Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Is it possible to decompile an Android .apk file?

Are the users able to convert the apk file of my application back to the actual code? If they do - is there any way to prevent this?

like image 424
aryaxt Avatar asked Jun 26 '10 03:06

aryaxt


People also ask

Is it possible to decompile an APK?

Decompilation of APK file is possible. But it might be difficult to understand the code if it is obfuscated.

Is it possible to decompile an Android app?

Just like Java bytecode, Dalvik bytecode is easy to decompiled to Java language. It is very convenient to analyze an application, to find security issues, to understand the behaviour of the application,... On the other hand, it is not possible to decompile an Android app to Java, modify it and re-compile it.


2 Answers

First, an apk file is just a modified jar file. So the real question is can they decompile the dex files inside. The answer is sort of. There are already disassemblers, such as dedexer and smali. You can expect these to only get better, and theoretically it should eventually be possible to decompile to actual Java source (at least sometimes). See the previous question decompiling DEX into Java sourcecode.

What you should remember is obfuscation never works. Choose a good license and do your best to enforce it through the law. Don't waste time with unreliable technical measures.

like image 145
Matthew Flaschen Avatar answered Sep 25 '22 10:09

Matthew Flaschen


Decompilation of APK file is possible. But it might be difficult to understand the code if it is obfuscated.

Use Aapt (part of the Android SDK) or AXMLParser (from AndroGuard) to analyse and view info of an APK File

  • Retrieves the content of the AndroidManifest.xml file

  • Shows various information (e.g. permissions, activities, services, broadcast receivers, ...)

  • Command:

    Aapt

     aapt dump badging sampleApp.apk  aapt dump permissions sampleApp.apk  aapt dump xmltree sampleApp.apk 

    AXMLParser

     apkinfo sampleApp.apk 

Use ApkTool or NinjaDroid to disassemble and view the resources of an APK File

  • Disassembles the bytecode to smali/assembly

  • Extracts the AndroidManifest.xml, the CERT.RSA file and everything in res folder (layout xml files, images, htmls used on webview etc..)

  • Command:

    ApkTool

    apktool.bat d sampleApp.apk  java -jar apktool.jar -q decode -f sampleApp.apk -o myOutputDir 

    NinjaDroid

    ninjadroid MyApk.apk --all --extract myOutputDir/ 
  • NOTE: You can achieve something similar by using zip utility like 7-zip. But, these tools also extract the .smali files of all .class files.

Use dex2jar to decompile the DEX files of an APK File into Java code

  • Generates the .jar file from a .apk file (note that the Java code of Android apps is usually obfuscated)

  • Needs JD-GUI to view the source code from the output .jar file

  • Command:

    dex2jar sampleApp.apk  d2j-dex2jar.sh -f sampleApp.apk -o myOutputDir/sampleApp.jar 

Use JD-GUI to view the .jar file

  • Decompiles the .class files (obfuscated in a case of Android apps, but not in a case of other .jar files) and shows the corresponding Java code
like image 24
gtiwari333 Avatar answered Sep 23 '22 10:09

gtiwari333