APK Analysis
How to analyse apk? class files, resources?
What is the contents of jar file?
Contents
- Contents of apk
- Decompile jar
- Decompile apk
Tools
- apktool
- Java Decompiler
- dex2jar
Contents of apk
Apk is just zip file. If you change index from .apk to
But, this is not complete works.
Let’s try apktool
apktool
Download from apktool web site.
I tried Mac version, if you use Mac please select Mac version.
Apk tool is composed of script and jar file.(means you need to install java)
./apktool decode xxx.apk
After that the directory is created(whose name is xxx)
Under it, the following is structure
xxx | - AndroidManifest.xml | - apktoolyml | - assets | - lib | - res | - smali
Decompile jar
Do you want to analyse library jar?
Some libraries(jar) are provided as jar file only(not included source codes).
But, what did it do? In that case, we need decompile.
Java Decompiler is nice tool
There are several platforms.(Eclipse, GUI, other…)
I recommend GUI version.
How to use
It’s GUI description. In Mac, just open .dmg
The usage is just straight forward. No need to describe. Let’s open jar
If library enables proguard, the source codes are difficult to read.
All jar which post outside may be read by other people
Decompile apk
Just like jar files, we can decompile apk too.
My first aim to decompile is to check whether proguard works or not.
Steps
- Change to zip and extract
- Convert classes.dex to jar using dex2jar
- Decompile it using Java Decompile
Change to zip and extract
Change index .apk to .zip.
Extract zip.
You can see classes.dex under extract directory.
Convert classes.dex to jar using dex2jar
dex2jar is convert dex file to jar file.
Download dex2jar and decompress
This tool has script for Linux, Mac and Windows.
In Mac
./dex2jar.sh classes.dex
Just call script file with dex file path. You can get jar file as output.
Decompile it using Java Decompile
You can get jar. So we can use Java Decompile.