[2018 Preservation Version] Reverse Engineering Android App (.apk) on Mac

This is the article on the 24th day of "Athlete engineer Advent Calendar 2017". The 23rd day was @ yuzu_afro's "Making a Christmas tree that shines and makes sounds using Raspberry Pi".

Do you think it's Harenchi that you want to take a peek inside your app?

This time ** I lost the source code of the app published on Google Play **

Even though the world is completely floating in the Christmas atmosphere We are confronting a miserable situation without assistance Domo is Nagao Tomorrow is ** Nativity ** This is ** Reverse engineer your own app ** (hereafter Rivaen) ** Easter of the app **

There are three things you want to do, right?

[[1] I want to see the Java (Kotlin) source code](# 1 I want to see the javakotlin source code-1)

[[2] I want to see the xml code](I want to see the # 23 xml code and the image file used in the application)

[[3] I want to see the image file used in the app](I want to see the code of # 23xml and the image file used in the app)

First of all, the necessary preparations no matter what you do ** Prepare the apk you want to reverse engineer ** I will go from

Get the apk file of the app you want to reverse engineer by pulling it out from your smartphone

(If you already have the app you want to reverse engineer with .apk, you don't need this flow)

There is also a way to do it with a command, It is ** quick ** to use the ** apk extraction application ** on Google Play.

** For example, such an app ** https://play.google.com/store/apps/details?id=com.pandaz.apkextraction

When you install it on your smartphone and start it 1.png

The apps on your smartphone are lined up in a row Check the app you are looking for and tap ** apk Extraction ** After that, you can make ** apk my own ** by uploading it to Google Drive with the share button.

Let's start with the simple one

[2] [3] I want to see the xml code and the image file used in the application.

Roughly speaking ** You can see both by throwing the apk into Android Studio ** is

First ** Place the apk ** you got earlier somewhere on your ** computer ** in advance. And In Android Studio ** File → New → New Project ** Decide the project name appropriately and create a project with Next → Next ... With the created project open ** Build → Analyze APK **

2.png

A file selection dialog will appear Select the apk that you put on your computer in advance Then this screen will open (this time I am using the apk of the application sample-app)

8.png

Easy to see ** Single click on the xml file you want to see ** Then

9.png

The contents of xml are displayed in the lower part ** Image files ** are usually in the usual ** drawable ** You can see that with ** single click **

** [2] and [3] are over **

[1] I want to see the Java (Kotlin) source code

There is a lot more to do than [2] and [3]

1. Zip the apk and unzip it

Simply change ** apk ** to ** zip ** All you have to do is change the ** filename ** of the apk from ** XXX.apk ** to ** XXX.zip **

** Normally, it is expanded by simply double-clicking it ** ** Double-click this zip ** One after another ** There is no sign that something like a zip relative is born ** and expanded ... When faced with such a ** matryoshka zip situation **

The Unarchiver https://itunes.apple.com/jp/app/the-unarchiver/id425424353?mt=12 Install this on ** Mac ** Right-click ** zip ** and select this app to expand it. (Some of the similar apps have become ** Matryoshka **, so I'll post the one that worked.)

2. Use dex2jar to generate a jar file from the classes.dex file

It is in the next expanded folder classes.dex ** Generate a jar file ** from the file How to do

dex2jar https://sourceforge.net/projects/dex2jar/ Download the one (** dex2jar-2.0.zip **) ** Extract to the same folder where the folder where you expanded the app is located ** (This zip is ** double-clicked ** but ** does not become matryoshka and is expanded normally **) This time Nagao created a folder called Rivaen for work ** I put the ** folder where the app was expanded ** and the ** dex2jar-2.0 folder ** inside the ** Rivaen folder ** This is

11.png

so $ cd reverse engineer (Go to the Rivaen directory) Hit the following command

$ cd dex2jar-2.0/
$ chmod +x *
$ cd ..
$ dex2jar-2.0/d2j-dex2jar.sh sample-app/classes.dex

↑ Did you do Nani? 1st line Moved to dex2jar-2.0 folder 2nd line: Give execute permission to the executable file in the dex2jar-2.0 folder 3rd line Return to Rivaen folder Line 4 Generate a jar file from classes.dex using a shell called d2j-dex2jar.sh is If you do so far, it will be in the Rivaen folder

12.png

classes-dex2jar.jar A ** jar file ** will be created!

3. View the contents of the jar file (Java code) using JD_GUI

here we go! Once you get here

JD-GUI http://jd.benow.ca/ ** Install the app on your Mac ** If you right-click the ** jar file you just created ** and open it with this app You should finally be able to see the ** Java source code **!

4. [Information] If you open the jar with JD-GUI, it may crash.

(July 17, 2018 still crashed on High Sierra) If you can see it safely, it ’s over. This crash seems to happen on ** Sierra ** & ** High Sierra ** To be honest, I thought it was ** the end of the match ** What is a class file decompiler app? ** I can't find anything other than JD-GUI ** (T_T) But this time ** Why is Nagao doing reverse engineering in the first place **? ** Because I lost the important source code of the application published on Google Play ** So

I don't know why it's over I have no choice but to do something about it

On the page I arrived at looking for a solution ** If you build the JD-GUI on github yourself, it will be cool! ** ** It was

let's do it

You can do it in any directory In a place that is easy to understand for the time being $ cd reverse engineer (Move to Rivaen directory)

** Command to build JD-GUI by yourself **

$ git clone https://github.com/java-decompiler/jd-gui.git
$ cd jd-gui
$ ./gradlew installOsxDist

↑ Did you do Nani? 1st line: Clone the JD-GUI source code from github 2nd line Moved into the cloned jd-gui 3rd line: Build the app with gradle is If you do this ** Reverse engine → jd-gui → → build → install → jd-gui-osx ** In 7.png ** JD-GUI.app ** is ready ...! It took less than a minute to clone and build

Now! With this, when you finally open the jar file you created earlier by right-clicking with this one 10.png

**I was able to see! ** ** (By the way, this is the source code written in Kotlin)

[1] is over ** Thank you for your support! !! ** **

Conclusion

Keep the source code of the app in a safe place so as not to lose it

** Tomorrow is finally Christmas"Athlete engineer Advent Calendar 2017" is the last one to decorate @Nkzn! ** **

Recommended Posts

[2018 Preservation Version] Reverse Engineering Android App (.apk) on Mac
ROS app development on Android
Notes on calling Installer on Android App
I made a calculator app on Android
Allows Youtube autoplay on Cordova's Android app
My thoughts on the future [Gradle app version ①]
Until you start developing android apps on mac
Run Edge (Chromium version) on Mac with Selenium
Get your version number in the Android app