Android Reverse Engineering

Android Reverse Engineering

Hi,

This post is regarding Android Reverse engineering.




Reverse engineering :
Reverse engineering is taking apart an object to see how it works in order to duplicate or enhance the object. The practice, taken from older industries, is now frequently used in computer hardware and software. Software reverse engineering involves reversing a program’s machine code (the string of 0s and 1s that are sent to the logic processor) back into the source code that it was written in, using program language statements.

Reverse engineering is nothing but a process to extract knowledge or useful information from any product, whether it’s applied while rebuilding a bike or a car or any human-made product.

Android Reverse engineering :

Android Reverse engineering is a format used to package and distribute the android application. An APK file contains all of that program’s code (such as .dex files), resources, assets, certificates, and manifest file.

Tools For Reverse engineering apk :

Below are some of the tools are helps to perform reverse engineering.

  • Apktool
  • Dex2jar
  • Java decompiler
  • Apk Analyser
Apktool :

First, let’s know what is apk files. Apk’s are nothing more than a zip file containing resources and assembled java code. If you were to simply unzip an apk like so, you would be left with files such as classes.dex and resources.arsc. Every Apktool release contains internally the most up to date AOSP framework at the time of the release. This allows you to decode and build most apks without a problem.

Installation for Apktool and How to Use :
  1. Create a separate directory for this.
  2. Download https://raw.githubusercontent.com/iBotPeaches/Apktool/master/scripts/windows/apktool.bat this link on the same directory and save link as apktool.bat
  3. Download https://bitbucket.org/iBotPeaches/apktool/downloads/ this file on the same directory and change name as apktool.jar
  4. Download any apk file in the same directory.
  5. Open a command prompt on location is which present this all.
  6. Apktool d apk_filename.apk run this command
  7. Now you can see one directory same name as apk_filename that is our original code.


How to defend against a Reverse Engineering :
  • Proguard makes your APK file as small as possible, it removes unused code and resources in your release build.
  • It optimises the bytecode, removes unused code instructions, and obfuscates the remaining classes, fields, and methods with short names. The obfuscated code makes your APK difficult to reverse engineer, which is especially valuable when your app uses security-sensitive features.
  • Use DexGuard, which can make reverse engineering even harder, like by encrypting strings, or detecting code tampering.

    • Related Articles

    • How to use burp suite with android mobile

      Hi, This post is regarding How to use burp suite with android mobile. Step 1: Open Settings and click Wi-Fi in your mobile. Step 2 : Click on Wi-Fi and Long press on your Connected Network (here TP-LICK_720C). Step 3 : Click on Modify network. Step 4 ...
    • How to work with Drozer (Penetration Testing Tool Mobile)

      Hey Everyone, In this post, we will be seeing about Drozer and how it can be used to pen-test the android application. So for that, we need following things: A mobile device/Emulator (Rooted preferred) and with debugging mode on. Drozer agent needed ...
    • RESTAPI Vulnerability Scanner

      Hi, This post is regarding VOOKI – RESTAPI Vulnerability Scanner. Before you learn about RESTAPI Vulnerability Scanner. You need to learn few things please read below. First, we learn about what is Web Service? WEB SERVICE: A web service is a ...
    • How to setup and use Mobile Security Framework(MobSF)

      Hi, This post is regarding How to setup and use Mobile Security Framework(MobSF). Requirements : Python 2.7, Oracle JDK 1.7 or above. After this installation follows this steps. Step 1: Search Mobile Security Framework. Download this Files. Step 2: ...
    • Insecure Data Storage

      Hi guys, today we are going to see the Insecure Data Storage from the OWASP Top 10 mobile. In this there we have few important storage type through which we face problems(vulnerabilities). The types are as follows SQL Databases. Log Files. XML Data ...