Android apps are actually (still) pretty easy to read and tweak. Although tools like Proguard are supposed to address that, a lot of developers don’t seem to bother, also any un-obfuscated APK that’s exported directly from your IDE of choice can be opened up and studied in its smali form.
One option is to use APK Manager that has a ton of options that cover most of this. But it’s also pretty easy to just do it step by step and have more control over the process, so here we go with some pseudo-bash steps:
unzip test.apk -d unzipped-apk/ # prepare the base cp unzipped-apk/classes.dex . # pull out dex for decompilation rm -rf unzipped-apk/META-INF/ # remove old certificate info java -jar baksmali.jar -o dex/ classes.dex
- Now we can go to the dex/ folder, examine the .smali files and make the observations/changes that we need need. For example, just to study the app’s code, or comment out a pesky conditional in some method, or sprinkle a few debug printouts to understand what the app is exactly doing under the hood. When unobfuscated, smali is surprisingly easy to understand and tweak.
java -Xmx512M -jar smali.jar dex -o classes.dex # re-compiling mv classes.dex unzipped-apk cd unzipped-apk && zip -r new.unsigned.apk * # unsigned APK created
- Create a key store somewhere, for example ~/android-keystore and alias “myks”, e.g.:
keytool -genkey -v -keystore android-keystore -alias myks -keyalg RSA -keysize 2048 -validity 10000
- a keystore can also be created in Eclipse when exporting an APK from any Android project
then we sign:
jarsigner -verbose -keystore ~/android-keystore \ -storepass example123 -keypass example123 -digestalg SHA1 \ -sigalg MD5withRSA \ -sigfile CERT -signedjar new.signed.apk \ new.unsigned.apk myks
So the new.signed.apk is ready to go on an Android device or an emulator. Keep in mind that it is signed with your key and is not zipaligned, but for debugging, tracing and research purposes that should not matter, right?