Tools used in Android app reverse engineering

Android apps can be written using Kotlin, Java, and C++ languages. The Android SDK tools compile source code along with any data and resource files into an APK, an Android package, which is an archive file with an .apk suffix. One APK file contains all the contents of an Android app and is the file that Android-powered devices use to install the app. Developers use Android Studio to create Android applications using Kotlin, Java or C++ languages.

Android Studio provides a unified environment to develop apps for Android phones, tablets, Android Wear, Android TV and Android Auto. It is the official Integrated Development Environment (IDE) for android app development based on IntelliJ IDEA. You can learn more about Android studio features from Android Developer Website.

Developers spend a lot of time developing Android apps. Android is an open-source project, developers can simply browse the documentation when they need to implement a functionality. However, if the developer wants to examine an existing application to learn the behaviour or security of the application, the solution is to use various open-source tools to reverse engineer the application.

Android Debug Bridge (ADB) is a versatile command-line tool that lets you communicate with a device. The adb command facilitates a variety of device actions, such as installing and debugging apps, and it provides access to a Unix shell that you can use to run a variety of commands on a device.

adb is included in the Android SDK Platform-Tools package. You can download this package with the SDK Manager, which installs it at android_sdk/platform-tools/. Or if you want the standalone Android SDK Platform-Tools package, you can download it here. Make sure your path is set correctly.

You can list all the connected devices using the following command. Make sure to start an emulator or Android device using USB debugging.

adb devices

You can use the following command to list all the applications installed in the device.

adb shell pm list packages [options] <FILTER>

To get the APK file from the device or emulator determine the package name of the app, e.g. "com.example.app". Skip this step if you already know the package name.

Look through the list of package names and find the app package that you want to pull from the device or emulator. This is usually easy, but note that the package name can be completely unrelated to the app name. If you can't recognize the app from the list of package names, try finding the app in Google Play using a browser. The URL for an app in Google Play contains the package name.

Get the full path name of the APK file for the desired package using the following command.

adb shell pm path <package name>

Pull the APK file from the Android device to the development environment.

adb pull <package path> <destination path>

The APK file will be copied to the specified location. If you download an APK file from the internet, beware of TOC and malware embedded with legit applications.

AAPT (Android Asset Packaging Tool) is a great tool to help you view, create, and update your APKs (as well as zip and jar files). AAPT tool is included in the Android SDK. I could find this tool at the following location.

C:\Users\Isuru\AppData\Local\Android\sdk\build-tools\26.0.2

If you need to validate the App Id, Version Code, Version Number, SDK Info, Permissions, and so on, you can run the following command.

aapt dump badging <path to apk file>

If you want to check the strings resources, you can use the following command.

aapt dump strings <path to the apk file>

To view a binary XML file you can use the following command.

aapt dump xmltree <path to the apk file> <AndroidManifest.xml>

You can use aapt tool to verify what permissions are set in the app. You can use the following command to view all the permissions specified in the AndroidManifest.xml file.

aapt dump permissions <path to the apk file>

An APK file is an archive that usually contains the following files and directories. You can use compression tools such as WinZip.

Apktool is used for reverse engineering 3rd party, closed, binary Android apps. It can decode resources to nearly original form and rebuild them after making some modifications. You can learn how to use the tool by reading the documentation.

Androguard is a collection of useful tools developed using Python programming language. This tool can be used to reverse engineering, malware and goodware analysis of Android applications.

ClassyShark is a standalone binary inspection tool for Android developers. It can reliably browse any Android executable and show important info such as class interfaces and members, dex counts and dependencies. ClassyShark supports multiple formats including libraries (.dex, .aar, .so), executables (.apk, .jar, .class) and all Android binary XMLs: AndroidManifest, resources, layouts etc.

Radare is a portable reversing framework that can disassemble (and assemble for) many different architectures. It runs on Linux, *BSD, Windows, OSX, Android, iOS, Solaris and Haiku. It can be used to perform forensics on filesystems and data carving.

Santoku Linux is a Linux distribution that is dedicated to mobile forensics, analysis, and security, and packaged in an easy to use, Open Source platform. It is a bootable Lubuntu based Linux distribution.

IDA is a Windows, Linux or Mac OS X hosted multi-processor disassembler and debugger that offers so many features it is hard to describe them all. IDA is a commercial product.

JEB is a modular reverse engineering platform for professionals. Its extensible nature allows reverse engineers to perform disassembly, decompilation, debugging, and analysis of code and document files, manually or as part of an analysis pipeline. JEB 2 is a commercial product.

There are many tools involved in the reverse engineering. If you use a tool that is not included in this post, please comment it.