Decompile-What to get in the APK file
Recently in doing Android client and server secure communication, there is a common insecurity factor: Many software is often taken from the APK file or account information. What information can be obtained by anti-compilation of a software packaged as an APK? Let's try to decompile a simple demo--helloworld.
The generated helloworld.apk will be opened using the compression software and see the following files/directories
- Meta-inf
- Res
- Androidmanifest.xml
- Classes.dex
- Resources.arsc
The res contains all the picture files and XML files, which are all the resources under RES in the Eclipse Engineering directory. The XML file here is compressed and can be opened with the AXMLPrinter2 tool.
This is an anti-compilation androidmanifest.xml.
What, is it the same as the source code?
RESOURCES.ARSC files are stored in the compiled binary resource files, many of the Chinese software is to modify the resources within the file to achieve the software of the Chinese.
Classes.dex is a bytecode file generated by Java source Code compilation. However, because the Dalvik virtual machine used by Android is incompatible with the standard Java virtual machine, the. dex file is not the same as the file structure or opcode, compared to the. class file. None of the common Java Anti-compilation tools currently work with Dex files.
Dex2jar is a tool developed specifically for anti-compilation. Dex, which can decompile. dex files into a. jar file. Then use the Jd-gui tool to decompile the. jar file into a. java file.
This is an anti-compilation mainactivity.xml.
Here is the source code:
The anti-compilation code is not very readable, but it's almost no different from the source. If you put important information such as your account in the Java code directly in the development, there is no security whatsoever.
After the anti-compilation, the source code of the Anroid project is completely exposed, is it possible to reverse the compilation of an Android software to the look you want? The answer is no, in the Meta-inf directory is stored in the software's signature information, to ensure the integrity of the APK package and system security. When the software is installed, the application manager verifies the files in the package, and if the checksum information is not the same as the information in the Meta-inf directory, the system will refuse to install the software. In addition, a professional programmer will encapsulate important information into the. So library file, which cannot be deserialized.
Even so, it's enough to do something like Chinese for a software.
Android decoding. APK Decompression File Detailed description