Android reader. apkdetailed description of the decompressed file, android.apk

Android reader. apkdetailed description of the decompressed file, android.apk

Decompilation-what can be obtained in the apk file?

Recently, android clients and servers are engaged in secure communication. There is a common insecure factor: Many software programs are often obtained from apk files or account information. What information can be obtained by decompiling a software package into an apk? Next we will decompile a simple demo-HelloWorld.

Open the generated helloworld.apk with the compression software and see the following files/directories:

Res stores all image files and xml files, that is, all resources under res in the eclipse project directory. The xml file is compressed and can be opened using AXMLPrinter2.

This is the AndroidManifest. xml decompiled.

How about it? Is it exactly the same as the source code?

The resources. arsc File Stores compiled binary resource files. Many Chinese software developers modify the resources in the file to implement software localization.

Classes. dex is a bytecode file compiled by java source code. However, because the dalvik Virtual Machine Used by Android is incompatible with the standard Java virtual machine, the. dex file is different from the. class file in both the file structure and opcode. Currently, common java decompilers cannot process dex files.

Dex2jar is a tool designed for decompiling. dex. It can decompile the. dex file into a. jar file. Then decompile the. jar file into the. java file using the JD-GUI tool.

This is the decompiled MainActivity. xml.

The source code is as follows:

Though the decompiled code is not very readable, it has almost no difference with the source code. If you directly put important information such as your account into java code during development, there will be no security.

After decompilation, the source code of the anroid project is completely exposed. Can I change an android software to what I want through decompilation? The answer is no, stored in the META-INF directory is the software signature information, used to ensure the integrity of the apk package and system security. During software installation, the application manager will verify the files in the package. If the verification information is different from the information in the META-INF directory, the system will refuse to install the software. In addition, professional programmers encapsulate important information in the. so library file, which cannot be decompiled.

Even so, it is enough to perform operations like Chinese on a software.