Android Reversing Part 2: Tools

Hello paranoids

 After reading my previous article, you should be ready to read this one. On this article, i will go through the most known tools to reverse Android APKs. I will split the article in multiple sections and provide tools according to a given motivation (no sense in providing tools without a use case). I will only provide information regarding free tools. Bear in mind that i have not used all of the tools yet since for the purposes of my learning i have not found them to be relevant. You can think of this post as a means to kickstart your Android reversing career.

Getting the APKs

First of all, we need to get the APKs. For now i am mostly interested in malware so i can get it while working 🙂 or through services such as VT (virustotal.com). Now, assuming we need to break or tamper with some legitimate application, there are multiple alternatives:

Using a real phone

Android Debug Bridge (adb): comes with Android Studio or SDK tools for Android. This tool allows you to communicate with an external device or Android emulator. I will describe it in more detail in a while but for now it suffices to know that you use it to get files from the device:

adb pull /path/to/apk/in/device/or/emulator /path/in/your/computer

File managers: Just search AppStore for APK extractors. The problem with these is that you have to install an app to extract another app. I would go for the adb so you get used to it (trust me you will need it).

Without a real phone

Automated Analysis

Disassembling

Getting the “Original Code” and resources

 The usage of “Original Code” requires some explaining. When it comes to compiled and interpreted languages such as Java, C#, the compilation process causes data to be lost (e.g. comments, lines of code). Decompilation tools show you an interpretation of the bytecode which may or may not be the same as the original code. Bear in mind that compilers tend to optimise the code you write. The more advanced and high-level the language the more optimisations are performed leading to code looking less similar to the original.

  • dex2jar (sourceforge.net/projects/dex2jar/): Dex2jar is a set of scripts with multiple capabilities (e.g. APK checksumming, disassembling) but the interesting script is the one used to convert .dex files to .jar files. From there,  JD-GUI can be used to look at decompiled  bytecode.
  • JD-GUI (jd.benow.ca/): Decompiler for Jar files. You can use it to obtain a readable representation of what may have been the original code. You can also choose to look at bytecode. You can use JD-GUI to export the decompiled .class files to Java files keeping the application hierarchy of packages. This is useful to then re-create the application on an IDE (e.g. Android Studio, Eclipse).
  • apktool (ibotpeaches.github.io/Apktool/):  Set of utilities (e.g. decoding of XML files for resources, decompilation to smali files). This tool can also be used to rebuild an APK from a folder containing decompiled resources and smali files. 
  • aapt: This is a tool to decode ARSC files and comes with Android SDK tools. I have found that apktool fails to do so.
  • AXMLPrinter2 (code.google.com/archive/p/android4me/downloads): You can use this tool to decode XML artifacts inside the APK (e.g. AndroidManifest.xml).
  • Androguard (github.com/androguard/androguard): Python framework to mess with APK files. The features of the framework are similar to the ones i have previously referred.

Debugging

When it comes to debugging, you may either step through Java code or Smali. In any case, you can use the same tools:

 

OS Distributions

 Santoku (santoku-linux.com/download/) is the typical Linux distribution for Android analysis. It is basically a swiss army knife  to hack the crap out of Android devices and applications.

 

Final Notes

 It is said that you are only as good as the tools you use. This post was meant to show you some tools you can use as an Android reverser. I have overviewed automated tools, disassemblers, decompilers, decoders as well as OS distributions. I hope you find this material useful for your hacks.

 

Stay safe 😉

Advertisements

One thought on “Android Reversing Part 2: Tools

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s