This post is regarding Android Reverse engineering.
Reverse engineering :
Reverse engineering is taking apart an object to see how it works in order to duplicate or enhance the object. The practice, taken from older industries, is now frequently used in computer hardware and software. Software reverse engineering involves reversing a program’s machine code (the string of 0s and 1s that are sent to the logic processor) back into the source code that it was written in, using program language statements.
Reverse engineering is nothing but a process to extract knowledge or useful information from any product, whether it’s applied while rebuilding a bike or a car or any human-made product.
Android Reverse engineering :
Android Reverse engineering is a format used to package and distribute the android application. An APK file contains all of that program’s code (such as .dex files), resources, assets, certificates, and manifest file.
Tools For Reverse engineering apk :
Below are some of the tools are helps to perform reverse engineering.
Apktool
Dex2jar
Java decompiler
Apk Analyser
Apktool :
First, let’s know what is apk files. Apk’s are nothing more than a zip file containing resources and assembled java code. If you were to simply unzip an apk like so, you would be left with files such as classes.dex and resources.arsc. Every Apktool release contains internally the most up to date AOSP framework at the time of the release. This allows you to decode and build most apks without a problem.
Open a command prompt on location is which present this all.
Apktool d apk_filename.apk run this command
Now you can see one directory same name as apk_filename that is our original code.
How to defend against a Reverse Engineering :
Proguard makes your APK file as small as possible, it removes unused code and resources in your release build.
It optimises the bytecode, removes unused code instructions, and obfuscates the remaining classes, fields, and methods with short names. The obfuscated code makes your APK difficult to reverse engineer, which is especially valuable when your app uses security-sensitive features.
Use DexGuard, which can make reverse engineering even harder, like by encrypting strings, or detecting code tampering.
Hi, This post is regarding How to use burp suite with android mobile. Step 1: Open Settings and click Wi-Fi in your mobile. Step 2 : Click on Wi-Fi and Long press on your Connected Network (here TP-LICK_720C). Step 3 : Click on Modify network. Step 4 ...
Hey Everyone, In this post, we will be seeing about Drozer and how it can be used to pen-test the android application. So for that, we need following things: A mobile device/Emulator (Rooted preferred) and with debugging mode on. Drozer agent needed ...
Hi, This post is regarding VOOKI – RESTAPI Vulnerability Scanner. Before you learn about RESTAPI Vulnerability Scanner. You need to learn few things please read below. First, we learn about what is Web Service? WEB SERVICE: A web service is a ...
Hi, This post is regarding How to setup and use Mobile Security Framework(MobSF). Requirements : Python 2.7, Oracle JDK 1.7 or above. After this installation follows this steps. Step 1: Search Mobile Security Framework. Download this Files. Step 2: ...
Hi guys, today we are going to see the Insecure Data Storage from the OWASP Top 10 mobile. In this there we have few important storage type through which we face problems(vulnerabilities). The types are as follows SQL Databases. Log Files. XML Data ...