Decompiling Android applications

Decompiling Android apps

• quick overview of the compilation process!

• tools for decompiling!

• approach and overview of the results!

• how does proguard fit in the game?

!

!

!

!

!

• Android compilation process [1]

Resource code

generation

Interface code

generation

Java compilation

Byte code conversion

Packaging

Application signing

Package optimization

Resource / Interface code generation

• inputs: AndroidManifest.xml, drawables, values, strings, styles …!

• outputs: R.java!

• .aidl files are converted to Java interfaces

Application resources

R.java Application source code

.aidl files

Java Interfacesaapt aidl

Java compilation / Byte code conversion

• annotation processing and code generation (apt)!

• *.java -> *.class (javac)!

• all *.class files -> .dex file (dex)!

• this includes .class files from .jar and .aar libs!

• in some cases there are more .dex files

R.java Application source code

Java Interfaces

apt

Generated source code

javac

.class files

Android bytecode

• Android uses a modified JVM called Dalvik!

• multiple classes are bundled into a single .dex file!

• fun fact: .dex has a limit of total 65k methods in all classes

.class files

dex

.dex files

Packaging

• resources compiled with aapt!

• .dex files!

• other resources from “src/main/resources” folder!

• result: unsigned and unoptimized .apk file

.dex files

Application resources

aapt

apkbuilderCompiled resources

Other resources

.apk package

Signing / optimization

• .apk package is signed with a keystore (jarsigner)!

• package is optimized (zipalign)

jarsigner

.apk package keystore

Signed .apk package

zipalign

Signed and optimized.apk

Tools - Bytecode viewer [3]

• everything you need for decompiling in one tool!

• doesn’t have a way to extract resources!

• make sure you give it some time after it’s started before decompiling anything (about 20s), otherwise it will just freeze

Other tools

• JD-GUI - .jar decompiler with GUI!

• dex2jar - name says it all!

• android-apktool!

• unpackages .apk archive!

• useful for extracting manifest and resources

Decompilation result

Package files• .apk, .aar and .jar packages are actually .zip files!

• in order to access manifest and all resources from .apk use android-apktool!

• .aar contains .jar archive along with resources and manifest!

• .jar package is a .zip file containing bytecode in separate .class files

How to protect your code?• use Proguard!

• adds an additional step after byte code generation!

• removes unused code!

• renames classes, fields, methods with obscure names!

• smaller .apk file!

• harder to reverse engineer

Byte code conversion

Packaging

Code obfuscation

Enabling proguard

• just a quick reminder:!

• set minifyEnabled to true!

• create proguard rules file

Proguard example

Conclusion

• to decompile code use Bytecode viewer!

• to extract resources from .apk use android-apktools!

• use proguard to protect your code and make it harder to obfuscate

References

• [1] http://www.herongyang.com/Android/Project-Android-Application-Project-Build-Process.html!

• [2] https://developer.android.com/tools/building/index.html!

• [3] https://github.com/konloch/bytecode-viewer!

• [4] https://code.google.com/p/android-apktool/

Contact

• @kustivan!

• https://github.com/ikust