1.1 Decompile APK

1.1.1 UNZIP

I'm aware unzipping is just unpacking and not decompiling:

unzip app_name.apk

  • quick & dirty way

  • AndroidManifest.xml is not readable

  • However .dex files can be found & opened with d2j-dex2jar

  • certificates + signature-files are available

1.1.2 APKTOOL

compiles .dex files to .smali

apktool d path/to/your/app_name.apk

decompiles everything but .dex to .smali

apktool d --no-src app_name.apk

not all files do get extracted (i.e certs + signature files & more are missing)

1.1.3 DEX2JAR

d2j-dex2jar app_name.apk

extracts decompiled .jar only & app_name-error.zip (open with jd-gui)

1.1.4 JADX (recommended)

jadx -d path/to/extract/ app_name.apk

or (w/ jadx deobfuscator)

jadx -d path/to/extract/ --deobf app_name.apk

or just a single .dex file

jadx -d path/to/extract/ classes.dex

  • .java files will be extracted to path/to/extract/sources/

  • all resources are available (source code, certificates, AndroidManifest.xml, ...)

1.1.5 DE-OBFUSCATION

jadx -d path/to/extract/ --deobf app_name.apk

or just a single .dex file

simplify -i file_name.smali -o class.dex

  • there is no 100% success guaranteed --> works only with simple obfuscated files

  • to get the file_name.smali --> decompile with APKTOOL

1.1.6 XAMARIN

unzip apk and retrieve *.dll files

7z e app_name.apk

  • Xamarin Apps are written in C#, therefore you have to decompile it on a windows machine (i.e. w/ dnSpy)

  • Main Source-Code can be found within app_name.dll (but usually there are more too)

Previous1. MANUAL STATIC ANALYSISNext1.2 Check certificate

Last updated