Decompiling android apps using apktool

There aren't many tools required for this one. Its a simple procedure. If one knows what to look for once the app is decompiled, then the whole activity takes less than 10 min to tear apart the application.

 First - Check for the java version installed. It should be more than 1.8. 
If there is no java installed, follow this and make it the default. (Make sure to install <1.8)
https://java.com/en/download/help/download_options.xml

 Second - Install apktool 
https://ibotpeaches.github.io/Apktool/install/

1. Download the mac wrapper script as "apktool" - https://raw.githubusercontent.com/iBotPeaches/Apktool/master/scripts/osx/apktool
2. Download apktool-2 - https://bitbucket.org/iBotPeaches/apktool/downloads/
3. Rename downloaded jar to apktool.jar
4. Move both files apktool.jar and apktool to /usr/local/bin using root
5. Make both the files executables using chmod +x
6. From CLI - run apktool --version
7. Download the apk(yourapp) file you want to decompile
8. Navigate to the apk file location and run 
apktool d yourapp.apk

 Once you have run, the files of the apk file can be seen in the folder named yourapp in the same location

Comments

Post a Comment

Popular posts from this blog

Bug bounty - Simple tips and tricks

Image
Its been a couple of months that I am bug hunting and I think I got hang of it now. Bug bounties are the most fancied way of earning money among the ethical hackers and otherwise engineers. I get many requests on Linkedin and Telegram to teach them about bug bounty. I have followed a few big time bug hunters and learnt from them. There are awesome writeups, podcasts and tutorials on Pentester.Land Here are a few tips and tricks to get started with any bounty program. Follow platforms like HackerOne and BugCrowd. They have organised bounty programs which reward in points and money according to the priority of the bug found. They have charity programs too if you wish to donate. So, when there are new programs launched for websites, mobile apps and APIs, you get to see whats in scope of the program and whats not. If you are reporting a bug thats not in scope, you get -ve points. There will be rules of the program which you MUST read carefully to understand the type of progra...
Read more

Hashing, Salting, Encoding and Encrypting

Image
One of the most asked questions when you say you are a cybersecurity engineer is that whats the difference between hashing, encoding and encryption. Many great blogs are available out there to answer that question. I try to make things simple so a layman gets it right. Hashing Hashing is a one way function where the given string is converted to fit in to a fixed length string using hashing algorithms. Simply put its a set of rules that convert the text in to a fixed length text. Hashing is basically used to check the authenticity of data. Assume you have a file that should be downloaded from a website. First you hash the file and digitally sign it. Now you hash the signed file too and encrypt(will talk about this later). The browser that downloads the file at the client end will get these two hash values from the file. Now it employes the same hashing mechanism and generates its own set of hashes. If these two hashes match the ones with the file downloaded, then the browser kn...
Read more

Homomorphic encryption

Image
Homomorphic encryption is a type of encryption where the data in transit can be accessed, computed, analysed all the while the data remains encrypted. This can be extension of both symmetric and asymmetric encryption(See Symmetric and Asymmetric Encryption for more details). This can be used for outsourcing encrypted data for storage and computation to the cloud environments In plain language homomorphic encryption is like this - Assume there are many things in a bag and you put your hands inside, manipulate their positions, access them and sense them but you cant pull them out and see for real what they are. This kind of data transmission is required in healthcare where the privacy is of most concern. The same holds good for voting purposes where the data needs to be encrypted for privacy purpose but also should be assessed. In the banking sectors too this is used to protect the PII and still perform the required processing on the data. The computations on the data are rep...
Read more