Android开发笔记: 3.9 De-compile APK

3.9 De-compile APK

'dexdump' is from Android SDK can decompile .dex files.

3.9.1 apktool and ApkStudio

ApkTool can decode resources to nearly original form and rebuild them after making some modifications; it makes possible to debug smali code step by step. Also it makes working with an app easier because of project-like file structure and automation of some repetitive tasks like building apk, etc. A tutor of ApkTool is here. To build it, git clone git://github.com/iBotPeaches/Apktool.git; CD to ApkTool, and run ./gradlew build fatJar which will create ./brut.apktool/apktoo-cli/build/libs/apktool-xxxxx.jar; rename it to apktool.jar, and put it with Linux wrapper script.

apktool if xyz_framework.apk =>install apk to ~/apktool, not sure why need to install the frameworks

apktool d xyz.apk => decompile the apk to current folder. The Smali files are responsible for the functionality of the app

apktool b <decompiled-folder> => recompile to <decompiled-folder>/dist.

zipalign -v 4 <recompiled-apk.apk> <final-apk.apk> =>zipalign available from <sdk>/build-tools/<sdk-ver>

When I try 'adb install' to install the app, I got “INSTALL_PARSE_FAILED_NO_CERTIFICATES”. According to app-signing and SO, apk needs to be signed, even not for release to market, even with debug build; And the sign needs to be done before zipalign. So like this:

keytool -genkey -v -keystore release-key.keystore -alias myky -keyalg RSA -keysize 2048 -validity 10000

jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore release-key.keystore my.apk myky

zipalign -v 4 my.apk my_align.apk

To use the debug key, refer to this SO: jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore /the/path/debug.keystore -storepass android -keypass android my_application.apk androiddebugkey

On Windows, the keystore is in %HOMEPATH%\.android\debug.keystore, on linux it is ~/.android/debug.keystore,

ApkStudio is a IDE of ApkTool, available at github: git clone http://github.com/vaibhavpandeyvpz/apkstudio.git (don't use https as it requires login). Building ApkStudio needs qt, which is a little annoying to install. Especially it needs Qt5. Build steps:

cd apkstudio
lrelease res/lang/en.ts
qmake apkstudio.pro CONFIG+=release

If complains: QRegularExpression: No such file. The author said should use qt5 instead of qt4. However I installed both qtbase5-dev and qttools5-dev, but still cannot get it resolved. Find the author's wiki: need to use Qt Creator to load and build the project. At the end, it just like the apktool, no java source would be created.

3.9.2 Jadx

Open-source APK and DEX decompiler jadx decompiles .class and .jar files, but also it produces Java source code from Android Dex and Apk files. The problem with Jadx is bugs creating wrong code, like make <activity android:theme="@style/Theme.AndroidDm" wrongly to <activity android:theme="@style/Theme_AndroidDm". Also, Jadx kind of remove all binaries except Java and xml files. So for the iFunTV case, all JNI lib, png/gif/txt files are not there. Some unreachable code which unlikely be the original code. It also put res folder under asset. The resource xml files might also have issue which will impact Eclipse to properly creat the R.java. Also, pay attention that Jadx may fail to decompile certain code, and it will post a exception at runtime with code like this:

throw new UnsupportedOperationException("Method not decompiled: hdp.http.MyApp.Getcodeing(java.io.File):java.lang.String");

Another big problem with Jadx output is somehow for some switch/case, it won't generate 'break' instruction.

Version 0.6.1 fixed some issue as the generated code can be imported to Eclipse as Android project, w/o needs of update xml files.

3.9.3 Dex2jar, JD-GUI, and AndroidDecompiler

Dex2jar is a tools to work with android .dex and java .class files, refer how-to-use-dextojar. JD-GUI is a Java Decompiler. I did git clone https://github.com/pxb1988/dex2jar, then go to the folder and export JAVA_HOME to jdk root and run gradlew. This can build, but I cannot find shell script for running it. So maybe the easy way is download from SF. Run d2j-dex2jar.sh iFunTV.apk will create iFunTV-dex2jar.jar. After this, still need JD-GUI(source available at github) or JAD to decompile class file to java source. JD-GUI may also has bug, like incorrectly translate for loop to label. Also in Java an object ref can be reused, if see a decompiled has an Object type variable which may be casted to different type later, and there is no range overlap for the different type, better change it to two ref with the corresponding type. So may try the out-date JAD which is not open source and not maintained since 2011.

-s option for change output file extension: jad -sjava example1.class

-p for output redirection: jad -p example1.class > myexm1.java

For my case, extract the jar of dex2jar's output will create a tree: my-dex2jar, then run jad -o -r -sjava -dsrc my-dex2jar/**/*.class

Too bad seeing this: The class file version is 50.0 (only 45.3, 46.0 and 47.0 are supported)

AndroidDecompiler is a reference of using ApkTool, dex2jar and jd-core. It has not been update since Oct 2 2014. The last one has Dex2Jar :Version 0.0.9.15, apktool : Version 1.5.2, JD-Core-Java : Version 1.2 and Artistic Style (astyle) : Version 2.04

Except the Astyle, all other in the git are just jar and scripts. So no need to build. This tools set is also very buggy, run it with bash like this: bash decompileAPK.sh -o out_folder target.apk, and it generates a lot of java exception during run. Any way, just take the output as reference only.

3.9.4 Tips and Conclusion

As mentioned above, no tools is perfect. My experience is using Jadx for decompile the Java source. Find out all external library and remove those Java code for those libs, use those libs' Jar instead. Remove the res folder from Jadx's output, take the res from apktool's output. Also copy all asset raw files and JNI libs over. Fix compiling errors. Use this online converter for viewing unicode.