Quick Demo on Reverse Engineering Android App

Quick Demo on Reverse Engineering Android App

For demo, debug version of DIVA (Damn insecure and vulnerable App) is used as the target Android App and Kali Linux is used as the tooling platform.

Download debug version of DIVA

  1. Visit the DIVA download page at DIVA download page and go to the section “Where can I get Diva?
    20170627-01
  2. Capture the download link and download the file by wget.

    wget http://payatu.com/wp-content/uploads/2016/01/diva-beta.tar.gz

    Then, extract “diva-beta.tar.gz”

    tar xvzf diva-beta.tar.gz

    20170627-02

What is APK?

  1. Android Package Kit (APK) is the package file format used by the Android operating system for distribution and installation of mobile apps and middleware. It is a type of archive file, specifically in zip format packages.
    20170627-03
  2. But, the containing files can’t be just simply unzipped to obtain their original forms.
  3. classes.dex is the Dalvik (virtual machine in Google’s Android operating system) Bytecode of the APK file. dex2jar could be used to convert Dalvik Bytecode (DEX) to Java Bytecode (JAR). JD-GUI could be used to display Java source codes with a friendly GUI.
  4. apktool could be used to decode resources (e.g. xml files) within APK file to nearly original forms.
    20170627-04
    But, for ease of reverse-engineering (decompiling/editing) & recompiling of android application binaries within a single user-interface, APK Studio will be used. It is a cross-platform IDE with a friendly IDE like layout, with a code editor which supports syntax highlighting for Android SMALI (*.smali) code files.

Convert the APK into Java source code for detail review

  1. Extract the classes.dex from APK

    unzip diva-beta.apk classes.dex

    20170627-05

  2. Convert Dalvik Bytecode (DEX) into Java Bytecode (JAR)

    d2j-dex2jar classes.dex

    20170627-06

  3. (Skip this step, if JD-GUI has been installed already) Download JD-GUI installation package and install it

    wget https://github.com/java-decompiler/jd-gui/releases/download/v1.4.0/jd-gui_1.4.0-0_all.deb

    dpkg -i jd-gui_1.4.0-0_all.deb

    20170627-07

  4. Open classes-dex2jar.jar by JD-GUI

    java -jar /opt/jd-gui/jd-gui.jar /root/classes-dex2jar.jar

    20170627-08

Decode APK resources and SMALI code editing (decompile -> edit -> recompile)

  1. (Skip this step, if APK Studio has been installed already)
    Install the android adb

    sudo apt-get install android-tools-adb

    Download the source of APK Studio from APK studio official website
    20170627-10
    Change the download executable “apkstudio-d49d3de-linux.run” and run

    chmod +x apkstudio-d49d3de-linux.run

    ./apkstudio-d49d3de-linux.run

    20170627-11
    20170627-12
    20170627-13

  2. Open APK Studio and open the APK file

    /opt/apkstudio/apkstudio

    20170627-14

  3. Review and edit the XML and SMALI code
    20170627-15
    (Sign and export APK will not be discussed here, that should be simple.)

Conclusion

  • Converted Java source code is good for understanding the detail program structure (assume code obfuscation is not implemented)
  • SMALI code is good for quick edit (by making reference to Java source code)

Thanks for reading!

Best regards
Henry

Author: Henry HON

Cyber Security Professional

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s