SlideShare ist ein Scribd-Unternehmen logo

Extract source code from an Android apk file

Biwin John
Biwin John

A simple step by step tutorial with amazing visuals on how to reverse engineer an Android apk file. Leave your comments below if any. thanks -biwin

Technologie
1 von 32
#AndroidHacks Extract Soucre Code from an Android APK file © CambakLabs
Biwin John | @xkaterboi
disclaimer This presentation is intented only for educational puropose . Any actions and/or activities related to the information contained in the presentation is solely your responsiblity. The misuse of the information in this presentation/file may result in criminal charges brought against the person in question. THE AUTHOR AND ANY AUTHORITY(IES) RELATED WITH THIS PRESENTATION WILL NOT HOLD ANY RESPONSIBILITY IN ANYCASE FOR YOUR ACTIONS. Do not encourage to use this information to hack/crack any applications.
inspiration “ ” THE HARD DRIVE ON MY LAPTOP JUST CRASHED AND I LOST ALL THE SOURCE CODE FOR AN APP THAT I HAVE BEEN WORKING ON FOR THE PAST TWO MONTHS (I KNOW I AM AN IDIOT FOR NOT BACKING IT UP) ALL I HAVE IS THE APK FILE THAT IS STORED IN MY EMAIL FROM WHEN I SENT IT TO A FRIEND. MY QUESTION IS: IS THERE ANY WAY TO EXTRACT MY SOURCE CODE FROM THIS APK FILE? I REALIZE THAT IS IS MOST LIKELY A SHOT IN THE DARK... BUT I AM REALLY DESPERATE. asked on stackoverflow.com by Frank Bozzo, © 2013 Stack Exchange Inc
What We’re gonna do now? > Extract the Source code and resources from an android application package (.apk) file.
The tool kit > a valid apk file > dex2jar ¹ > java decompiler ² > apktool ³ > apktool installer 4 ¹ http://code.google.com/p/dex2jar/downloads/detail?name=dex2jar-0.0.9.9.zip ² http://www.4shared.com/zip/MIIaULpa/jd-gui-033windows.html ³ http://code.google.com/p/android-apktool/downloads/detail?name=apktool-install-windows-r04-brut1.tar.bz2 4 http://code.google.com/p/android-apktool/downloads/detail?name=apktool1.4.1.tar.bz2&can=2&q=
lets get started
Step 1 Download all the files in the toolkit and the desired apk, move them to a directory.
Step 2 Rename the desired apk to zip. eg: myapp.apk to myapp.zip
so here’s how to show the filetypes in windows 7
Step 3 Extract myapp.zip to a new folder. use archiving apps like 7zip, WinRAR etc.
Step 4 after the extraction, rename myapp.zip back to myapp.apk.
Step 5 Extract all the downloaded files to the same directory.
Step 6 move all the extracted files to the myapp directory.
Step 7 now our playground, myapp dir must look something like this.
the application files are extracted now but they are hexcodes, just machine readable, manifest.xml just reads like this.
Step 8 Open the windows command prompt. WinKey + R type ‘cmd’ inside the dialogue box, press Enter.
Step 9 Navigate cmd to the folder that you are working on. ‘cd’ <dir name> changes directory ‘cd ..’ navigate to the top level (back) ‘dir /w’ list the files by just names here I’ve used cd downloadstestmyapp as my ‘myapp’ folder inside the directory named ‘test’ inside the ‘downloads’ dir.
Step 10 type the command "dex2jar classes.dex" and press enter. This will generate "classes.dex.dex2jar" file in the same folder.
Step 11 double click to open the java decompiler (jd-gui.exe) shows the file ‘jd-gui.exe’ and the ‘classes_dex.jar.jar’ created by the previouscommand
Step 12 Open the jar file, browse for ‘classes_dex.jar.jar’ click open.
Step 13 Select save all sources, make a folder ‘sources’ in myapp then click save. Extract the Zip file in sources to get souce files
A Java class Just Extracted New Born:
Step 14 Now lets extract the xml files on the command line type ‘apktool if framework-res.apk’ press enter. //this should result in ‘Framework installed’
Step 15 on the command prompt type ‘apktool d myapp.apk’ (where myapp should be replaced with the apk name).
This creates a folder named myapp inside our working folder which contains all the xml files of the app.
the manifest.xml file just generated. Decoded:
okay now we are almost done, move the folder ‘sources’ to the folder myapp
HAVE FUN WITH ANDROID. RESCPECT OTHER DEVELOPERS
Questions? Twitter: @xkaterboi
thanks for watching!
@xkaterboi©CambakLabs Biwin John

