3. Reverse Engineering Android .apk using ApkTool to get .Smali Files

As we saw in previous article, how can we get ClassDex-Java class files via Apktool. In current post we would see how can we get .smali files from the .apk file. Basically Smali files are easy to understand if person has basic knowledge in assembly level language. Smali files have┬ámnemonic / instruction set similar to any assembly language. The advantage of choosing Smali conversion over Java class files (from classes.dex) is that, in case if we want to modify source code and reassemble to a new updated apk, this becomes seamless via Smali file. Any kind of dependencies would be removed as possibly could be observed in Java class files, since Smali is closer to machine language. One more advantage being if app is obfuscated, smali code might not be as much impacted compared to java class files – although class, variable, various identifier names etc. would be modified in Java file. Smali has fixed instruction set, so person not knowing OOP concepts it becomes easier(however understanding smali is somewhat task which needs patience).

 

 

Using Apktool to get Smali files from .apk file:

 

On completion you would notice a new folder created with name of the application, inside which you would notice Manifest XML, resources, assets/raw/certificates if present & mainly Smali files converted from the .apk. These smali files would be present inside folder named smali > app-package-name. On opening any class files you would notice instruction sets, registers, hex values, procedure calls etc. You might see some smali helper files having similar name to that of Actual Activity smali file, for now ignore them & see only Actual activity smali file.

 

If at any point you want to change application flow, then smali file would be handy for you. We can tweak into the instruction calls and can change app behavior. Becomes handy when we want to bypass some restrictions, understand some behavior via app modification, remove unwanted things from code etc. You would see this in upcoming articles on RootDetection Bypass & making app in debug mode.

 

Exceptions:

  • A Big note, Apktool depends upon framework.apk (used internally by the tool). In case if you download new version of Apktool, then make sure that you delete the older auto generated framework, otherwise you would get errors with failure in decompilation/recompilation.(Refer documentation OR Stackoverflow answer)
  • If app uses some non-ASCII chars, app decompilation might fail. Or sometimes tool might not be able to work depending upon resources within the app, you might end up with errors. These are difficult to solve, as they would vary from scenario to scenario.

 

Check out articles on Recompiling/Repatching Android app for pentesting over non-rooted device.

 

Report Errors + Bugs & Become Insider for Nestedif.com

We would like to hear you, if you find any error or misspelled phrase while reading our tutorials. By reporting mistakes through email to insider@nestedif.com you could help other peers.