Wednesday, August 14, 2013

Reversing an android app (for Beginners)

You might want to reverse an Android application for various reasons. Such as figuring out if it is a malware or not, figuring out how they implemented something, trying to find some vulnerability, etc.

This is one of the toolchains you can use to accomplish this task. There might be easier and more efficient ways to do it but this is how I prefer doing it. Another method I like is using apktool which I will cover in another post.

(Disclaimer: All the commands used are for Linux/Mac OS. they will differ if you are using Windows)

The basic steps involved in reversing an android app are:

  • Extracting the .apk file
  • Converting the .apk to a .jar file
  • Retrieving the .class and .so (if any) files from the JAR
  • Analyzing the files
  • (Optional) Reassemble the files into a .apk
Here are some tools/software you will need:
Step 1:
Extracting the .apk file

Most of the times you would download the application from the Google Play store. If not you should try to follow that practice since it is the most reliable source. At the end of this post you will know why it is not safe to download any app from an untrusted 3rd Party.

Make sure your phone has USB Debugging turned on.

To check if your phone is properly connected :

$adb devices

This should show you your device connected. 

There are various ways to actually extract the apk file from the device. But the one I am mentioning works on both rooted and unrooted phones. I got this one from stack overflow.

To list what apps are currently installed on the device enter this in the terminal

$adb shell pm list packages

Select the app you want prom its package name and take a backup of only that app:

$adb backup -apk <package name>

for eg

$adb backup -apk com.instagram.android

Follow the instructions on the phone to take the backup. Do not worry it will not erase any data. Make sure you do NOT encrypt the backup.

This creates a .ab file in your current directory. To extract your apk file from this use the following command

$dd if=backup.ab bs=24 skip=1 | openssl zlib -d > application.tar

Now you can extract the application.tar and retrieve the apk.


Step 2:
Converting the .apk file to a jar file

apk is a form of a zip file so you may try to extract the contents of the apk you just got. But all that will give you is the android manifest file which is really important and a .dex file which is almost not readable.

To convert the apk to a jar file we will use dex2jar which can be downloaded from https://code.google.com/p/dex2jar/downloads/list

to convert your file use the following command

$sh /path/to/dex2jar/d2j-dex2jar.sh  /path/to/apk

This will create a .jar file in the same directory as the apk file.

Step 3:
Viewing the java classes and shared objects in the jar

To view and edit the java classes we can use the JD-GUI (http://java.decompiler.free.fr/?q=jdgui)

Open the downloaded folder and run jd-gui.
From within jd-gui you can open the .jar file and it will show you all the files of the application.


Step 4:
Analyzing the files.

The Java classes can be easily analyzed from jd-gui itself but as far as the shared object (.so) files are concerned you will have to use a separate decompiler such as IDA(https://www.hex-rays.com/products/ida/index.shtml).
For most android applications the free version of IDA will not work since it does not support ARM code in the free version.

Using IDA is not an easy task and I am myself still learning it and hence wont go into details here.

Step 5:
Reassemble the files into an apk.

In case you have made changes to the initial files and want to reassemble it into a new Android application you can use Smali (https://code.google.com/p/smali/downloads/list).





Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)