728x90 AdSpace

.
Latest News

Extract Android apk from Market and Decompile it to Java Source

This post talks about process of extracting apk file of any app available in market and then decompiling it to Java source. This can be helpful for those who perform code review (for security vulnerabilities) on apps whose source code is not available. Once Java source code is obtained, we can either do manual code review or run any free/commercial automated code scanners.

Download .apk file from market

  1. Search in market for the app you want to decompile and install it on your phone.
  2. Install Astro File Manager from market (link). Open Astro > Tools > Application Manager/Backup and select the application to backup on to the SD card .
  3. Mount phone as USB drive and access '\backups\apps\' folder to find the apk of target app (lets call it targetapp.apk) . Copy it to your local drive.

Decomiling apk to Dex format

  1. Download Dex2Jar (link) (Android runs applications which are in Dalvik Executable (.dex) format).
  2. Run the command to convert apk to jar
dex2jar targetapp.apk file(./dex2jar targetapp.apk on terminal)
File ‘targetapp.apk.dex2jar.jar’ is created
Converting Apk (Dex) to Jar

Viewing/Decompiling the Jar files to Java

Method 1 : Use JavaDecompiler (JD)

  1. Open ‘targetapp.apk.dex2jar.jar’ with jd-gui (link)
  2. File > Save All Sources to sava the class files in jar to java files.
JD GUI Viewer

Method 2: JAD

  1. Extract contents of jar file on to a folder named src. Use and unarchival utility like 7zip
  2. Keep ‘src’ folder in the same directory where JAD and targetapp jar is present
  3. Open JAD in cmd and execute the following command
  4. jad -o -r -sjava -dsrc src/**/*.class (./jad on terminal)
Extract jar contents to src folder
Running jad command
Now src will contain decompiled Java files ready for manual code review.
Decompiled java files

Tools Used

  1. Sample app – RemoteDroid (Opensource – link)
  2. Astro File Manager (Android Market – link)
  3. Dex2Jar (link)
  4. jd-gui (link)
  5. JAD (link)
Dex2Jar Info
App NameDex2Jar
Licensefree
Type
  • portable
  • code
App URLDownload
More Infolink
  • Blogger Comments
  • Facebook Comments

1 comments:

  1. **HACKING TOOLS WITH TUTORIALS & FULLZ AVAILABLE**
    (High Quality, Genuine Seller)

    =>Contact 24/7<=
    Telegram> @leadsupplier
    ICQ> 752822040
    Email> exploit.tools4u@gmail.com

    Fullz info included
    NAME+SSN+DOB+DL+DL-STATE+ADDRESS
    Employee & Bank details included
    High credit fullz with DL 700+
    (bulk order negotiable)
    **Payment in all crypto currencies will be accepted**

    ->You can buy few for testing
    ->Invalid or wrong info will be replaced
    ->Serious buyers needed for long term

    TOOLS & TUTORIALS AVAILABLE FOR:

    "SPAMMING" "HACKING" "CARDING" "CASH OUT"
    "KALI LINUX" "BLOCKCHAIN BLUE PRINTS"

    **TOOLS & TUTORIALS LIST**

    ->Ethical Hacking Tools & Tutorials
    ->Kali Linux
    ->Keylogger & Keystroke Logger
    ->Facebook & Google Hacking
    ->Bitcoin Flasher
    ->SQL Injector
    ->Paypal Logins
    ->Bitcoin Cracker
    ->SMTP Linux Root
    ->DUMPS with pins track 1 and 2
    ->SMTP's, Safe Socks, Rdp's brute, VPN
    ->Php mailer
    ->SMS Sender & Email Blaster
    ->Cpanel
    ->Server I.P's & Proxies
    ->Viruses
    ->Premium Accounts (netflix cracker, paypal logins, pornhub, amazon)
    ->HQ Email Combo

    If you are searching for a valid vendor, it's very prime chance.
    You'll never be disappointed.
    **You should try at least once**

    Telegram> @leadsupplier
    ICQ> 752822040
    Email> exploit.tools4u@gmail.com

    ReplyDelete

Item Reviewed: Extract Android apk from Market and Decompile it to Java Source Rating: 5 Reviewed By: Unknown