Open in app

Sign in

Write

Sign in

Android Apk Reverse Engineering

Chris Chen
4 min readOct 22, 2019

What’s the reverse engineering? Here is the definition from Wiki.

Reverse engineering, also called back engineering, is the process by which a man-made object is deconstructed to reveal its designs, architecture, or to extract knowledge from the object; similar to scientific research, the only difference being that scientific research is about a natural phenomenon.

As an android programer, you might interest with how does the app feature works or what kind of library they using. Or you want to find out the architectures/components of the app under the hood. Then we can try to extract the app source to check how it works. The first thing we can consider to achieve our target is reverse engineering.

An Simple Example

That’s take an example. There is an an algorithm app on playstore. We can install to our android device. And our target is unlock all the algorithm items. And install to our device. Then we can see all the algorithm items detail rather than get blocking.

The app with some lock algorithm items

Step by step

  • Download the app from app store or install by somewhere.
  • You need find the target app and pull from the android device.
  • Decompile the apk with apktool
  • Extract the source code with jadx from the app.
  • Make a little change to check it’s workable.
  • Compile the code with apktool to build an app.
  • Sign a key into the app.
  • Install the app by adb or manually install .

Get the target app package name from the device

Get current foreground package name

> adb shell dumpsys activity recents | grep 'Recent #0' | cut -d= -f2 | sed 's| .*||' | cut -d '/' -f1

Alternatively, find all list from package manager

> adb shell pm list packages

Get the apk path via package manager

> adb shell pm path wiki.algorithm.algorithms

Pull the apk via above link from device

> adb pull {apk path in device} path/to/desired/destination

And you can rename the apk. I rename it toalgorithms.apk

Decompile the app with apktool

> apktool d algorithms.apk

See source code by jadx

We can use jadx-gui to check our code in java. It’s very convenient because check smali file is paint point for most of java developer.

//folder of the decompile app
> jadx-gui algorithms.apk
The java code extract via jadx

Although the app obfuscate some method and class. We still can see some info via the code. After check the code we found there is an obfuscation method j() looks like a purchase status. But we need to modify the smali file instead of modify this directly.

The smali code

In the MenuActivity, we change the mark value v1 to 0x1. That means the we treat the default value z as true.

Compile the source file with apktool

> apktool b algorithms

Sign debug key

We don’t have the password of the release key. For easier verify, we just sign with debug key. The default debug keystore info is as below.

//Default debug keystore info
Keystore name: “debug.keystore”
Keystore password: “android”
Key alias: “androiddebugkey”
Key password: “android”
CN: “CN=Android Debug,O=Android,C=US”

CLI to sign the debug key

> jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore ~/.android/debug.keystore algorithms.apk androiddebugkey
Before and after

Finally, we got the app with all unlock item :) Awesome, but as an android developer perspective. We need to think about how to prevent this kind of hack things.

Enhancement

To enhance the decompile skill. The first thing is to learn smaili. And for further maybe can try to decompile the .so .o if the apk wrap the C/C++ lib.

App Bundles

For the app which support the App Bundles. It has some split apk in the devices. For example like Medium app.

> adb shell pm path com.medium.readerpackage:/data/app/com.medium.reader-ZUsrEBPYC0pS79TVRrVlbQ==/base.apkpackage:/data/app/com.medium.reader-ZUsrEBPYC0pS79TVRrVlbQ==/split_config.xxhdpi.apk

If you try to install one apk. You might get the following error:

> adb install medium.apkPerforming Streamed Installadb: failed to install base.apk: Failure [INSTALL_FAILED_VERIFICATION_FAILURE]

So we need to use adb mutiple install to install all the parts.

> adb install-multiple base.apk split_config.xxhdpi.apkSuccess

Prevent Hacker

We can do something like below to prevent our app got hack thing. We also need to think about how to protect our sensitive data like key, private info…

Obfuscation:

One of the way is transfer the readable code into obfuscated code.

  • ProGuard
  • DexGuard

Native Code(C/C++):

Native code is depends on ARM and hard to do reverse since the hacker also need know some ARM reverse engineer knowledge. So if you have some verification code can consider to apply on native code.

Self-Validation:

  • verification of DEX
  • verification of apk
  • verification of signature

Google Play Validation

Android
Reverse Engineering
Apk
Kotlin
Java

--

--

Chris Chen

Written by Chris Chen

92 Followers

An Android developer

Help

Status

About

Careers

Blog

Privacy

Terms

Text to speech

Teams