Android decompilation process and apk decompilation repackaging signature

News 2023-09-12 04:43:29 views: null

As an Android developer, I often need to learn other people’s excellent code. Originally there are many open source project codes on GitHub, but sometimes when I encounter the function I want when using the software, I want to learn When implementing the code, you need to use the decompilation technology at this time. Under normal circumstances, after an Android application is packaged into an apk, the resource files and codes used to develop the application can no longer be seen. However, we provide some tools online, and you can still decompile the apk. After the apk is decompiled, we can see the resource files (pictures), layout, styles, related implementation codes, etc. used to develop this application. apk Decompilation can be regarded as a more practical skill in Android development. When we are interested in applications developed by others, we can use this technical means to decompile the apk packaged by others, and then we can see what we feel. Interesting content. Decompiling does not allow developers to crack and reinstall an application. The main purpose is to promote developers to learn, learn from good code, and improve their self-development level.

1. Decompilation tools

  1. apktool (resource file acquisition), download address: https://ibotpeaches.github.io/Apktool/install
  2. dex2jar (source code file acquisition), download address: https://github.com/pxb1988/dex2jar
  3. jd-gui (source code view), download address: http://jd.benow.ca

It is also divided into two parts, one is the code decompilation tool, and the other is the resource decompilation tool.

Tools for code decompilation:

  • dex2jar and jd-gui : dex2jar converts the dex in the Android APK into a jar file, which can then be viewed using jd-gui and saved as a java file.

  • jadx : jadx is a very easy-to-use decompilation tool, but the original author has no longer maintained it. But it might as well be a classic tool.

Tools for decompiling resources:

  • APKTool : Use APKTool to extract layout images and other resources.

2. Decompilation process

1. First you need to get the decompiled software. The software you get is usually xxx.apk, but sometimes the software you get is xxx.apk and xxx.odex. The latter is the product of platform optimization. About xxx The merging of .apk and xxx.odex will be discussed in another article. After getting the complete apk, you can start the decompilation work.

2. Decompile resource files:

java -jar apktool_2.3.1.jar d -f KeyValueTest.apk -o KeyValueTest
  • After executing the above command, if no error is reported as follows, the decompilation is successful:
    Decompilation successful
  • Parameter Description:
    • -f If the target folder already exists, force the deletion of the existing folder (by default, decoding fails if the target folder already exists).
    • -o specifies the name of the decoding target folder (the name of the APK file is used by default to name the target folder).
    • -s does not decompile the dex file, which means that the classes.dex file will be retained (the dex file will be decoded into a smali file by default).
    • -r does not decompile resource files, which means that the resources.arsc file will be retained (resources.arsc will be decoded into specific resource files by default)
  • At this time, a KeyValueTest folder is generated under the current folder.
    File Directory
  • Below this folder are the decompiled resource files. We only need the res directory and the AndroidManifest.xml file.
    APKTool decompilation directory
    Compare layout:
    Compare layout
    Compare AndroidManifest.xml:
    Compare AndroidManifest
  • Through comparison, we found that the resource files decompiled by APKTool can be used directly!

3. Decompile code files:

  • Modify the suffix of the apk file to zip and then decompress it or decompress it directly to get the following file directory:
    Unzip the APK
  • What we are focusing on here is the classes.dex file. This file is similar to the bytecode file (.class) in Java, so we must first use dex2jar to decompile the .dex file into a jar file. The directory structure of the dex2jar file is as follows, of which d2j-dex2jar.bat is used.
    dex2jar directory
  • Put classes.dex into the folder. Under the current file path, enter d2j-dex2jar.bat classes.dex on the command line.
    dex2jar successful
  • Then generate the corresponding jar file:
    Generate jar
  • Use jd-gui to open it and find that there is an extra BuildConfig. This is the configuration file during compilation. Don’t worry about it.
    jd-gui open
  • In MainActivity, comparing the decompiled code with the source code, they are basically the same. In the resource reference, it is replaced by a number. This number can be replaced by searching in R.
    Decompiled code
    source code
    Resource ID found in R
    Resource ID
  • The code can be saved through the save function of jd-gui (Save All Source)

4. You can use dex2jar or jadx to decompile classes.dex. Compared with dex2jar, jadx is more convenient and faster. Just open jadx-gui.bat in the bin file and directly select the APK, although jadx can also be decompiled. Resource files, but sometimes inaccurate.
jadx
jadx interface

5. In summary, you can use APKTool+JADX or APKTool+dex2jar to decompile APK. It is recommended to use the former. There is an online decompilation website that uses JADX.
-> Go here <-

6. At this point, it can be concluded that without scrambling, you can basically get the code that is exactly the same as the source code. In the case of scrambling, it will be very difficult to read and will not be demonstrated here. Integrate the obtained res with AndroidManifest.xml and java files to get a code similar to the source code.

Reference articles cited: https://www.cnblogs.com/cj5785/p/9892978.html

3. Repackage signature (Mac environment)

To recompile is to execute the command in cmdapktool b test

After success, the build and dist directories will be generated in the test directory.

Stored in the build directory are the packaged dex files and resource files (the same as after decompression of the apk)

The repackaged apk file is stored in the dist directory.

Re-sign

Copy the signature file to the dist directory for easy operation

Enter the dist directory from the terminal and execute the command jarsigner -verbose -keystore [your_key_store_path] -signedjar [signed_apk_name] [usigned_apk_name] [your_key_store_alias] -digestalg SHA1 -sigalg MD5withRSA. Field description:

  • [your_key_store_path]: The absolute path to the location of the key
  • [signed_apk_name]: Signed installation package name
  • [usigned_apk_name]: Unsigned installation package name
  • [your_key_store_alias]: alias of the key

Because we put the secret key and test.apk in the same path, so the absolute path of the key location can be filled directly with testkey. macjenkinskey is the alias of my secret key, don’t get me wrong (evil.jpg)

Enter your password. If you can’t see what you entered, start signing.

After signing, you can see the signed apk in the dist directory.

Afterword

When decompiling, you can also change the extension name of test.apk to test.zip and extract it.

Copy classes.dex to the dex2jar-2.0 path

Enter the terminal into the dex2jar-2.0 path and execute the command./d2j-dex2jar.sh classes.dex

You can also get classes-dex2jar.jar

Decompile and then compile again, you can also get classes.dex, just under this path

The repackaging refers to the article of Tencent Cloud Community. You can use it as a reference. I would like to think about it. Decompilation is to allow developers to better learn from excellent technologies. It is not to crack other people's apk, add some illegal operations, and then Repackaged again.

Guess you like

Origin blog.csdn.net/weitao_666/article/details/97615961
Recommended
Ranking
error: (-215:Assertion failed) !_img.empty() in function ‘cv::imwrite‘
Database migration between Navicat servers
Minimum number of rotation of the array: Array
balenaEtcher for mac (make a boot disk software) v1.5.67
Custom processing serialization and deserialization in jackson
Mu-en-mask system development software
Mastering Regular Expressions
Find mileage Java--
Web pages can not directly concern the public micro-channel number how to do? A key to arouse public concern number of micro-channel solutions
[CodeForces - 739B] Alyona and a tree Tree + [difference] + bipartite
Daily
More
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)

Code World

© 2018 codetd.com