After reading my previous article, you should be ready to read this one. On this article, i will go through the most known tools to reverse Android APKs. I will split the article in multiple sections and provide tools according to a given motivation (no sense in providing tools without a use case). I will only provide information regarding free tools. Bear in mind that i have not used all of the tools yet since for the purposes of my learning i have not found them to be relevant. You can think of this post as a means to kickstart your Android reversing career.
Getting the APKs
First of all, we need to get the APKs. For now i am mostly interested in malware so i can get it while working 🙂 or through services such as VT (virustotal.com). Now, assuming we need to break or tamper with some legitimate application, there are multiple alternatives:
Using a real phone
Android Debug Bridge (adb): comes with Android Studio or SDK tools for Android. This tool allows you to communicate with an external device or Android emulator. I will describe it in more detail in a while but for now it suffices to know that you use it to get files from the device:
adb pull /path/to/apk/in/device/or/emulator /path/in/your/computer
File managers: Just search AppStore for APK extractors. The problem with these is that you have to install an app to extract another app. I would go for the adb so you get used to it (trust me you will need it).
Without a real phone
- Real APK Leecher (forum.xda-developers.com/showthread.php?t=1563894): this tool runs on your computer but it requires you to provide Google credentials. I suggest you create a fake account if you are paranoid (leave my blog if you are not!).
- APK Downloader (addons.mozilla.org/en-US/firefox/addon/apk-downloader/): similarly to the previous tool, it requires credentials.
- APK Mirror (www.apkmirror.com/): Just search and download
- Agnitio (sourceforge.net/projects/agnitiotool/): Used to perform security audits of code. This could be useful to find coding bugs on Android applications
- Dexter (dexter.dexlabs.org): Online static analysis tool
- MobileSandbox (mobilesandbox.org): Online sandbox service
- smali/backsmali (github.com/JesusFreke/smali): Used to convert .dex files to smali language. You can think of smali language as assembly (human readable opcodes).
- dedexer (dedexer.sourceforge.net/): Dex disassembler.
- IDA (www.hex-rays.com/products/ida/): Dex disassembler.
Getting the “Original Code” and resources
The usage of “Original Code” requires some explaining. When it comes to compiled and interpreted languages such as Java, C#, the compilation process causes data to be lost (e.g. comments, lines of code). Decompilation tools show you an interpretation of the bytecode which may or may not be the same as the original code. Bear in mind that compilers tend to optimise the code you write. The more advanced and high-level the language the more optimisations are performed leading to code looking less similar to the original.
- dex2jar (sourceforge.net/projects/dex2jar/): Dex2jar is a set of scripts with multiple capabilities (e.g. APK checksumming, disassembling) but the interesting script is the one used to convert .dex files to .jar files. From there, JD-GUI can be used to look at decompiled bytecode.
- JD-GUI (jd.benow.ca/): Decompiler for Jar files. You can use it to obtain a readable representation of what may have been the original code. You can also choose to look at bytecode. You can use JD-GUI to export the decompiled .class files to Java files keeping the application hierarchy of packages. This is useful to then re-create the application on an IDE (e.g. Android Studio, Eclipse).
- apktool (ibotpeaches.github.io/Apktool/): Set of utilities (e.g. decoding of XML files for resources, decompilation to smali files). This tool can also be used to rebuild an APK from a folder containing decompiled resources and smali files.
- aapt: This is a tool to decode ARSC files and comes with Android SDK tools. I have found that apktool fails to do so.
- AXMLPrinter2 (code.google.com/archive/p/android4me/downloads): You can use this tool to decode XML artifacts inside the APK (e.g. AndroidManifest.xml).
- Androguard (github.com/androguard/androguard): Python framework to mess with APK files. The features of the framework are similar to the ones i have previously referred.
When it comes to debugging, you may either step through Java code or Smali. In any case, you can use the same tools:
- adb + Android Studio (developer.android.com/studio/index.html): Android IDE developed by Google. The debugger (adb) allows you to debug both Java and native (e.g. C/C++) code and is included with the IDE. adb can also be used with IDA.
- Smalidea (github.com/JesusFreke/smali/wiki/smalidea): Plugin for IntelliJ and AndroidStudio to debug Smali
Santoku (santoku-linux.com/download/) is the typical Linux distribution for Android analysis. It is basically a swiss army knife to hack the crap out of Android devices and applications.
It is said that you are only as good as the tools you use. This post was meant to show you some tools you can use as an Android reverser. I have overviewed automated tools, disassemblers, decompilers, decoders as well as OS distributions. I hope you find this material useful for your hacks.
Stay safe 😉