Empfohlen

Basic reverse engineering steps about .apk file
Basic reverse engineering steps about .apk fileBasic reverse engineering steps about .apk file
Basic reverse engineering steps about .apk fileCarl Lu
 
Getting root with benign app store apps vsecurityfest
Getting root with benign app store apps vsecurityfestGetting root with benign app store apps vsecurityfest
Getting root with benign app store apps vsecurityfestCsaba Fitzl
 
Laravel Code Generators and Packages
Laravel Code Generators and PackagesLaravel Code Generators and Packages
Laravel Code Generators and PackagesPovilas Korop
 
React Ecosystem
React EcosystemReact Ecosystem
React EcosystemCraig Jolicoeur
 
GateKeeper - bypass or not bypass?
GateKeeper - bypass or not bypass?GateKeeper - bypass or not bypass?
GateKeeper - bypass or not bypass?Csaba Fitzl
 
Console Apps: php artisan forthe:win
Console Apps: php artisan forthe:winConsole Apps: php artisan forthe:win
Console Apps: php artisan forthe:winJoe Ferguson
 
The new features of PHP 7
The new features of PHP 7The new features of PHP 7
The new features of PHP 7Zend by Rogue Wave Software
 
Secure Ftp Java Style Rev004
Secure Ftp Java Style Rev004Secure Ftp Java Style Rev004
Secure Ftp Java Style Rev004Rich Helton
 

Empfohlen

Basic reverse engineering steps about .apk file
Basic reverse engineering steps about .apk fileBasic reverse engineering steps about .apk file
Basic reverse engineering steps about .apk fileCarl Lu
 
Getting root with benign app store apps vsecurityfest
Getting root with benign app store apps vsecurityfestGetting root with benign app store apps vsecurityfest
Getting root with benign app store apps vsecurityfestCsaba Fitzl
 
Laravel Code Generators and Packages
Laravel Code Generators and PackagesLaravel Code Generators and Packages
Laravel Code Generators and PackagesPovilas Korop
 
React Ecosystem
React EcosystemReact Ecosystem
React EcosystemCraig Jolicoeur
 
GateKeeper - bypass or not bypass?
GateKeeper - bypass or not bypass?GateKeeper - bypass or not bypass?
GateKeeper - bypass or not bypass?Csaba Fitzl
 
Console Apps: php artisan forthe:win
Console Apps: php artisan forthe:winConsole Apps: php artisan forthe:win
Console Apps: php artisan forthe:winJoe Ferguson
 
The new features of PHP 7
The new features of PHP 7The new features of PHP 7
The new features of PHP 7Zend by Rogue Wave Software
 
Secure Ftp Java Style Rev004
Secure Ftp Java Style Rev004Secure Ftp Java Style Rev004
Secure Ftp Java Style Rev004Rich Helton
 
Let the contribution begin
Let the contribution beginLet the contribution begin
Let the contribution beginSeongJae Park
 
Python/Flask Presentation
Python/Flask PresentationPython/Flask Presentation
Python/Flask PresentationParag Mujumdar
 
Get started with git and github
Get started with git and githubGet started with git and github
Get started with git and githubAnna-Christina Kolandjian
 
Take a Stroll in the Bazaar
Take a Stroll in the BazaarTake a Stroll in the Bazaar
Take a Stroll in the BazaarMyles Braithwaite
 
Flask
FlaskFlask
FlaskMamta Kumari
 
Graduating to Jenkins CI for Ruby(-on-Rails) Teams
Graduating to Jenkins CI for Ruby(-on-Rails) TeamsGraduating to Jenkins CI for Ruby(-on-Rails) Teams
Graduating to Jenkins CI for Ruby(-on-Rails) TeamsDaniel Doubrovkine
 
Is Your App Hackable for droidcon Berlin 2015
Is Your App Hackable for droidcon Berlin 2015Is Your App Hackable for droidcon Berlin 2015
Is Your App Hackable for droidcon Berlin 2015Licel
 
JavaScript tools
JavaScript toolsJavaScript tools
JavaScript toolsHazem Saleh
 
Making it Work Offline: Current & Future Offline APIs for Web Apps
Making it Work Offline: Current & Future Offline APIs for Web AppsMaking it Work Offline: Current & Future Offline APIs for Web Apps
Making it Work Offline: Current & Future Offline APIs for Web AppsNatasha Rooney
 
