1. Reverse Engineering Android .apk using Jadx

Android applications are packed inside .apk files with all resources, assets, class files, certificates, layout files, config Manifest files etc. Compiling any application source code into .apk files would make Java class files into class-Dex files, which are not human readable form. If we rename this .apk to .zip then we can get resources and other static things, but not main source code. For that we need to Reverse engineer the source code using some tools like Jadx/ApkTool/D2J etc. Jadx has capability of decompiling back the source code from .apk file & provide human readable java class files. It also reverses Manifest.xml file which contains all config. details for app & many other resources present as part of .apk.

You can download Jadx from here : https://github.com/skylot/jadx/releases

 

 

Many times you might want to reverse engineer any .apk file in order to understand logical flow of app, find some cryptographic implementations, hardcoded values, forensic etc. Jadx comes with support for all major platform Windows/Macintosh/Linux. All it needs is Java installed. It provides command line as well as easy to use GUI to complete entire process by just single click. You can use find string in any class file so it becomes easy to search any keyword. You can save your decompiled code also.

Usage:

As shown in above video, all you have to do is launch jadx-gui (Mac/Linux) or jadx-gui.bat (windows) from jadx/bin directory, Select apk to be decompiled and wait for magic to happen.

Exceptions:

  • Sometimes you might see many apps with random alphabetical names like a,b,c… for class names/variables etc. This is because of obfuscation done by developer. Obfuscation is technique to jumble up the code so that it becomes difficult for any external entity to understand. However since this is just mapping between names-random strings the flow of execution doesn’t changes. It takes more time but you can make sense out of this code.
  • If app uses some non-ASCII chars, app decompilation might fail. Or sometimes tool might not be able to work depending upon resources within the app, you might end up with errors. These are difficult to solve, as they would vary from scenario to scenario.
  • For code patching / manipulation other tools are more preferable. Check out articles on other tools used for Reverse Engineering Android .apk & Recompiling/Repatching Android app.

 

 

Report Errors + Bugs & Become Insider for Nestedif.com

We would like to hear you, if you find any error or misspelled phrase while reading our tutorials. By reporting mistakes through email to insider@nestedif.com you could help other peers.