2. Reverse Engineering Android .apk using ( ApkTool – D2J – JDGui ) Combination

Previously we saw getting back source code from .apk using Jadx via Reverse engineering. Here we would see same thing but using different tool set, using combination of:

1) ApkTool (Download Link)- This can extract Manifest.xml, resources, certificates, assets, layout, classes.dex or smali source code files from any .apk

2) D2J (Dex2Jar – Download Link) – Generates Jar file for corresponding classes.dex file which we got above using Apktool. (Or alternately) you can directly provide .apk file and D2J can generate Smali/Jar file directly.

3) JDGui (Download Link)- This utility takes above created .jar file and displays all java class files in human readable form.



Many times you might want to reverse engineer any .apk file in order to understand logical flow of app, find some cryptographic items, hardcoded values, forensic etc. Apktool-D2J-JDGui comes with support for all major platform Windows/Macintosh/Linux. All it needs is Java installed. ApkTool & D2J are command line & JDGui provides GUI to complete remaining process by just single click. You can use find string in currently opened class file to search any keyword. Moreover by default your decompiled code would be saved locally either Smali code or java file.

If you might not know, Apktool provides functionality of decompiling .apk source code into .smali files rather than classDex. It would be covered in next post. As an advantage it becomes easier to recompile any .apk if you modify anything from it.


Let’s understand tools in detail.

Step:1 Apktool Usage 

Following the installation mentioned in their website, you need to keep .apk which you want to decompile, apktool.jar (rename if it has version number in the name) & apktool wrapper  into /usr/local/bin (Linux/Mac) or C:\Windows (Windows). Linux/Mac users needs to give execution permission chmod+x apktool & same for apktool.jar

Execute below command where d stands for decompile, -s to get source class files as classes.dex, replace APKNAME.apk with the APK you want to extract. (java -jar is optional to write)

java -jar apktool  d  -s  APKNAME.apk


java -jar apktool.jar  d  -s  APKNAME.apk

As a result you would obtain decompiled Classes.dex file, Resources, certificates / raw / assets folders if present, Manifest.xml, layout files, strings.xml etc.


Step:2 D2J Usage 

Copy the classes.dex file obtained from above step into D2J directory.

(only Linux/Mac users) Assign execute permission to d2j-dex2jar.sh & d2j_invoke.sh  (use chmod +x  or chmod 777)

d2j-dex2jar.bat classes.dex

OR directly using APK (Alternate method without using APKtool)
d2j-dex2jar.bat APPNAME.apk

./d2j-dex2jar.sh classes.dex

OR directly using APK (Alternate method without using APKtool)
./d2j-dex2jar.sh APPNAME.apk

If you notice above commands specific to your platform either Windows/Linux/Mac, you would notice 2 different way to make Jar file.

  1. Where using classes.dex file generated by ApkTool, you generate Jar file.
  2. OR directly using apk and providing it to D2J-dex2jar you generate Jar file. Try either way if sometime you feel app decompile fails.


Step:3 JDGui Usage

JDGui is utility which helps in viewing the above generated Jar file in form of human readable Java class files. Launch JDGui and open the above created Jar file, made from above Step2. Done, now you would be able to see source code in Java form, with internal packages & 3rd party libraries as well (if used).



  • A Big note, Apktool depends upon framework.apk (used internally by the tool). In case if you update older by download new version of Apktool, then make sure that you delete the older auto generated framework, otherwise you would get errors with failure in decompilation/recompilation.(Refer documentation OR Stackoverflow answer)
  • You might see many apps with random alphabetical names like a,b,c… for class names/variables etc. This is because of obfuscation done by developer. Obfuscation is technique to jumble up the code so that it becomes difficult for any external entity to understand. However since this is just mapping between names-random strings the flow of execution doesn’t changes. It takes more time but you can make sense out of this code.
  • If app uses some non-ASCII chars, app decompilation might fail. Or sometimes tool might not be able to work depending upon resources within the app, you might end up with errors. These are difficult to solve, as they would vary from scenario to scenario.


Check out articles on using APKTool to make Smali file via Reverse Engineering Android .apk & Recompiling/Repatching Android app.


Report Errors + Bugs & Become Insider for Nestedif.com

We would like to hear you, if you find any error or misspelled phrase while reading our tutorials. By reporting mistakes through email to insider@nestedif.com you could help other peers.