LetSwift 2017 - 토스 iOS 앱의 개발/배포 환경
LetSwift 2017 - 토스 iOS 앱의 개발/배포 환경LetSwift 2017 - 토스 iOS 앱의 개발/배포 환경
LetSwift 2017 - 토스 iOS 앱의 개발/배포 환경Mintak Son
 
Continuous integration with Git & CI Joe
Continuous integration with Git & CI JoeContinuous integration with Git & CI Joe
Continuous integration with Git & CI JoeShawn Price
 
Debugging Your Plone Site
Debugging Your Plone SiteDebugging Your Plone Site
Debugging Your Plone Sitecdw9
 
How to recognise that the user has just uninstalled your app
How to recognise that the user has just uninstalled your appHow to recognise that the user has just uninstalled your app
How to recognise that the user has just uninstalled your appAleksander Piotrowski
 
Android Lab
Android LabAndroid Lab
Android LabLeo Nguyen
 
C#Web Sec Oct27 2010 Final
C#Web Sec Oct27 2010 FinalC#Web Sec Oct27 2010 Final
C#Web Sec Oct27 2010 FinalRich Helton
 
Slides Aquarium Paris 2008
Slides Aquarium Paris 2008Slides Aquarium Paris 2008
Slides Aquarium Paris 2008julien.ponge
 
GREAT STEP 2. TDD & MockMVC
GREAT STEP 2. TDD & MockMVCGREAT STEP 2. TDD & MockMVC
GREAT STEP 2. TDD & MockMVCCovenant Ko
 
Android Internal Library Management
Android Internal Library ManagementAndroid Internal Library Management
Android Internal Library ManagementKelly Shuster
 
Composer
ComposerComposer
ComposerFederico Damián Lozada Mosto
 
Shift Remote: Mobile - Devops-ify your life with Github Actions - Nicola Cort...
Shift Remote: Mobile - Devops-ify your life with Github Actions - Nicola Cort...Shift Remote: Mobile - Devops-ify your life with Github Actions - Nicola Cort...
Shift Remote: Mobile - Devops-ify your life with Github Actions - Nicola Cort...Shift Conference
 
Extracting source code of apk file
Extracting source code of apk fileExtracting source code of apk file
Extracting source code of apk fileDeepanshu Gajbhiye
 
How to re sign a android apk file for app testing
How to re sign a android apk file for app testingHow to re sign a android apk file for app testing
How to re sign a android apk file for app testingRaman Gowda Hullur
 

Weitere ähnliche Inhalte

Was ist angesagt?

Let the contribution begin
Let the contribution beginLet the contribution begin
Let the contribution beginSeongJae Park
 
Python/Flask Presentation
Python/Flask PresentationPython/Flask Presentation
Python/Flask PresentationParag Mujumdar
 
Graduating to Jenkins CI for Ruby(-on-Rails) Teams
Graduating to Jenkins CI for Ruby(-on-Rails) TeamsGraduating to Jenkins CI for Ruby(-on-Rails) Teams
Graduating to Jenkins CI for Ruby(-on-Rails) TeamsDaniel Doubrovkine
 
Is Your App Hackable for droidcon Berlin 2015
Is Your App Hackable for droidcon Berlin 2015Is Your App Hackable for droidcon Berlin 2015
Is Your App Hackable for droidcon Berlin 2015Licel
 
JavaScript tools
JavaScript toolsJavaScript tools
JavaScript toolsHazem Saleh
 
Making it Work Offline: Current & Future Offline APIs for Web Apps
Making it Work Offline: Current & Future Offline APIs for Web AppsMaking it Work Offline: Current & Future Offline APIs for Web Apps
Making it Work Offline: Current & Future Offline APIs for Web AppsNatasha Rooney
 
LetSwift 2017 - 토스 iOS 앱의 개발/배포 환경
LetSwift 2017 - 토스 iOS 앱의 개발/배포 환경LetSwift 2017 - 토스 iOS 앱의 개발/배포 환경
LetSwift 2017 - 토스 iOS 앱의 개발/배포 환경Mintak Son
 
Continuous integration with Git & CI Joe
Continuous integration with Git & CI JoeContinuous integration with Git & CI Joe
Continuous integration with Git & CI JoeShawn Price
 
