CLI tool for decompiling Android apps to Java. It does resources! It does Java! Its real easy!

Overview

Easy-as-pie Android Decompiler

Why

One stop shop

I got pretty tired of decompiling Android apps with a bunch of steps that I had to remember all the time. It involved a lot of apktool, dex2jar, and jd-gui; it still confuses me.

Collocation of source files

Further, even after these steps were complete (usually a combination of dex2jar and JD-GUI), I would be left with disparate sources of information; the decompiled Java would be over here in this directory, while the un-DEXed content would be somewhere else (Really bad for importing into Eclipse!)

I basically wanted to make this generate a tree and source as close as possible to what the original Android developer sees.

Regeneration of R.* References

One thing that existing decompilers don't do is regenerate R references; this tool includes a script that makes an attempt to do this. Which gives you more insight when you're reading source code?
View v = inflater.inflate(217994357, container, false);
or
View v = inflater.inflate(R.layout.result_panel, container, false);

Now you can easily see and search for what resource is doing what, without needing to file-search R.java for some opaque int.

Note: This process relies on guesses and may lead to weird results, because the resource ints were inlined and opaque. You can check out the source code of rreassoc.py to see my matching heuristics and adjust them appropriately.

What

apk2gold is basically a small amount of original content (the R.* thing) and a script wrapping some excellent 3rd-party tools. It is designed to be easily installed and to get you the best results for Android app introspection as quickly as possible. The project stands on the shoulders of the following giants:

Installation

Dependencies

You'll need python, git (for submodules), mercurial (hg) for the sub-builds, and maven (mvn) for jd-cli. Sorry!

Installing

Just run make.sh

Usage

Getting the APK

There are different ways to acquire an APK, but the easiest is to just download it from the Play Store and use ES File Explorer to back up the APK (ES File Explorer -> "AppMgr" tab -> long click on app you want -> backup). The APK is now in the 'backups' directory on your SD card. Now you can just USB it over (I like to email it to myself from ES File Explorer itself). More depth can be found at this SO post.

Decompiling

Actually using my tool easy as pie! Just use:
apk2gold <target>.apk

Looking at the result

This will create a folder with the APK's name without '.apk' suffix. Everything is in there. There is also an additional directory you may not recognize, /.smali, which contains the Smali output from APKTool. It's just kept around for reference, in case JD did something bad. Load it up in Eclipse and have fun!
Note that the result will almost certainly not compile; that's not really the goal. We just want to get an idea of whats happening in the source code, check for malicious shit, etc.

You know what would be cool?

It would be real cool to look for sections that JD bailed on decompiling and sub in the Smali code generated by apktool. That would be baller.

Comments
  • apk2gold problem

    apk2gold problem

    I'm in a little over my head. I just want to decompile an apk to find a short string of characters that will start with an asterisk.

    I've found some other instructions on how to install apk2gold on ubuntu and it appears to be installed, but, I get a command not found error and I can't find the directory apk2gold that was created.

    I am running linux mint15 and I have installed python, git, mercurial,jdk and jdk devel using the package manager. Then I ran:

    git clone https://github.com/lxdvs/apk2gold.git cd apk2gold git submodule init git submodule update ./make.sh

    When I do:

    apk2gold # dir

    I get:

    apk2gold apktool dex2jar-0.0.9.12 jd-cli linux make.sh osx README.md rreassoc.py

    but when I look for this directory (apk2gold) with my file manager so I can put my apk file there as well I can't find it.

    when I try to run it I get this:

    apk2gold # apk2gold FP.apk apk2gold: command not found

    or as root

    apk2gold FP.apk

    apk2gold: command not found

    opened by muttleytm 4
  • Needs maven for building

    Needs maven for building

    Pretty obvious from running ./make.sh, which gives this output:

    Submodule 'jd-cli' (https://github.com/lxdvs/jd-core-java.git) registered for path 'jd-cli'
    Cloning into 'jd-cli'...
    remote: Counting objects: 91, done.
    remote: Compressing objects: 100% (64/64), done.
    remote: Total 91 (delta 14), reused 91 (delta 14)
    Unpacking objects: 100% (91/91), done.
    Checking connectivity... done.
    Submodule path 'jd-cli': checked out '560a13172520454c904a7b2ee6920cf144b92d11'
    mvn package
    make: mvn: No such file or directory
    make: *** [target/jd-core-java-1.0.jar] Error 1
    

    But I just figured the documentation should mention it.

    opened by Groxx 1
  • Merge jd-core-java bug fix

    Merge jd-core-java bug fix

    Recently I sent pull request to the original jd-core-java repository: nviennot/jd-core-java#3 This PR fixed the issue on the case-insensitive file system like OS X. Originally, jd-core-java did not consider case-insensitive file system, decompiled class A could overwrite existing decompiled a class.

    Can you merge this change into your fork as well? I believe this would be helpful to apk2gold users including me.

    opened by thorikawa 1
  • Apktool: Could not decode arsc file

    Apktool: Could not decode arsc file

    The API 21 build tools generate a differently formatted apk. Apktool needs to be updated.

