Kategorien
RevEng

Patching APK’s

Ever run into a situation where you can no longer use an older version of an app because it forces you to update? Or the app tries to take money from for unlocking an already built-in but inaccessible „premium feature“?

Patching APK’s consists of these steps:

  1. Unpacking the APK: apktool d -r some.apk -o output_dir
  2. Patching the smali byte-code: Remove or change using your favorite editor
  3. Packing the code back to an APK: apktool b output_dir -o modded.apk
  4. Signing the new APK:
    1. Create key (only needed once): keytool -genkey -v -keystore key.keystore -alias robocoffee -keyalg RSA -keysize 2048 -validity 10000
    2. Sign with key: jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore key.keystore modded.apk robocoffee ~/Android/Sdk/build-tools/<version>/apksigner sign --ks key.keystore modded.apk
  5. Install new APK: adb install modded.apk
Kategorien
RevEng

Decompiling APK’s

You can decompile even minified / obfuscated APK’s using one of these tools (I prefer the latter). Why would you want to do that? For example, when you like a feature in an App and reverse-engineer how it’s done.

Decompile into Java source code using Procryon:

  1. apktool d -s some.apk -o output_dir
  2. dex2jar output_dir/classes.dex
  3. procyon-decompiler classes-dex2jar.jar -o decompiled_dir

Or alternatively, one tool to rule them all: jadx --deobf some.apk

In my opinion JADX with the built-in deobfuscator gives the most readable results. Note however that some blocks might now be decompiled in either case, leaving you no other option but to read nasty byte-code.