Debugging Your Plone Site
Debugging Your Plone SiteDebugging Your Plone Site
Debugging Your Plone Sitecdw9
 
How to recognise that the user has just uninstalled your app
How to recognise that the user has just uninstalled your appHow to recognise that the user has just uninstalled your app
How to recognise that the user has just uninstalled your appAleksander Piotrowski
 
C#Web Sec Oct27 2010 Final
C#Web Sec Oct27 2010 FinalC#Web Sec Oct27 2010 Final
C#Web Sec Oct27 2010 FinalRich Helton
 
Slides Aquarium Paris 2008
Slides Aquarium Paris 2008Slides Aquarium Paris 2008
Slides Aquarium Paris 2008julien.ponge
 
GREAT STEP 2. TDD & MockMVC
GREAT STEP 2. TDD & MockMVCGREAT STEP 2. TDD & MockMVC
GREAT STEP 2. TDD & MockMVCCovenant Ko
 
Android Internal Library Management
Android Internal Library ManagementAndroid Internal Library Management
Android Internal Library ManagementKelly Shuster
 
Shift Remote: Mobile - Devops-ify your life with Github Actions - Nicola Cort...
Shift Remote: Mobile - Devops-ify your life with Github Actions - Nicola Cort...Shift Remote: Mobile - Devops-ify your life with Github Actions - Nicola Cort...
Shift Remote: Mobile - Devops-ify your life with Github Actions - Nicola Cort...Shift Conference
 

Was ist angesagt? (20)

Let the contribution begin
Let the contribution beginLet the contribution begin
Let the contribution begin
 
Python/Flask Presentation
Python/Flask PresentationPython/Flask Presentation
Python/Flask Presentation
 
Get started with git and github
Get started with git and githubGet started with git and github
Get started with git and github
 
Take a Stroll in the Bazaar
Take a Stroll in the BazaarTake a Stroll in the Bazaar
Take a Stroll in the Bazaar
 
Flask
FlaskFlask
Flask
 
Graduating to Jenkins CI for Ruby(-on-Rails) Teams
Graduating to Jenkins CI for Ruby(-on-Rails) TeamsGraduating to Jenkins CI for Ruby(-on-Rails) Teams
Graduating to Jenkins CI for Ruby(-on-Rails) Teams
 
Is Your App Hackable for droidcon Berlin 2015
Is Your App Hackable for droidcon Berlin 2015Is Your App Hackable for droidcon Berlin 2015
Is Your App Hackable for droidcon Berlin 2015
 
JavaScript tools
JavaScript toolsJavaScript tools
JavaScript tools
 
Making it Work Offline: Current & Future Offline APIs for Web Apps
Making it Work Offline: Current & Future Offline APIs for Web AppsMaking it Work Offline: Current & Future Offline APIs for Web Apps
Making it Work Offline: Current & Future Offline APIs for Web Apps
 
LetSwift 2017 - 토스 iOS 앱의 개발/배포 환경
LetSwift 2017 - 토스 iOS 앱의 개발/배포 환경LetSwift 2017 - 토스 iOS 앱의 개발/배포 환경
LetSwift 2017 - 토스 iOS 앱의 개발/배포 환경
 
Continuous integration with Git & CI Joe
Continuous integration with Git & CI JoeContinuous integration with Git & CI Joe
Continuous integration with Git & CI Joe
 
Debugging Your Plone Site
Debugging Your Plone SiteDebugging Your Plone Site
Debugging Your Plone Site
 
How to recognise that the user has just uninstalled your app
How to recognise that the user has just uninstalled your appHow to recognise that the user has just uninstalled your app
How to recognise that the user has just uninstalled your app
 
Android Lab
Android LabAndroid Lab
Android Lab
 
C#Web Sec Oct27 2010 Final
C#Web Sec Oct27 2010 FinalC#Web Sec Oct27 2010 Final
C#Web Sec Oct27 2010 Final
 
Slides Aquarium Paris 2008
Slides Aquarium Paris 2008Slides Aquarium Paris 2008
Slides Aquarium Paris 2008
 
GREAT STEP 2. TDD & MockMVC
GREAT STEP 2. TDD & MockMVCGREAT STEP 2. TDD & MockMVC
GREAT STEP 2. TDD & MockMVC
 
Android Internal Library Management
Android Internal Library ManagementAndroid Internal Library Management
Android Internal Library Management
 
Composer
ComposerComposer
Composer
 
Shift Remote: Mobile - Devops-ify your life with Github Actions - Nicola Cort...
Shift Remote: Mobile - Devops-ify your life with Github Actions - Nicola Cort...Shift Remote: Mobile - Devops-ify your life with Github Actions - Nicola Cort...
Shift Remote: Mobile - Devops-ify your life with Github Actions - Nicola Cort...
 

