali and assembly are low-level, human-readable representations of code that target specific virtual machines or processor architectures.
Ok this is the enough for today, next part we will talk about AndroidManifest.xml, permissions, activities and a small demo application to understand we will summarize all the information we discussed so far for the two parts and see a demo that brings together all the concepts we talked about. This will help us better understand and visualize the process.
if u have a question just text me on @ahmedMhesham12 on X
and Thank you