How to decompile android apk to java source code

Because the Android code is hosted on the dalvik virtual machine, it is easy to decompile it into code that we can recognize.

Previously, I wrote an article to decompile the Android apk package to the smali file, re-compile the signature, and package it to implement the apk tampering function.

Recently there is another new method to implement classes directly from the Android apk package. dex file, decompile the dex code to java. class binary code, and then. if the class binary code is decompiled into the java source code, I don't need to talk about it.

The first tools we need are dex2jar and jd-gui.

The first tool, dex2jar, is used to set classex. dex files are the standard for converting dex binary code to java. class binary code, and then jd-gui sets the standard. the class binary code is decompiled into the java source code.

First, extract classes. dex from the apk package.

Put it in the dex2jar directory.

Then execute

Dex2jar. bat classes. dex

After successful execution, a classes. dex. dex2jar. jar file is generated.

This file is then opened with jd-gui, as shown in figure

Almost the same as the source code of the program I wrote myself

This decompilation method is mainly used for your study and research. If you have any questions, please contact me in an email.

I hope you will not use this method to engage in malicious activities. After all, it is not easy for others to write programs. Using this method, you can roughly learn the logic and architecture of programs written by others, hope to help you.

Experience of the Android reverse apk Program

This article describes how to reverse an Android APK application. The method provided in this article is only for research and learning.

The tools required in this article are:

Jdk is used to build a java Runtime Environment.

AXMLPrinter2.jar: Used to reverse the. xml file.

Baksmali. jar is used to reverse the classex. dex file.

Because the android.apk file is actually a zip file, it can be opened directly with winrar.

As shown in:

Open with rar we can see that the file is actually a zip package contains a META-INF folder, this folder is used to save the signature file, ensure the integrity of the package

The res folder contains the resource files used by the apk. They are all stored intact. We can extract them directly and read and modify the string file directly during Chinese conversion.

The AndroidManifest. xml file is a compiled configuration file used to declare the activity, service, and permissions contained in the program. Resources. arsc is a compiled resource description file, and the main concern is classes. dex. The Android program we compiled, all. java files in the source program, are finally compiled into such a. dex file and executed on the dalvik virtual machine on the Android mobile phone.

First, we will introduce how to reverse a. xml file.

Because the xml file in the apk is directly opened in notepad, there are still some garbled characters.

So we need to restore it to better understand it.

AXMLPrinter2.jar is required here.

Specifically, we use AndroidManifest. xml as an example to open the command line. Enter the following command:

Java-jar AXMLPrinter2.jar AndroidManifest. xml> AndroidManifest.txt

If you are interested, you can also write a. bat script for easy execution.

Let's look at the execution results.

AndroidManifest. xml file before execution

After the command is executed, let's take a look.

Copy codeThe Code is as follows: <? Xml version = "1.0" encoding = "UTF-8"?>
<Manifest
Xmlns: android = "http://schemas.android.com/apk/res/android"
Android: versionCode = "322"
Android: versionName = "ver 3.2.2"
Package = "com. eoeandroid. wallpapers. christmas"
>
<Application
Android: label = "@ 7F040000"
Android: icon = "@ 7F020004"
>
<Activity
Android: label = "@ 7F040001"
Android: name = ". Main"
>
<Intent-filter
>
<Action
Android: name = "android. intent. action. MAIN"
>
</Action>
<Category
Android: name = "android. intent. category. LAUNCHER"
>
</Category>
</Intent-filter>
</Activity>
<Service
Android: name = ". service. SyncDeviceInfosService"
>
</Service>
<Meta-data
Android: name = "com. mobclix. APPLICATION_ID"
Android: value = "30c0e2bb-a878-43cb-830b-a39fcae33b0c"
>
</Meta-data>
</Application>
<Uses-sdk
Android: minSdkVersion = "3"
>
</Uses-sdk>
<Uses-permission
Android: name = "android. permission. INTERNET"
>
</Uses-permission>
<Uses-permission
Android: name = "android. permission. SET_WALLPAPER"
>
</Uses-permission>
<Uses-permission
Android: name = "android. permission. WRITE_EXTERNAL_STORAGE"
>
</Uses-permission>
<Uses-permission
Android: name = "android. permission. ACCESS_NETWORK_STATE"
>
</Uses-permission>
<Uses-permission
Android: name = "android. permission. READ_PHONE_STATE"
>
</Uses-permission>
<Uses-permission
Android: name = "android. permission. ACCESS_NETWORK_STATE"
>
</Uses-permission>
</Manifest>

Basically the same as the source program

Here I take an eoe wallpaper program as an example.

Next, you must be more concerned about the inverse of classes. dex.

This is actually very similar to the previous one.

Using the baksmali. jar tool, a foreign expert on Android has done a lot of research.

Execute Code

Java-jar baksmali. jar-o classout/classes. dex

Classes. dex can be reversed into a folder

Here I can take a picture to show you.

Open one of the files. Let's continue.

Do you think this code is very friendly? From this code, we can roughly infer some structure processes of the source program for reference. This article is only for research and study purposes. You are welcome to discuss it with me.