Andere mochten auch

Extracting source code of apk file
Extracting source code of apk fileExtracting source code of apk file
Extracting source code of apk fileDeepanshu Gajbhiye
 
How to re sign a android apk file for app testing
How to re sign a android apk file for app testingHow to re sign a android apk file for app testing
How to re sign a android apk file for app testingRaman Gowda Hullur
 
All you need to know when designing RESTful APIs
All you need to know when designing RESTful APIsAll you need to know when designing RESTful APIs
All you need to know when designing RESTful APIsJesús Espejo
 
Rancangan perniagaan frozen food fazil&hayrold
Rancangan perniagaan frozen food fazil&hayroldRancangan perniagaan frozen food fazil&hayrold
Rancangan perniagaan frozen food fazil&hayroldwani5
 
Perniagaan Bakeri
Perniagaan BakeriPerniagaan Bakeri
Perniagaan Bakeriaasyiqin
 
Slide rancangan perniagaan
Slide rancangan perniagaanSlide rancangan perniagaan
Slide rancangan perniagaanZulkifli Hamzah
 

Andere mochten auch (7)

Extracting source code of apk file
Extracting source code of apk fileExtracting source code of apk file
Extracting source code of apk file
 
How to re sign a android apk file for app testing
How to re sign a android apk file for app testingHow to re sign a android apk file for app testing
How to re sign a android apk file for app testing
 
All you need to know when designing RESTful APIs
All you need to know when designing RESTful APIsAll you need to know when designing RESTful APIs
All you need to know when designing RESTful APIs
 
Rancangan perniagaan frozen food fazil&hayrold
Rancangan perniagaan frozen food fazil&hayroldRancangan perniagaan frozen food fazil&hayrold
Rancangan perniagaan frozen food fazil&hayrold
 
Perniagaan Bakeri
Perniagaan BakeriPerniagaan Bakeri
Perniagaan Bakeri
 
Slide rancangan perniagaan
Slide rancangan perniagaanSlide rancangan perniagaan
Slide rancangan perniagaan
 
Rancangan perniagaan
Rancangan perniagaanRancangan perniagaan
Rancangan perniagaan
 

Ähnlich wie Extract source code from an Android apk file

18IF004_CNS.docx
18IF004_CNS.docx18IF004_CNS.docx
18IF004_CNS.docxRajAmbere1
 
Bai thuc hanh lap trinh Android so 1
Bai thuc hanh lap trinh Android so 1Bai thuc hanh lap trinh Android so 1
Bai thuc hanh lap trinh Android so 1Frank Pham
 
pentest mobile app issue
pentest mobile app issuepentest mobile app issue
pentest mobile app issueshekar M
 
Google Glass Mirror API Setup
Google Glass Mirror API SetupGoogle Glass Mirror API Setup
Google Glass Mirror API SetupDiana Michelle
 
Installing android sdk on net beans
Installing android sdk on net beansInstalling android sdk on net beans
Installing android sdk on net beansAravindharamanan S
 
12 simple steps to prepare your i os app for development and distribution (1)...
12 simple steps to prepare your i os app for development and distribution (1)...12 simple steps to prepare your i os app for development and distribution (1)...
12 simple steps to prepare your i os app for development and distribution (1)...Katy Slemon
 
Null Dubai Humla_Romansh_Yadav_Android_app_pentesting
Null Dubai Humla_Romansh_Yadav_Android_app_pentestingNull Dubai Humla_Romansh_Yadav_Android_app_pentesting
Null Dubai Humla_Romansh_Yadav_Android_app_pentestingRomansh Yadav
 
Hacking Tutorial for Apps
Hacking Tutorial for AppsHacking Tutorial for Apps
Hacking Tutorial for AppsGrant Eaton
 
Kinect installation guide
Kinect installation guideKinect installation guide
Kinect installation guidegilmsdn
 
Android development session
Android development sessionAndroid development session
Android development sessionEsraa Ibrahim
 
Android security and penetration testing | DIVA | Yogesh Ojha
Android security and penetration testing | DIVA | Yogesh OjhaAndroid security and penetration testing | DIVA | Yogesh Ojha
Android security and penetration testing | DIVA | Yogesh OjhaYogesh Ojha
 
