Reverse Engineering from an APK File to a Project

Reverse engineering from an APK file to a project

There are two useful tools which will generate Java code (rough but good enough) from an unknown APK file.

  1. Download dex2jar tool from dex2jar.

  2. Use the tool to convert the APK file to JAR:
    Windows:

     $ d2j-dex2jar.bat demo.apk
     dex2jar demo.apk -> ./demo-dex2jar.jar

    MacOS / Linux:

     $ d2j-dex2jar.sh -f demo.apk -o demo.jar

  3. Once the JAR file is generated, use JD-GUI to open the JAR file. You will see the Java files.

The output will be similar to:

JD GUI

Then you can use other tools to retrieve the AndroidManifest.xml and resource files (like images, translations, etc...) from the APK file.

  • Apktool

     $ java -jar apktool.jar -q decode -f demo.apk -o outputDir

  • AXMLParser

     $ apkinfo demo.apk

  • NinjaDroid

     $ ninjadroid demo.apk --all --extract

Get Android Studio Project from APK file

I feel your pain. There are some tools for reverse engineering apk's but don't expect the results to be identical.

I wish you the best of luck!

How to avoid reverse engineering of an APK file


 1. How can I completely avoid reverse engineering of an Android APK? Is this possible?

AFAIK, there is not any trick for complete avoidance of reverse engineering.

And also very well said by @inazaruk: Whatever you do to your code, a potential attacker is able to change it in any way she or he finds it feasible. You basically can't protect your application from being modified. And any protection you put in there can be disabled/removed.

 2. How can I protect all the app's resources, assets and source code so that hackers can't hack the APK file in any way?

You can do different tricks to make hacking harder though. For example, use obfuscation (if it's Java code). This usually slows down reverse engineering significantly.

 3. Is there a way to make hacking more tough or even impossible? What more can I do to protect the source code in my APK file?

As everyone says, and as you probably know, there's no 100% security. But the place to start for Android, that Google has built in, is ProGuard. If you have the option of including shared libraries, you can include the needed code in C++ to verify file sizes, integration,
etc. If you need to add an external native library to your APK's library folder on every build,
then you can use it by the below suggestion.

Put the library in the native library path which defaults to "libs" in
your project folder. If you built the native code for the 'armeabi' target then put it
under libs/armeabi. If it was built with armeabi-v7a then put it under
libs/armeabi-v7a.

<project>/libs/armeabi/libstuff.so

Is there a way to get the source code from an APK file?

Simple way: use online tool https://www.decompiler.com/, upload apk and get source code.

Procedure for decoding .apk files, step-by-step method:

Step 1:

  1. Make a new folder and copy over the .apk file that you want to decode.

  2. Now rename the extension of this .apk file to .zip (e.g. rename from filename.apk to filename.zip) and save it. Now you can access the classes.dex files, etc. At this stage you are able to see drawables but not xml and java files, so continue.

Step 2:

  1. Now extract this .zip file in the same folder (or NEW FOLDER).

  2. Download dex2jar (Don't download the code, click on the releases button that's on the right then download that) and extract it to the same folder (or NEW FOLDER).

  3. Move the classes.dex file into the dex2jar folder.

  4. Now open command prompt and change directory to that folder (or NEW FOLDER). Then write d2j-dex2jar classes.dex (for mac terminal or ubuntu write ./d2j-dex2jar.sh classes.dex) and press enter. You now have the classes.dex.dex2jar file in the same folder.

  5. Download java decompiler, double click on jd-gui, click on open file, and open classes.dex.dex2jar file from that folder: now you get class files.

  6. Save all of these class files (In jd-gui, click File -> Save All Sources) by src name. At this stage you get the java source but the .xml files are still unreadable, so continue.

Step 3:

Now open another new folder

  1. Put in the .apk file which you want to decode

  2. Download the latest version of apktool AND apktool install window (both can be downloaded from the same link) and place them in the same folder

  3. Open a command window

  4. Now run command like apktool if framework-res.apk (if you don't have it get it here)and next

  5. apktool d myApp.apk (where myApp.apk denotes the filename that you want to decode)

now you get a file folder in that folder and can easily read the apk's xml files.

Step 4:

It's not any step, just copy contents of both folders(in this case, both new folders) to the single one

and enjoy the source code...


Related Topics

Error Opening Trace File: No Such File or Directory (2)

Android Studio: Gradle - Build Fails -- Execution Failed for Task ':Dexdebug'

What Is the Size Limit for Logcat and How to Change Its Capacity

Getting Error Java.Text.Parseexception: Unparseable Date: (At Offset 0) Even If the Simple Date Format and String Value Are Identical

Display Back Arrow on Toolbar

How to Build an APK File in Eclipse

How to Add a Custom Button State

Foreground Service Being Killed by Android

How to Use Searchview in Toolbar Android

What Is the 'App' Android Xml Namespace

Set Selected Item of Spinner Programmatically

Android Emulator Doesn't Take Keyboard Input - Sdk Tools Rev 20

Android Asynctask Example and Explanation

Recyclerview Horizontal Scroll Snap in Center

How to Set a Reminder in Android

Broadcastreceiver Not Receiving Boot_Completed

How to Block Calls in Android

The Number of Method References in a .Dex File Cannot Exceed 64K API 17


Leave a reply



Submit