Introduction to Reverse Engineering
In computing, reverse engineering is the process of understanding how things work and reusing the information to do something. This is applicable even to Android apps. You might reverse engineer Android apps for many reasons.
- Read another's code
- Find vulnerabilities in the code
- Search for sensitive data hardcoded in the code
- Malware Analysis
- Modifying the functionality of an existing application
Decompilation v/s Disassembly
Decompilation is the process of converting software binaries to clear text format in a high-level language in which the source code is written so that developers can read it.
Disassembler, on the other hand, won't convert the binary to a high-level language text. It is only a one-to-one translation of bytes to text and gives us instruction mnemonics, which again can be understood by humans, but it is a little difficult when compared to reading original source code.
Generating DEX files from Java
In order to understand the reverse engineering process of Android apps, we should understand how apps are built.
As shown in the above figure,
- Developers write their source code in the Java programming language. These files will have an extension ".java".
- These java files are given to the "javac" compiler, which generates ".class" files.
- These class files are given to the "dx" tool in order to generate ".dex" files.
- ".dex" files along with other resources are packaged as an".apk" file and run inside Dalvik Virtual Machine.
If you want to see the structure of the generated dex file, we can use 010 editor.
Before we proceed, download the following tools:
- 010Editor
- dex template
You can download 010 editor from the following link:
http://www.sweetscape.com/010editor/
You can download "dex template" here:
[download]
1. Unzip an APK file. We can use the unzip command in *nix based machines.
2. Open classes.dex using the 010 Editor.
3. Load the downloaded dex template.
4. Below is the figure with 010editor showing a dex file.
To understand more about the dex file format and how it works, please refer to the link below.
https://source.Android.com/devices/tech/dalvik/dex-format.html
Reversing Android Apps:
Let's now discuss how to reverse engineer Android apps.
1. Disassembling Android Apps
It is possible to get the smali version of code using a tool known as APKTOOL. This is discussed in some of our previous articles in this series.
Below are the steps to perform reverse engineering on Android apps to get smali code using APKTOOL.
Step 1. Download APKTOOL from the following link
http://ibotpeaches.github.io/Apktool/
Step 2. Run the following command to get the smali version of the code.
apktool d [app].apk
Step 3. In order to re-compile the application, we can simply change the switch to "b" by specifying the path to the folder where your modified code is placed.
apktool.bat b [path to the target folder]
A more detailed version of this is already discussed in this article.
2. Decompiling Android Apps
In this section, we discuss two ways to decompile Android apps.
Decompiling Android Apps using dex2jar and jad:
First, let's see how to decompile Android applications using dex2jar and jad.
Step 1: unzip the apk file
As shown in the following figure, the target APK file is in my current folder.
Let's change the apk file's extension to ZIP as shown below.
Now, we can use unzip command as shown below.
Step 2: dex2jar in action
Now, navigate to the folder where dex2jar is located and run the following command. This will generate a new jar file as shown below.
Step 3: Use unzip command to extract ".class" files from the newly generated jar file.
The above step creates some folders with the package name similar to what we get with APK tool.
In my case it is com.isi.securelogin
Navigate to that folder to see the .class files as shown below.
Now, we need to decompile them in order to get the .java files.
Step 4: Decompiling .class files to Java using JAD decompiler:
Jad is a popular java decompiler.
Download jad decompiler from the link below
Now, give all the class files we extracted to jad as input as shown below.
It will produce .java files in the same folder. This is shown below.
Decompiling Android apps using dex2jar and JD-GUI
This section shows how to decompile the apps using dex2jar and JD-GUI. The only difference between this method and the previous method is usage of JD-GUI as a replacement to JAD.
Download JD-GUI from the link below.
Step 1: unzip the apk file
Let's change the apk file's extension to ZIP as shown below.
Now, we can use the unzip command as shown below.
Step 2: using dex2jar
Similar to what we did earlier, navigate to the folder where dex2jar is located and run the following command. This will generate a new jar file as shown below.
Step 3: Now, open this newly generated jar file using JD-GUI as shown below.
Become a certified reverse engineer!
This will show us the decompiled Java code.
- Exam Pass Guarantee
- Live expert instruction
- Hands-on labs
- CREA exam voucher
In this Series
- Introduction to Reverse Engineering
- Kali Linux: Top 8 tools for reverse engineering
- Stacks and Heap
- Top 8 reverse engineering tools for cyber security professionals [updated 2021]
- Arrays, Structs and Linked Lists
- Reverse engineering obfuscated assemblies [updated 2019]
- Crack Me Challenge Part 4 [Updated 2019]
- Writing windows kernel mode driver [Updated 2019]
- Assembly programming with Visual Studio.NET
- The basics of IDA pro
- Reverse engineering tools
- Hacking tools: Reverse engineering
- Reverse engineering a JavaScript obfuscated dropper
- Reverse Engineering – LAB 3
- Exploiting Protostar – Stack 0-3
- Reversing Binary: Spotting Bug without Source Code
- Reverse engineering virtual machine protected binaries
- Pafish (Paranoid Fish)
- Extending Debuggers
- Encrypted code reverse engineering: Bypassing obfuscation
- Buffer Overflow Attack & Defense
- Invoking Assembly Code in C#
- iOS Application Security Part 32 - Automating tasks with iOS Reverse Engineering Toolkit (iRET)
- Hooking IDT
- A Guide to Debugging Android Binaries
- Kernel debugging with Qemu and WinDbg
- Shared Folders with Samba and Qemu
- Testing Hooks via the Windows Debugger – An Introduction to RevEngX
- Reverse Engineering with Reflector
- Applied Reverse Engineering with IDA Pro
- Injecting spyware in an EXE (code injection)
- Disassembler Mechanized Part 4: DLL Injector Development
- Disassembler Mechanized Part 3: Code Injection Operation
- Debugging TLS callbacks
- Disassembler Mechanized Part 2: Generating C# and MSIL code
- System address map initialization in x86/x64 architecture part 2: PCI express-based systems
- Coding of Disassembler
- Applied cracking & byte patching with IDA Pro
- .NET reversing with Reflexil
- Reversing firmware part 1
- Reverse Engineering with Reflector: Part 1
- Remoting Technology
- Reverse engineering with OllyDbg
- Understanding Session Fixation
- Optimizing Managed Code Execution
- File system manipulation
- The BodgeIt store part two
- The BodgeIt store part one
- Understanding Windows Internal Call Structure
- Pin: Dynamic Binary Instrumentation Framework
- Linux Kernel Development Process
Get certified and advance your career
- Exam Pass Guarantee
- Live instruction
- CompTIA, ISACA, (ISC)², Cisco, Microsoft and more!
Reverse engineering
Reverse engineering
Reverse engineering
Top 8 reverse engineering tools for cyber security professionals [updated 2021]
Reverse engineering