10 Jul 2016
Earlier this year, I was tasked with reverse engineering an APK. For reasons I won’t explain, I needed to extract the code from this APK because the APK contained the latest version of code for the project. So, I set out on researching how I can unzip the APK into its individual parts: the resources for the application and the decompiled java code.
For matters of personal study of specific commercial applications source code, in order to build my own (not stealing the source code, but Just figuring out how things are actually done), i intend to decompile mac OS X binaries, and get their source. I need an intelligent decompiler, preferably GPGPU based, which can get me the source code of the app by trying to guess the language it was. Big news for all Mac users! Sothink SWF Decompiler for Mac is available at Mac App Store now. SourceTec Software Co., Ltd. Has just launched a campaign in which every customer has 20% chance to win a free copy of this product.
There’s a few things I learned from doing this and I’ll explain them throughout this post, but it’s good to note upfront that APKs don’t necessarily contain all of the parts of the Android project. You won’t be able to extract the Gradle scripts from the APK, because the Gradle script files are not compiled into the APK (obviously). Also, if you’re expecting the java source code to be exactly as it is in the Android project, think again. Java code that is compiled and decompiled will be in short form (i.e., how it’s interpreted by the Java Virtual Machine). It won’t necessarily be “readable” anymore and it won’t contain any comments. But, if you’re a Java developer, you probably already know this. Also, it’s helpful to know that an APK is nothing more than a .zip file containing compiled Java code and Android resources. Technically, you can just unzip the APK, but you’ll find that the files are going to be unreadable.
Now, it’s good to note that there are websites out there that will decompile the APK for you in one easy upload of the file. And there are apps out there that you can download onto your Android phone that will decompile the APK to retrieve metadata from the APKs already installed on your phone. But, if you’re like me, you probably don’t trust those services with APKs that you built yourself and there’s honestly no telling what they’ll do with your decompiled code. Also, it’s worth mentioning that Google has built a single tool called Classy Shark which will handle the decompilation (both Java and Android resources) for you.
But, without further ado, here are the steps I followed to decompile an APK on my own.
How To Decompile Mac App Installer
Make sure to download these files and install them before following the steps below.
For the purposes of demoing how to decompile an APK, I’ve built a dummy APK out of an Android Studio project template that contains a single Activity and a single Fragment (along with layout resources for each). My project, like any other Android project contains the Android Manifest file and Gradle scripts. I’m also going to assume you’re using a Mac, but note that the three aforementioned tools have installation instructions for other platforms on their respective websites.
Step 1: Extract the Android Resources using Apktool
Latest Apktool installation instructions can be found here
How To Decompile Mac App Windows 10
- Download the Apktool mac wrapper script (Right click, Save Link As apktool) Or rename after downloading file via cli:
mv apktool.txt apktool
- Download apktool-2
- Rename downloaded jar to apktool.jar
- Move both files (apktool.jar & apktool) to /usr/local/bin (root needed)
- Make sure both files are executable via cli:
chmod +x apktool
andchmod +x apktool.jar
- Via cli, run:
Android App Decompile
You’ll notice that you now have a folder containing the Android resources. But, at least the Android resources are readable!Take a look at the before and after Android Manifest files in my gist here
Step 2: Extract the compiled Java code using dex2jar
- Unzip the APK file via cli:
- Download the dex2jar tool and unzip it.
- Recursively set executable permissions to files within the new dex2jar folder via cli:
chmod -R +x ~/Desktop/dex2jar-2.0/
- Change your current directory to the same directory that was created via the Apktool so that the dex2jar script outputs the decompiled .jar file in a place that you can easily find later:
cd ~/Desktop/dummy_app
- Execute the d2j-jar2dex shell script against your APK via cli:
You’ll notice that you now have a file titled something like “dummy_app-dex2jar.jar” in your current directory. This file was converted from the APK’s classes.dex (Dalvik Executable) file. This jar contains the APK’s java code! All we need now is a tool to decompile the jar.
Step 3: Decompile the Jar using JD-GUI
Latest installation instructions on this tool can be found here.Alternatively, you can use any java decompiler tool that you prefer. This step isn’t necessarily specific to Android decompilation.
- Extract the JD-GUI tool from the download
- Double click on the tool (.jar file for Mac) to open it.
- Using the tool, click on “Open a file” and select the jar file that was extracted using dex2jar in Step 2 above.
How To Decompile Class File
JD-GUI should now show folders containing the Java class files. These aren’t going to be exactly as they are in the developer’s Android project because they are the decompiled short-form classes, as I mentioned earlier.If you’d like to save the decompiled class files, just click on File -> Save All Sources.Take a look at the before and after Java class files in my gist here
That’s it! Now that you have the source code and the Android resource files, you can use it to help you get a glimpse of how the application is architected and to decipher how the application works.
Related Posts
Please enable JavaScript to view the comments powered by Disqus.Terrific news from Eltima! Flash Decompiler Trillix is now available in the Mac App Store! And, what is even more exciting, Flash Decompiler Trillix for Mac is the only SWF decompilation software that entered Mac App Store by now.
To celebrate this we offer 75% OFF the original software price. It is available for just $19.99 for the first days of Flash Decompiler presence in Mac App Store (i.e. through April 22th, 2011).
Do not lose your chance to get Flash Decompiler Trillix for Mac
About Flash Decompiler Trillix For Mac: it converts Adobe Flash SWF files back into FLA format and SWF files created in Flex back to Flex sources, which can be easily edited in native Flash or Flex environment. Every group of objects such as morphs, shapes, texts, fonts, sounds, scripts, etc., are placed in separate FLA library groups with appropriate names, which makes using and working with the resulting FLA file much easier.
Flash Decompiler can extract any object (images, sounds, videos, shapes, texts, morphs, scripts, etc.) used in SWF files into various file formats just in several clicks. Its clean and comprehensive interface provides you with easy navigation and preview options for SWF files and their elements.