Frameworks
APKInspector
APKinspector is a powerful GUI tool for analysts to analyze the Android applications.
APKTool
Tool for reverse engineering 3rd party, closed, binary Android apps. It can decode resources to nearly original form and rebuild them after making some modifications.
To decompile:
apktook d package.apk
To build after the modifications:
apktook b package
References:
Sign an apk
Recompile APK:
apktool b decompiled/apk/directory -o app-patched.apk
Zipalign APK to make it compatible with Android:
zipalign -p 4 app-patched.apk app-aligned.apk
Sign APK with Android debug key (Password: android):
apksigner sign --ks ~/.android/debug.keystore app-aligned.apk
If you don’t have Android Studio installed, use those commands instead, to sign the apk:
Create a signing key
keytool -genkey -v -keystore my-release-key.jks -keyalg RSA -keysize 2048 -validity 10000 -alias my-alias
Sign the APK:
apksigner sign --ks my-release-key.jks app-aligned.apk
Androguard
Androguard is a full python tool to play with Android files.
For decoding Android XML (AXML):
androguard axml res/xml/network_security_config.xml
For decoding resources.arsc:
androguard arsc resources.arsc
Mobile Security Framework – MobSF
Mobile Security Framework is an intelligent, all-in-one open source mobile application (Android/iOS) automated pen-testing framework capable of performing static and dynamic analysis.
git clone https://github.com/MobSF/Mobile-Security-Framework-MobSF.git cd Mobile-Security-Framework-MobSF pip install -r requirements.txt python manage.py runserver
or using Docker:
docker pull opensecurity/mobile-security-framework-mobsf docker run -it -p 8000:8000 opensecurity/mobile-security-framework-mobsf:latest firefox http://localhost:8000
Reverse Engineering
.smali reverse engineering tools
- baksmali
- smali
Steps:
- Unzip
unzip test.apk
2. Baksmali
baksmali classes.dex -o smaliClasses
3. Smali
smali smaliClasses -o classes.dex
4. Zip -r
zip -r test.apk AndroidManifest.xml classes.dex res/ resources.arsc
5. Jarsign
java -jar signapk.jar testkey.x509.pem testkey.pk8 test.apk test-patched.apk
6. Zipalign
zipalign -v 4 test-patched.apk final-apk.apk
Android apk reverse engineering
Unziping the APK, we can convert all Dalvik dex files to a jar file:
d2j-dex2jar -f classes.dex
Directly from the jar file we can decompile it to get the source code:
java -jar jd-gui/build/install/jd-gui-osx/JD-GUI.app/Contents/Resources/Java/jd-gui-1.4.0.jar $FILE.jar
Android:allowBackup
curl https://github.com/nelenkov/android-backup-extractor/releases/download/20181012025725-d750899/abe-all.jar -o abe.jar adb backup -apk -f out.ab $PACKAGE java -jar abe.jar unpack out.ab out.tar tar xvf out.tar
References:
- https://securitygrind.com/exploiting-android-backup/
- https://github.com/nelenkov/android-backup-extractor
Unity Engine Reverse Engineering
Download https://github.com/Perfare/Il2CppDumper (Unity il2cpp reverse engineer )
apktool d package.apk
copy package\lib\armeabi-v7a\libil2cpp.so .
copy package\assets\bin\Data\Managed\Metadata\global-metadata.dat .
Il2cppDumper.exe libil2cpp.so global-metadata.dat package_re
Now open package_re\DummyDll\Assembly-CSharp.dll with DnSpy
AndroidManifest.xml Analysis
You can always exclude a task from the Recents screen entirely by setting the <activity> attribute, android:excludeFromRecents to true.
Source: https://developer.android.com/guide/components/activities/recents
Other useful resources inside the apk file:
- res/values/strings.xml
