Reverse Engineering APK an Android app

Part 2

Note: If you haven’t seen part 1, You should view it once Smali Code Analysis for Android Hacking

What is Reverse Engineering APK?

Reverse engineering an APK (Android Package) file involves de-compiling and analyzing the compiled code of an Android application. It’s essential to note that reverse engineering can violate the terms of service of some applications and may be illegal in certain contexts. Make sure you have the right to reverse engineer the APK in question, and always respect intellectual property rights and laws

There are two methods to take an Android application part:

Decompile:

This method will restore the application to a replica of the source code, and we will be able to understand its components and how it works, but it will be hard to re-compile it again.
Tool – Jadx

Disassemble:

Using this method, we will take the application apart to some extent with the ability to edit its behavior and re-build it again, but all this will be in Smali instruction (hard to read).
Tool – APKtool

Alternatively you can use apktool to extract and disassemble resources directly from the APK archive and disassemble Java bytecode to Smali. apktool allows you to reassemble the package, which is useful for patching and applying changes to e.g. the Android Manifest.

Android Application build process

https://www.slideshare.net/PranayAiran1/

APKtool

A tool for reverse engineering 3rd party, closed, binary Android apps. It can decode resources to nearly original form and rebuild them after making some modifications. It also makes working with an app easier because of the project like file structure and automation of some repetitive tasks like building apk, etc.

Apk analysis workflow

What we need installation

JRE installed
APKtools
SignAPK

APKtool

DEX → SMALI

DeX2jar

DEX → JAR → JAVA

Installation for Apktool → Linux

Step:1 Download Linux wrapper script

URL https://github.com/iBotPeaches/Apktool/blob/master/scripts/linux/apktool

Step:2 Download apktool → apktool_2.6.1.jar

URL https://bitbucket.org/iBotPeaches/apktool/downloads/

Step:3 Downloaded jar to apktool_2.6.1.jar

Step:3 Renamed downloaded jar to apktool_2.6.1.jar → apktool.jar

Step:4 Move the files apktool to /usr/local/bin (root needed)

Step:5 Move the files apktool.jar to /usr/local/bin (root needed)

Step:6 Observe that you need permission.

Step:7 Permission → chmod 777 apktool.jar.

Step:8 Download apk

URL https://drive.google.com/u/0/uc?id=0Bx9OKN9cC4IKS0o4N2V2NzZiOUU&export=download

Step:9 Connect device to adb:

If you do not enable- first goto settings >> Developer options and enable debugging mode in device so that adb can communicate with the device → go to directory open terminal → adb devices

Step:10 install the apk – go to directory open terminal →

adb install -r myapp.apk

Step:11 installed the apk in emulator

Step:12 Open the apk and fill the name and Observe that an authenticated name is required.

Step:13 Observe that an authenticated user —> sabin.

Step:14 Let’s start bypassing the authenticated user.

Step:15 Decompile this application → myapp.apk

Step:16 Observe that Decompiled this application —> click on the smali folder.

Step:17 Go to smali file → com.example.sabin, Open folder myapplication → MainActivity.smali.

Step:18 Open this smali code and Observe that smali code : cond_0 const/4 v0, 0x0 condition = false

Step:19 Observe that manipulation → 0x0 → 0x1 condition = true, and Save this file.

Step:20 Disassemble apk file → apktool b myapp

Step:21 Go to disassemble apk file – Open dist

Step:22 Disassemble apk → right click open terminal.

Step:23 Generate a key for sign in → keytool -genkey -V -keystore key.keystore -alias APktool -keyalg RSA -keysize 2048 -validity 10000.

Step:24 Generated –> key.keystore → right click open terminal

Step:25 Signed APK → specify alias name → Apktool and password ->123456 → jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore key.keystore myapp.apk APktool