Reverse Engineer Your Favorite Android App
Look inside and explore the contents of an Android Package.
Android Package (APK) is the Android application package file format used by the Android operating system for the distribution and installation of mobile apps. It can be written in either Java or Kotlin.
There are multiple use cases of decompiling an APK, like getting an understanding of implementations of some features done by popular apps.
I have used this recently to investigate one of our customer’s app crash.
If you are short on time and want a quick fix one-time solution, I would recommend using Android APK decompiler. However, as an Android Developer, you should have your setup to have more control over the decompilation process.
I will be using Slide APK to give a detailed walkthrough of the process. It is an open-source application, so we will have the source code to compare our decompilation results with the source code present in GitHub.
Tools you will need —
- Apktool — For reverse engineering Android APK files.
- Dex2jar — Tool to work with android .dex and java .class files.
- JD-GUI — Java Decompiler is a tool to decompile and analyse Java “byte code”.
*click on the name of tool to install.
Now let’s start the decompilation 💣
- Download the .apk file using this link — Slide.apk
- In the terminal, go to the directory where apk is downloaded and run —
apktool d --no-src <apk name> - Running the following command decompiles the resources and the XML files of the APK to human-readable form and the Java, Kotlin code to smali files.
- The binary resources and the XML files have been converted to their original form.
- You can see the
AndroidManifest.xmlfile now.
- The Java/Kotlin code itself has been extracted into a smali folder. Read more about smali here.
Extracting the Code 📂
The code is packed into .dex files. Dex stands for Dalvik Executable. A Dex file contains code that is ultimately executed by the Android Runtime.
In an Application, Dex files are generated based on the number of methods it has. The Dalvik Executable specification limits the total number of methods that can be referenced within a single DEX file to 65,536 — including Android framework methods, library methods, and methods in your code.
When the number of methods exceeds the limit, classes2.dex, classes3.dex files are generated.
We can convert dex files to jar files using the dex2jar tool. Download the dex2jar tool using the above link in the directory where apk was decompiled.
My folder structure looks like this, where the slide folder and dex2jar-2.0 folder are on the same directory.
*I renamed the apk to slide.apk for my convenience
- In the terminal, move to the dex2jar folder and run these 2 scripts —
chmod u+x d2j_invoke.shandchmod u+x d2j-dex2jar.sh
This will enable you to run the dex2jar command and convert dex files to Java files. - Remember to rename your classes.dex file to app-name_classes.dex, because
classes-dex2jar.jaris used as a common name and will be overridden on the next dex2jar conversion. - Now run
./d2j-dex2jar.sh ../slide/slide_classes.dexinside dex2jar-2.0 folder. - This will create
slide_classes-dex2jar.jarfile inside your dex2jar-2.0 folder.
Congratulations, You have decompiled the apk, and now you can see the source code 🎉
Now you can use the JD-GUI tool to see the Java/Kotlin files inside the application.
- Open JD-GUI tool following the instructions written in this link.
- Using JD-GUI, open the slide_classes-dex2jar.jar file present inside the
dex2jar-2.0 folder.
This is a really useful tool to explore your favorite android apps and to check how they have implemented the complex features.
Thank You for reading, have a nice day 😃