Android hello world application tutorial #1
Android hello world application tutorial #1Android hello world application tutorial #1
Android hello world application tutorial #1Yasmine Sherif EL-Adly
 
Drop box & blog posting insturctions
Drop box & blog posting insturctionsDrop box & blog posting insturctions
Drop box & blog posting insturctionseddientennis
 
selenium-2-mobile-web-testing
selenium-2-mobile-web-testingselenium-2-mobile-web-testing
selenium-2-mobile-web-testinghugs
 
Firebase crashlytics integration in iOS swift (dSYM File Required Problem Res...
Firebase crashlytics integration in iOS swift (dSYM File Required Problem Res...Firebase crashlytics integration in iOS swift (dSYM File Required Problem Res...
Firebase crashlytics integration in iOS swift (dSYM File Required Problem Res...InnovationM
 

Ähnlich wie Extract source code from an Android apk file (20)

I phone versus windows phone 7 coding
I phone versus windows phone 7 codingI phone versus windows phone 7 coding
I phone versus windows phone 7 coding
 
18IF004_CNS.docx
18IF004_CNS.docx18IF004_CNS.docx
18IF004_CNS.docx
 
Bai thuc hanh lap trinh Android so 1
Bai thuc hanh lap trinh Android so 1Bai thuc hanh lap trinh Android so 1
Bai thuc hanh lap trinh Android so 1
 
pentest mobile app issue
pentest mobile app issuepentest mobile app issue
pentest mobile app issue
 
Google Glass Mirror API Setup
Google Glass Mirror API SetupGoogle Glass Mirror API Setup
Google Glass Mirror API Setup
 
Installing android sdk on net beans
Installing android sdk on net beansInstalling android sdk on net beans
Installing android sdk on net beans
 
Appium- part 1
Appium- part 1Appium- part 1
Appium- part 1
 
Mobile Web vs. Native Apps
Mobile Web vs. Native AppsMobile Web vs. Native Apps
Mobile Web vs. Native Apps
 
12 simple steps to prepare your i os app for development and distribution (1)...
12 simple steps to prepare your i os app for development and distribution (1)...12 simple steps to prepare your i os app for development and distribution (1)...
12 simple steps to prepare your i os app for development and distribution (1)...
 
Fin fisher's spy kit
Fin fisher's spy kitFin fisher's spy kit
Fin fisher's spy kit
 
Null Dubai Humla_Romansh_Yadav_Android_app_pentesting
Null Dubai Humla_Romansh_Yadav_Android_app_pentestingNull Dubai Humla_Romansh_Yadav_Android_app_pentesting
Null Dubai Humla_Romansh_Yadav_Android_app_pentesting
 
Hacking Tutorial for Apps
Hacking Tutorial for AppsHacking Tutorial for Apps
Hacking Tutorial for Apps
 
Kinect installation guide
Kinect installation guideKinect installation guide
Kinect installation guide
 
Android development session
Android development sessionAndroid development session
Android development session
 
First android app for workshop using android studio
First android app for workshop using android studio First android app for workshop using android studio
First android app for workshop using android studio
 
Android security and penetration testing | DIVA | Yogesh Ojha
Android security and penetration testing | DIVA | Yogesh OjhaAndroid security and penetration testing | DIVA | Yogesh Ojha
Android security and penetration testing | DIVA | Yogesh Ojha
 
Android hello world application tutorial #1
Android hello world application tutorial #1Android hello world application tutorial #1
Android hello world application tutorial #1
 
Drop box & blog posting insturctions
Drop box & blog posting insturctionsDrop box & blog posting insturctions
Drop box & blog posting insturctions
 
selenium-2-mobile-web-testing
selenium-2-mobile-web-testingselenium-2-mobile-web-testing
selenium-2-mobile-web-testing
 
Firebase crashlytics integration in iOS swift (dSYM File Required Problem Res...
Firebase crashlytics integration in iOS swift (dSYM File Required Problem Res...Firebase crashlytics integration in iOS swift (dSYM File Required Problem Res...
Firebase crashlytics integration in iOS swift (dSYM File Required Problem Res...
 

