Android Application Security Testing Part-12: REVERSE ENGINEERING
REVERSE ENGINEERING
Tools – Reverse engineering apk
Below are the tools which I have been
using to perform reverse engineering.
- Dex2jar
- Java decompiler
- Apktool
Steps in Reverse Engineering:
- Extract APK file
We can extract the apk file using
following 2 methods
Method-1: Rename & Unzip APK file
Filename.apk-->Rename as
Filename.zip-->extract
In this Method You can get all file along with dex file, but here the problem is we can't read Androidmanifest.xml file so Go for next step
In this Method You can get all file along with dex file, but here the problem is we can't read Androidmanifest.xml file so Go for next step
Method-2: Using apktool
Create New Folder (You can name it with
anything)
Paste [apk file, apk tool] into New
folder
Press ctrl+shift+RightClick on New
folder
Select the following option
Open command window here
Enter the following command (Note if
you have apktool version in the name please mention entire name with version)
java -jar apktool.jar d -s Filename.apk
2. Convert DEX file to JAR file
Using Tool: DEX2JAR
DEX2JAR: As name itself is
self-explanatory, the main purpose of Dex2jar tool is converting DEX (Dalvik
bytecode, which is Executable by Dalvik Virtual Machine) to JAR (Java bytecode
that is .class files).
Commands to use:
For Windows: d2j-dex2jar.bat classes.dex
For Linux: d2j-dex2jar.sh
classes.dex
Steps to Convert DEX file to JAR file
Copy the dex file (We got from Method-1
or Method-2) into dex2jar folder
Use the above mentioned commands
3. Open jar file using java decompiler
Using Tool: JD-GUI
Java decompiler is used to decompile
and analyse byte codes. It’s a GUI based utility to view .class files. You just
need to load jar file, to view .class files of project
No comments