Disassemble the apk application online. A simple way to modify an Android application. Device APK-packages and their receipt

Android

In order to edit the APK application. First of all, they need to be decompiled, and then compiled! How to do it and what you can learn in this lesson.

2. Copy the finished application to the folder with the unpacked Sign Android

3. Pull the application onto the file Sign_APK.bat after which the application will be signed

In no case shall we or the developer of this application be liable for direct, indirect, special or other indirect losses arising from the use of this application or from application packages decompiled with it. Always download latest version. Running the previous command should extract all the source code in the source code folder on the desktop.

Extract Resources from APK

You forgot to enter your email address.
This email address is not displayed.
You have exceeded the maximum character limit.
Enter your corporate email address.

Intentions or potential vulnerabilities in closed binary files. After unpacking, the root directory will contain folders with application resources, as well as a signature file. There are two ways to do this.

The finished signed application will be called apk_signed.apk

The application is signed!

Work with system APKs

In order to modify system applications, you first need to feed the system file APKTOOL framework -res.apk which is located in the Android system partition:

Device APK-packages and their receipt

A web service or browser extension, for example. Reverse engineering is everywhere. Reverse engineering is what forces hackers to develop exploits, viruses, and trojans for systems. So, what about decompiling existing applications. There are a large number of tools that allow you to decompile application binary files to source code, which in most cases is readable and understandable with some effort. Method 2

Step 5 - Open a Terminal Window

Just try to be fair with the authors of the application that you use and probably love. The steps are almost the same, except that you need to do one more thing. Now that we have everything we need, open a terminal window and get ready to compile and decompile.

/ system / framework / framework -res.apk

In order to feed Apktool given file necessary, enter the command:

apktool if framework -res.apk

Keep in mind that you need to enter a command relative to the location path, that is, if the file framework -res.apk located in the C: \\ primer folder, the command will look like the following overview:

apktool if C: \\ primer \\ framework -res.apk

Also, in order to be able to modify system files, the firmware must first be Deodex-modified.

Raise the current terminal to superuser status by typing. Please note that when linking to a folder you do not need to use quotation marks. Be sure to download and install these files before performing the following steps. All we need now is a tool for decompiling a jar. The latest installation instructions for this tool can be found.

After decompilation, it will look as follows. Keep in mind that this is the ideal starting point to isolate the entry point applications, namely the classes that you change first to understand the logic of everything software. In short, this file contains logic, that's what interests us.

Now how can this be simplified! (do not use command line)

April 10, 2015

In contact with

Classmates

Sometimes situations arise when you need to extract the source code of a program (decompile it), change the resources in the APK file (add, replace a picture), remember how the interface is implemented in XML files, and the original source code as evil, not at hand. And here decompilers and resource unpackers will come to your aid. Using them, we will perform a static analysis of our application.

Who needs it

From our point of view, it does not matter, the tools that we are going to use are able to detect and add it to the decompilation pipeline. Sometimes an application must execute its own code, it may be an image processing library, a game engine, or something else.

Inside this folder you usually find. This will print the output, for example. This will display all the packages on your smartphone, as soon as you find the namespace of the package you want to change, let's see what its physical path is. Pull it out of the device.

Required Programs

Download and install the following software (see links at the bottom of the article):

apktool
dex2jar
jd-gui
archiver (e.g. 7z)

Java - a programming language, the platform necessary to run JAR files.

Apktool - a program for extracting resources from applications (for example: converts binary XML to text format), and also disassembles (translates to a format known as smali) the contents of dex files (executable files with code for virtual machine Delvik).

Now we will start with some tests to understand what the application does at runtime. This will switch from passive sniffing mode to proxy mode. From now on, continue to run actions in the application, checking the traffic, and after a while you should have a more or less complete idea of \u200b\u200bwhat protocol it uses and for what purpose.

In most cases, this is all you will ever need to change something. There are various tools that you can use for this purpose, let's take a look at the most popular. Near native methods, you will also usually find something like this.

Dex2jar - a set of utilities with which, among other things, you can convert the contents of a DEX file to a JAR file.

Jd-gui - a decompiler that tries to “pull” JAVA source code from files with the .class extension.

Archiver - Using it, you can extract files from the APK file. All XML files will be in binary format, and the program code itself will be in the DEX file.

Which will tell you which built-in library the method is implemented in. When static analysis is not enough, perhaps because the application is confused, or the code base is simply too large and complicated to quickly isolate the routines you are interested in, you need to go dynamically.

Dynamic analysis simply means that you will run the application and somehow track its implementation using various tools, strategies and methods. The sandbox is a strategy for dynamic analysis of the black box, which means that you are not going to actively monitor the application code, but you will run the application in some kind of container that will record the most relevant actions for you and will report to the end of execution.

Extracting content from an APK file in this way is useful if you need to look at graphic files, they are not compressed and not encrypted.

Extract Resources from APK

Download apktools
Download the wrapper to run apktools (windows, linux)
For compatibility with wrappers, rename the file apktool_X.X.X.jar to apktool.jar
In the folder with apktool.jar we copy the APK file from which we need to extract resources, or we copy apktool in the program folder on the disk
IN command line windows we type: apktool.bat d
The result of the program will be a folder with the name of the APK file, and in it all the extracted files

If the sandbox is not enough, and you need to get a deeper understanding of the behavior of the application, you need to debug it. Debugging the application, if you do not know, means joining the running process using the debugger software, placing breakpoints that will allow you to stop execution and check the memory status and enter lines of code sequentially to follow the execution schedule very closely.

After updating the manifest, let's rebuild the application. And reinstall it on the device. Now you can continue debugging the application ^ _ ^. A dynamic tool means that you want to change the behavior of the application at runtime, and for this you add some kind of “agent” to the application, which will ultimately be used for its toolkit.