I got pretty tired of decompiling Android apps with a bunch of steps that I had to remember all the time. It involved a lot of apktool, dex2jar, and jd-gui; it still confuses me.
Further, even after these steps were complete (usually a combination of dex2jar and JD-GUI), I would be left with disparate sources of information; the decompiled Java would be over here in this directory, while the un-DEXed content would be somewhere else (Really bad for importing into Eclipse!)
I basically wanted to make this generate a tree and source as close as possible to what the original Android developer sees.
One thing that existing decompilers don't do is regenerate R references; this tool includes a script that makes an attempt to do this. Which gives you more insight when you're reading source code?
View v = inflater.inflate(217994357, container, false);
or
View v = inflater.inflate(R.layout.result_panel, container, false);
Now you can easily see and search for what resource is doing what, without needing to file-search R.java for some opaque int.
Note: This process relies on guesses and may lead to weird results, because the resource ints were inlined and opaque. You can check out the source code of rreassoc.py to see my matching heuristics and adjust them appropriately.
apk2gold is basically a small amount of original content (the R.* thing) and a script wrapping some excellent 3rd-party tools. It is designed to be easily installed and to get you the best results for Android app introspection as quickly as possible. The project stands on the shoulders of the following giants:
-
nviennot/jd-core-java (or technically my fork thereof, which actually builds under OSX ;) and by extension, JD
You'll need python2, git (for submodules), and mercurial (hg) for the sub-builds. Sorry!
Just run prepare.sh
There are different ways to acquire an APK, but the easiest is to just download it from the Play Store and use ES File Explorer to back up the APK (ES File Explorer -> "AppMgr" tab -> long click on app you want -> backup). The APK is now in the 'backups' directory on your SD card. Now you can just USB it over (I like to email it to myself from ES File Explorer itself). More depth can be found at this SO post.
Actually using my tool easy as pie! Just use:
apk2gold output-dir <target>.apk [apks..]
This will create a folder with the APK's name without '.apk' suffix. Everything is in there. There is also an additional directory you may not recognize, /smali
, which contains the Smali output from APKTool. It's just kept around for reference, in case JD did something bad. Load it up in Eclipse and have fun!
Note that the result will almost certainly not compile; that's not really the goal. We just want to get an idea of whats happening in the source code, check for malicious shit, etc.
It would be real cool to look for sections that JD bailed on decompiling and sub in the Smali code generated by apktool. That would be baller.