Monday, January 30, 2012

How to read Android apk contents

Lets say you want to read the contents of an android apk file.

Maybe it's yours and you want to be sure of the version, maybe you want to see if the code in that apk contains the latest feature you inserted. Or maybe it isn't your code but you want to check something with someone else's code (without breaking any license etc).

In a nutshell - What are the steps one should take in order to explore an apk file?

1. Only read the manifest contents of an apk:
Use the following command (make sure you have aapt.exe and the apk file on your path):
aapt dump badging XXYY.apk

[Later Edit] 1.5 You want to change some resources of the apk using a nice GUI
Try APK Edit - It will enable you to do the following:

  • Change icons of your android application.
  • Change the applications name.
  • Edit the localized text (Strings.xml) used in applications.

2. You want to read all of the apk's contents:
Method A. Use the following tool: apktool (apktool d filename.apk) [It will generate .smali files instead of class files though, you can add the "-s" option tag in order to get the classes.dex instead of the *.smali files].
(A GUI exists: apktool gui but it seems buggy, later versions can be found but they aren't localized to English yet - as of the time of editing this post)

Method B. 
* Rename the apk file to .zip (instead of .apk) and extract the contents as you extract a zip file.
* The contents are yours for the taking now - except for the class files, in order to see the actual java code, use the following tool on the *.dex file: dex2jar
* In order to read the contents of the jar file (containing the java class files) use a decompiling tool: JD-Gui

Now any apk is open like a book!

[Later Edit] I found this super tool which I must recommend: Apk Multi Tool (Previous name was apk manager)

  • Install this tool
  • Goto it's directory and copy your apk to the following folder: "place-apk-here-for-modding"
  • Run it
  • Click on: 1 (will extract the apk)
  • Now edit the apk as you wish (change images etc)
  • Click on 3 to zip it
  • Click on 4 to sign it.

That's it - you have just changed a working apk and retained it's signature.

[Latest Edit] Some utils which are worth following:
Androidsuite - Gui which envelopes several command line utils, enables the following:

  • Decodes and encodes Dex files
  • Decodes and encodes APK files
  • Sign unsigned apks

(Current version doesn't work for me)

APKInspector - Gui with so many features, so instead of writing them down I'll send you to this amazing video of theirs:

Well, the main problem with this tool is that you can install it only on a linux machine and have to install several other dependencies, I'll continue to follow it though and if they will release a windows version (I don't think they ever will though) I will update this post

EDIT (2016)
As of this year (2016) I am actively earning 3000$/month from blogging (not this blog, this is for my fun), I have blogged here a big article about my mistakes and my success in getting to that goal (I intend to leave my working job till the end of 2016, living off my blogging), if my success inspires you then please leave me a comment there:
My Personal Journey

1 comment:

Amar said...

will it work for Linux too.