Kürzlich hochgeladen

Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesBoston Institute of Analytics
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 

Kürzlich hochgeladen (20)

Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 

Extract source code from an Android apk file

  • 1. #AndroidHacks Extract Soucre Code from an Android APK file © CambakLabs
  • 2. Biwin John | @xkaterboi
  • 3. disclaimer This presentation is intented only for educational puropose . Any actions and/or activities related to the information contained in the presentation is solely your responsiblity. The misuse of the information in this presentation/file may result in criminal charges brought against the person in question. THE AUTHOR AND ANY AUTHORITY(IES) RELATED WITH THIS PRESENTATION WILL NOT HOLD ANY RESPONSIBILITY IN ANYCASE FOR YOUR ACTIONS. Do not encourage to use this information to hack/crack any applications.
  • 4. inspiration “ ” THE HARD DRIVE ON MY LAPTOP JUST CRASHED AND I LOST ALL THE SOURCE CODE FOR AN APP THAT I HAVE BEEN WORKING ON FOR THE PAST TWO MONTHS (I KNOW I AM AN IDIOT FOR NOT BACKING IT UP) ALL I HAVE IS THE APK FILE THAT IS STORED IN MY EMAIL FROM WHEN I SENT IT TO A FRIEND. MY QUESTION IS: IS THERE ANY WAY TO EXTRACT MY SOURCE CODE FROM THIS APK FILE? I REALIZE THAT IS IS MOST LIKELY A SHOT IN THE DARK... BUT I AM REALLY DESPERATE. asked on stackoverflow.com by Frank Bozzo, © 2013 Stack Exchange Inc
  • 5. What We’re gonna do now? > Extract the Source code and resources from an android application package (.apk) file.
  • 6. The tool kit > a valid apk file > dex2jar ¹ > java decompiler ² > apktool ³ > apktool installer 4 ¹ http://code.google.com/p/dex2jar/downloads/detail?name=dex2jar-0.0.9.9.zip ² http://www.4shared.com/zip/MIIaULpa/jd-gui-033windows.html ³ http://code.google.com/p/android-apktool/downloads/detail?name=apktool-install-windows-r04-brut1.tar.bz2 4 http://code.google.com/p/android-apktool/downloads/detail?name=apktool1.4.1.tar.bz2&can=2&q=
  • 8. Step 1 Download all the files in the toolkit and the desired apk, move them to a directory.
  • 9. Step 2 Rename the desired apk to zip. eg: myapp.apk to myapp.zip
  • 10. so here’s how to show the filetypes in windows 7
  • 11. Step 3 Extract myapp.zip to a new folder. use archiving apps like 7zip, WinRAR etc.
  • 12. Step 4 after the extraction, rename myapp.zip back to myapp.apk.
  • 13. Step 5 Extract all the downloaded files to the same directory.
  • 14. Step 6 move all the extracted files to the myapp directory.
  • 15. Step 7 now our playground, myapp dir must look something like this.
  • 16. the application files are extracted now but they are hexcodes, just machine readable, manifest.xml just reads like this.
  • 17. Step 8 Open the windows command prompt. WinKey + R type ‘cmd’ inside the dialogue box, press Enter.
  • 18. Step 9 Navigate cmd to the folder that you are working on. ‘cd’ <dir name> changes directory ‘cd ..’ navigate to the top level (back) ‘dir /w’ list the files by just names here I’ve used cd downloadstestmyapp as my ‘myapp’ folder inside the directory named ‘test’ inside the ‘downloads’ dir.
  • 19. Step 10 type the command "dex2jar classes.dex" and press enter. This will generate "classes.dex.dex2jar" file in the same folder.
  • 20. Step 11 double click to open the java decompiler (jd-gui.exe) shows the file ‘jd-gui.exe’ and the ‘classes_dex.jar.jar’ created by the previouscommand
  • 21. Step 12 Open the jar file, browse for ‘classes_dex.jar.jar’ click open.
  • 22. Step 13 Select save all sources, make a folder ‘sources’ in myapp then click save. Extract the Zip file in sources to get souce files
  • 23. A Java class Just Extracted New Born:
  • 24. Step 14 Now lets extract the xml files on the command line type ‘apktool if framework-res.apk’ press enter. //this should result in ‘Framework installed’
  • 25. Step 15 on the command prompt type ‘apktool d myapp.apk’ (where myapp should be replaced with the apk name).
  • 26. This creates a folder named myapp inside our working folder which contains all the xml files of the app.
  • 27. the manifest.xml file just generated. Decoded:
  • 28. okay now we are almost done, move the folder ‘sources’ to the folder myapp