Ok, so this article has been a long time coming.
One of my pastimes is reverse engineering Android applications, just to see “what makes them tick”. In this article, in order to really drive this home, I will reverse engineer the popular “Angry Birds” application.
Due to time constraints and basic laziness, I went for the first APK I could find – Angry Birds in Space.
Also, before anyone asks, in the following article I will NOT be releasing the Angry Birds source code. I simply am using it as a demo
First off, you will want to have the Unix “unzip” utility installed. We will be using this to unpack the .apk file.
Second, grab the following pieces of software:
dex2jar – http://code.google.com/p/dex2jar/ – for converting the .dex file into a .jar file
and
jd-gui – http://java.decompiler.free.fr/?q=jdgui – For decompiling the (.jar) Java file into its (.java) source code
dex2jar – http://code.google.com/p/dex2jar/ – for converting the .dex file into a .jar file
and
jd-gui – http://java.decompiler.free.fr/?q=jdgui – For decompiling the (.jar) Java file into its (.java) source code
Now, the idea behind this article is NOT to teach you to crack apps. Instead, this is the skillset needed to reverse engineer Android Malware – as seen in my previous post – http://insecurety.net/?p=637
So. You have your .apk file, the first thing we do is use the GNU Unzip utility to unpackage it!
$ unzip Angry_Birds_Space_Premium_1.3.0.apk
Next, use the d2j-dex2jar.sh utility from dex2jar to convert classes.dex to a JAR file.
$ ./dex2jar-0.0.9.9/d2j-dex2jar.sh classes.dex
Screenshot of the above 2 steps (I piped output to /dev/null to avoid MASSIVE SPAM OF DATA)
Next, we simply open the .JAR file using jd-gui.
Finally we can simply export the source code from jd-gui for our viewing, and editing pleasure
So. In conclusion
- Android applications are trivial to reverse engineer
- Software for decompiling them is readily available
- Fun times
0 comments:
Post a Comment