Wednesday, March 9, 2022

How to decompile and repack Android App on ChromeOS (Part 3)

(1) This continues to discuss -> How to decompile android app, previous articles are here (part 1) & (part2)


(2) Part 1 is to demo the use of ChromeOS (devloper mode on) plus the decompile tools and the process of decode and edit some resource files then rebuild the apk using apktool. And Part 2 is to use the jadx tool to decode the apk to java source file and compile it again in Android Studio.


(3) There are possibilities that the jadx tool can not decompile the complete java scources or ending with error. Even if it can be decoded, the project is maybe too complex to rebuild it in Android Studio.


(4) If we can decompile using apktool, we can edit the resource file and smali code, then repack it into apk file. However, this method is only for small modifications in code


(5) For example
cd ~/DecompileProjects # decompile the apk using apktool
apktool.bat d yourapp.apk -o yourapp_out
# edit the smali file, how ? see point(6) below
vim yourapp_out\smali_classes2\com\yourapp\MyService.smali
# build the apk using apktool
apktool b sjbot2 -o yourapp2.apk
# use jadx to decode it to gradle java source files so that you can check for any errors.
jadx --export-gradle yourapp2.apk -d yourapp2_gradle
# check the decompile java scource code before deployment
vim yourapp2_gradle\app\src\main\java\yourapp\MyService.java
# code sign and align the apk
jarsigner -verbose -sigalg SHA256withRSA -keystore my-release-key256.keystore -storepass 123456 yourapp2.apk mykey256
jarsigner -verify -verbose -certs -keystore my-release-key256.keystore yourapp2.apk
zipalign -v 4 yourapp2.apk yourapp2-aligned.apk
# install to emulator or device for testing
adb -s emulator-5556 install yourapp2-aligned.apk


(6) The problem here is how to edit the smali code, the syntax is so complex and like bytecode. So there is no easy path, and either you learn the smali language, or you can use java2smali plug-in for Android Studio to convert java code to smali code and try and error to modify it bit by bit. So using git version control and branching to keep track of your modification is very important in this case. The limitation of java2smali is that it can only be done on a complete project not a single java file, so you have to put a function that is compilable and put it in a project to compile and then convert to smali code.

Get this torrent to learn more on Reverse Engineering.

No comments: