We covered the first part of Android applications reverse engineering basics where we discussed file format of Android applications, the goals of Android reverse engineering and the tools used such as apktool, Jadx and Ghidra. We analyzed a sample Android app built using React Native framework and analyzed its core logic to extract credentials.
Windows Active Directory Penetration Testing Study Notes
Definition of Android Reverse Engineering
When reverse engineering an Android application, the compiled code and resources are usually broken down into a human-readable format using specialized tools. As we go through this blog article, we’ll talk about the different tools that are out there and how to use them to identify hardcoded data and possibly even static application vulnerabilities.
This can be a difficult procedure because it necessitates a certain amount of Java knowledge and Android app development experience. Nonetheless, the majority of Android apps can be effectively reverse engineered with the correct resources and knowledge.
Android Reverse Engineering Tools
- APKtool: An effective tool for APK file reverse engineering. It can reconstruct application resources after modifying the code, decoding them to almost their original state.
- JADX: This program can decompile DEX (Dalvik Executable) files and translate them into understandable Java source code using both a command-line and graphical interface.
- Dex2jar and JD-GUI: With the aid of the utility dex2jar, DEX files can be converted to Java JAR files, which can then be viewed using the Java source code viewer JD-GUI.
- Radare2 (also known as “r2”): This is an open-source, free reverse engineering framework that may be used to decompile, alter, and examine Android apps..
- Strings: a straightforward tool that takes a binary file and extracts and shows readable strings from it. It is a useful tool for reverse-engineering Android programs and can extract strings from Android APK files.
APKtool vs Jadx
Reverse engineering makes use of these instruments. Java source code is provided by Jadx, and Dalvik bytecode is extracted using Apktool. Further details regarding the Android operating system are available here. Launch Android Studio, make two text views, and then use the onCreate method to set their values.
Android Reverse Engineering Methodology
The AndroidManifest.xml file is where we should begin our investigation since it has all the important details about our APK.
What components it has, what permissions it needs, and more.
For the program to operate correctly, the Android OS needs that file to provide the necessary information.
Since decompiled Java code is easier to comprehend, we will prefer to analyze it when reverse engineering DEX bytecode.
Having said that, the decompilation method may frequently fail to decompile essential functionality code.
Native code is utilized by a lot of Android apps.
Because native code is written in C/C++, it is compiled for a particular computer architecture.
While malware writers use it to: (1) achieve stealth; and (2) make the code more difficult to study since it demands assembly and reverse engineering abilities, developers utilize it for optimization considerations.
We would utilize disassembly tools like Ghidra or IDA Pro to analyze Native code.
Check out the video below for detailed explanation.
Video Walkthrough