Reverse engineering from an APK file to a project
There are two useful tools which will generate Java code (rough but good enough) from an unknown APK file.
Download dex2jar tool from dex2jar.
Use the tool to convert the APK file to JAR:
Windows:$ d2j-dex2jar.bat demo.apk
dex2jar demo.apk -> ./demo-dex2jar.jarMacOS / Linux:
$ d2j-dex2jar.sh -f demo.apk -o demo.jar
Once the JAR file is generated, use JD-GUI to open the JAR file. You will see the Java files.
The output will be similar to:
Then you can use other tools to retrieve the AndroidManifest.xml and resource files (like images, translations, etc...) from the APK file.
Apktool
$ java -jar apktool.jar -q decode -f demo.apk -o outputDir
AXMLParser
$ apkinfo demo.apk
NinjaDroid
$ ninjadroid demo.apk --all --extract
Get Android Studio Project from APK file
I feel your pain. There are some tools for reverse engineering apk's but don't expect the results to be identical.
I wish you the best of luck!
How to avoid reverse engineering of an APK file
1. How can I completely avoid reverse engineering of an Android APK? Is this possible?
AFAIK, there is not any trick for complete avoidance of reverse engineering.
And also very well said by @inazaruk: Whatever you do to your code, a potential attacker is able to change it in any way she or he finds it feasible. You basically can't protect your application from being modified. And any protection you put in there can be disabled/removed.
2. How can I protect all the app's resources, assets and source code so that hackers can't hack the APK file in any way?
You can do different tricks to make hacking harder though. For example, use obfuscation (if it's Java code). This usually slows down reverse engineering significantly.
3. Is there a way to make hacking more tough or even impossible? What more can I do to protect the source code in my APK file?
As everyone says, and as you probably know, there's no 100% security. But the place to start for Android, that Google has built in, is ProGuard. If you have the option of including shared libraries, you can include the needed code in C++ to verify file sizes, integration,
etc. If you need to add an external native library to your APK's library folder on every build,
then you can use it by the below suggestion.
Put the library in the native library path which defaults to "libs" in
your project folder. If you built the native code for the 'armeabi' target then put it
under libs/armeabi. If it was built with armeabi-v7a then put it under
libs/armeabi-v7a.
<project>/libs/armeabi/libstuff.so
Is there a way to get the source code from an APK file?
Simple way: use online tool https://www.decompiler.com/, upload apk and get source code.
Procedure for decoding .apk files, step-by-step method:
Step 1:
Make a new folder and copy over the .apk file that you want to decode.
Now rename the extension of this .apk file to .zip (e.g. rename from filename.apk to filename.zip) and save it. Now you can access the classes.dex files, etc. At this stage you are able to see drawables but not xml and java files, so continue.
Step 2:
Now extract this .zip file in the same folder (or NEW FOLDER).
Download dex2jar (Don't download the code, click on the releases button that's on the right then download that) and extract it to the same folder (or NEW FOLDER).
Move the classes.dex file into the dex2jar folder.
Now open command prompt and change directory to that folder (or NEW FOLDER). Then write
d2j-dex2jar classes.dex
(for mac terminal or ubuntu write./d2j-dex2jar.sh classes.dex
) and press enter. You now have the classes.dex.dex2jar file in the same folder.Download java decompiler, double click on jd-gui, click on open file, and open classes.dex.dex2jar file from that folder: now you get class files.
Save all of these class files (In jd-gui, click File -> Save All Sources) by src name. At this stage you get the java source but the .xml files are still unreadable, so continue.
Step 3:
Now open another new folder
Put in the .apk file which you want to decode
Download the latest version of apktool AND apktool install window (both can be downloaded from the same link) and place them in the same folder
Open a command window
Now run command like
apktool if framework-res.apk
(if you don't have it get it here)and nextapktool d myApp.apk
(where myApp.apk denotes the filename that you want to decode)
now you get a file folder in that folder and can easily read the apk's xml files.
Step 4:
It's not any step, just copy contents of both folders(in this case, both new folders) to the single one
and enjoy the source code...
Related Topics
Error Opening Trace File: No Such File or Directory (2)
Android Studio: Gradle - Build Fails -- Execution Failed for Task ':Dexdebug'
What Is the Size Limit for Logcat and How to Change Its Capacity
How to Build an APK File in Eclipse
How to Add a Custom Button State
Foreground Service Being Killed by Android
How to Use Searchview in Toolbar Android
What Is the 'App' Android Xml Namespace
Set Selected Item of Spinner Programmatically
Android Emulator Doesn't Take Keyboard Input - Sdk Tools Rev 20
Android Asynctask Example and Explanation
Recyclerview Horizontal Scroll Snap in Center
How to Set a Reminder in Android
Broadcastreceiver Not Receiving Boot_Completed
The Number of Method References in a .Dex File Cannot Exceed 64K API 17