Saturday, January 5, 2013

Decompiling Android APK to view the JAVA code

Recently, I have started hacking into the code of some of the APKs in my android phone after rooting it again, I decompiled the apk with APK tool, and did some work, now trying to get into the java code of the apk, came across a post and I found it very neat useful, and I am reposting it here for my personal reference at later point of time, with due respect to the original owner, I have not modified the content, here is the link to original post. 

1. Obtaining the “apk” file: 

There are many ways that you can obtain the apk file. You can probably find it on the Internet. Or the best way is to get it from your phone. In this example, we will tear apart facebook android app

The apk file of the application that is purchased from the android market is stored in ‘/data/app’ folder on your phone. To access this directory, you need super-user access. If your phone is rooted, follow the steps below to obtain the apk file if not, you might be able to get one from the Internet.


Copy over the apk file on to your computer from the sdcard.

2. Obtaining the “.dex” file: 


Open the downloaded apk file as a zip file. You can use “Archive Manger” on linux or “WinZip” on windows. You can also change the file extension to “.zip” and have the OS automatically open it as a zip file.

In there, you should see “classes.dex” file. This is the byte code of the complied application. Extract the file on to your computer.



3. Dex2Jar tool: 


You need dex2jar tool to decode the dex file to a jar file. The dex file is the Dalvik executable file. You can get the latest and greatest version at

http://code.google.com/p/dex2jar/downloads/list.

Download and install the application in your computer. I extracted it out on my android installation folder.

Once you have it run the “dex2jar” command to decompile the “.dex” file extracted in step 2.

You can run the following command on linux, on windows you can run the “dex2jar.bat” instead of “dex2jar.sh”

1 $ ./dex2jar.sh classes.dex

You should see an output as follows.



4. Decompiling the jar: 


You can now open the decoded “.jar” file from step 3 on a java decompiler of your choice.

There are few out there. I choose JD-GUI. You can download one from their site at:http://java.decompiler.free.fr/?q=jdgui

Install the tool and open the jar extracted on step 3. Boom now you can see the application code!

No comments:

Post a Comment