    I can reproduce the issue with new projects created with android studio and also this apk: http://www.apkmirror.com/apk/google-inc/gmail/gmail-5-0-1566562-apk/

    opened by adipascu 0
  • Error

    Error

    fatal: Not a git repository (or any of the parent directories): .git [INFO] Scanning for projects... [INFO] ------------------------------------------------------------------------ [INFO] BUILD FAILURE [INFO] ------------------------------------------------------------------------ [INFO] Total time: 0.173 s [INFO] Finished at: 2016-05-26T18:43:38+05:30 [INFO] Final Memory: 7M/309M [INFO] ------------------------------------------------------------------------ [ERROR] The goal you specified requires a project to execute but there is no POM in this directory (/Users/demo/Desktop/apk2gold-master/jd-cmd). Please verify you invoked Maven from the correct directory. -> [Help 1] [ERROR] [ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch. [ERROR] Re-run Maven using the -X switch to enable full debug logging. [ERROR] [ERROR] For more information about the errors and possible solutions, please read the following articles: [ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MissingProjectException cp: jd-cli/target/jd-cli.jar: No such file or directory /Users/demo/Desktop/apk2gold-master

    opened by Murthysagi 2
  • apktool is out of date

    apktool is out of date

    I was just using this tool to decompile an apk, and the version of apktool you've got included (2.0.0RC2) blows up with a null pointer exception.

    When I substituted apktool 2.1.0, it worked beautifully!

    opened by epitron 0
Owner
Alex Davis
Alex Davis
enjarify 8.6 0.0 L5 Python Enjarify is a tool for translating Dalvik bytecode to equivalent Java bytecode. This allows Java analysis tools to analyze Android applications.

Note: This repository may be out of date. Future development will occur at https://github.com/Storyyeller/enjarify. Introduction Enjarify is a tool fo

Google 2.7k Jan 8, 2023
A collection of android security related resources

android-security-awesome A collection of android security related resources. Tools Academic/Research/Publications/Books Exploits/Vulnerabilities/Bugs

Ashish Bhatia 6.6k Jan 5, 2023
A simple android app that parses its own signature and displays it

SigDisplayer Usage Download the release APK or clone the repository and compile yourself. Sign the APK with your preferred keystore. Install and open

Jonah 5 Oct 18, 2022
Native Device security checks, Rooted/Jailbroken, Not real device, Developer mode is on, On external drive.

palestine_trusted_device Native Device security checks, Rooted/Jailbroken, Not real device, Developer mode is on, On external drive. Part of Palestine

Palestine Developers 3 Apr 19, 2022
A program analysis tool to find cryptographic misuse in Java and Android.

A program analysis tool to find cryptographic misuse in Java and Android.

null 92 Dec 15, 2022
CRYLOGGER: Detecting Crypto Misuses for Android and Java Apps Dynamically

CRYLOGGER: Detecting Crypto Misuses for Android and Java Apps Dynamically

Luca Piccolboni 139 Dec 12, 2022
BlackDex is an Android unpack tool, it supports Android 5.0~12 and need not rely to any environment. BlackDex can run on any Android mobile phones or emulators, you can unpack APK File in several seconds.

BlackDex is an Android unpack tool, it supports Android 5.0~12 and need not rely to any environment. BlackDex can run on any Android mobile phones or emulators, you can unpack APK File in several seconds.

null 4.3k Jan 2, 2023
A tool translate a apk file to stantard android project include so hook api and il2cpp c++ scaffolding when apk is a unity il2cpp game. Write code on a apk file elegantly.

FakerAndroid (FakerAndroid.jar or FakerAndroid-AS) A tool translate a apk file to stantard android project include so hook api and il2cpp c++ scaffold

null 231 Dec 29, 2022
PermissionX is an extension Android library that makes Android runtime permission request extremely easy

PermissionX is an extension Android library that makes Android runtime permission request extremely easy. You can use it for basic pe

Lin Guo 2.9k Dec 28, 2022
ZRoot is a library that makes it easy to use root on Android, such as calling system service with root privilege.

ZRoot is a library that makes it easy to use root on Android, such as calling system service with root privilege. Usage See sample or user guide

null 2 Nov 26, 2021
Easy to use cryptographic framework for data protection: secure messaging with forward secrecy and secure data storage. Has unified APIs across 14 platforms.

Themis provides strong, usable cryptography for busy people General purpose cryptographic library for storage and messaging for iOS (Swift, Obj-C), An

Cossack Labs 1.6k Dec 29, 2022
Signal Protocol library for Java/Android

Overview A ratcheting forward secrecy protocol that works in synchronous and asynchronous messaging environments. PreKeys This protocol uses a concept

Signal 1.8k Dec 24, 2022
Grab’n Run, a simple and effective Java Library for Android projects to secure dynamic code loading.

Grab’n Run, a simple and effective Java Library for Android projects to secure dynamic code loading.

Luca Falsina 418 Dec 29, 2022
Analyze any Android/Java based app or game

ClassyShark Introduction ClassyShark is a standalone binary inspection tool for Android developers. It can reliably browse any Android executable and

Google 7.2k Jan 3, 2023
A Java ePub reader and parser framework for Android.

FolioReader-Android is an EPUB reader written in Java and Kotlin. Features Custom Fonts Custom Text Size Themes / Day mode / Night mode Text Highlight

FolioReader 2.1k Jan 3, 2023
Appdbg - make it possible to run android dex file in original Java Virtual Machine

Appdbg - make it possible to run android dex file in original Java Virtual Machine

null 137 Dec 20, 2022
Smali/baksmali is an assembler/disassembler for the dex format used by dalvik, Android's Java VM implementation

About smali/baksmali is an assembler/disassembler for the dex format used by dalvik, Android's Java VM implementation. The syntax is loosely based on

Ben Gruver 5.7k Dec 27, 2022
TweetNaCl in Java - a port of TweetNaCl-js

TweetNacl in Java: port of tweetnacl-js API/Usage Suggest always use TweetNaclFast implementation Public key authenticated encryption get key pair: Bo

AppNet.Link 40 Nov 10, 2022
Dex to Java decompiler

JADX jadx - Dex to Java decompiler Command line and GUI tools for producing Java source code from Android Dex and Apk files Main features: decompile D

null 32.8k Jan 2, 2023