Tag Archives: reverse engineering

How to re-package an Android app – #apk 101 #reverseengineering

Android apps are actually (still) pretty easy to read and tweak. Although tools like Proguard are supposed to address that, a lot of developers don’t seem to bother, also any un-obfuscated APK that’s exported directly from your IDE of choice can be opened up and studied in its smali form.

One option is to use APK Manager that has a ton of options that cover most of this. But it’s also pretty easy to just do it step by step and have more control over the process, so here we go with some pseudo-bash steps:

      • Get the APK file to study or repackage with some code changes – say, test.apk
      • Download smali.jar and baksmali.jar (or the apktool, but that will have to be run a bit differently), also need a JDK with jarsigner
      • Create folders unzipped-apk/ and dex/, then:
unzip test.apk -d unzipped-apk/ # prepare the base
cp unzipped-apk/classes.dex .    # pull out dex for decompilation
rm -rf unzipped-apk/META-INF/ # remove old certificate info
java -jar baksmali.jar -o dex/ classes.dex
    • Now we can go to the dex/ folder, examine the .smali files and make the observations/changes that we need need. For example, just to study the app’s code, or comment out a pesky conditional in some method, or sprinkle a few debug printouts to understand what the app is exactly doing under the hood. When unobfuscated, smali is surprisingly easy to understand and tweak.
java -Xmx512M -jar smali.jar dex -o classes.dex # re-compiling
mv classes.dex unzipped-apk
cd unzipped-apk && zip -r new.unsigned.apk * # unsigned APK created
  • Create a key store somewhere, for example ~/android-keystore and alias “myks”, e.g.:
    • keytool -genkey -v -keystore android-keystore -alias myks -keyalg RSA -keysize 2048 -validity 10000
    • a keystore can also be created in Eclipse when exporting an APK from any Android project

    then we sign:

jarsigner -verbose -keystore ~/android-keystore \
-storepass example123 -keypass example123 -digestalg SHA1 \
-sigalg MD5withRSA \
-sigfile CERT -signedjar new.signed.apk \
new.unsigned.apk myks

So the new.signed.apk is ready to go on an Android device or an emulator. Keep in mind that it is signed with your key and is not zipaligned, but for debugging, tracing and research purposes that should not matter, right?