8 Mobile Reverse Engineering

8 Mobile Reverse Engineering

Karan Sharma (West Pac)

20190222_165939.jpg

reverse engineering tool

  • apktool - desassemble and build apk files
  • d2j-dex2jar turn an apk into jar file
  • jadx similar to dex2jar but allows string/symbol search
  • jd-gui o view the jar file

android dev tools

  • android studio ide
  • adb
  • apk sign or jarsigner

commands

  1. adb shell pm list packages -f list all app
  2. adb shell pm path name of your package
  3. adb pull to pull it
  4. unzip xyz.apk
  5. apktool d base.apk decompile it instead of unzip directly
  6. ls aal
  • d2j-dex2jar base.apk
  • and open jar files in jd-gui
  • apktool b base for recompile
  • zipalign to optimize the apk

Secure App

  • obfuscator -> Proguard
  • do not store any sensitive info in source code
  • move important code chunks to the server side
  • do not hard code credentials
  • not ot store api keys in the codes
  • do not store app data to external storage
  • enable anti-tamper and anti-debug by injecting a self protection code into the source code

tools

  • smali/Baksmali, smali/baksmali is an assembler/disassembler for the dex format used by dalvik, Android’s Java VM implementation. The syntax is loosely based on Jasmin’s/dedexer’s syntax, and supports the full functionality of the dex format (annotations, debug info, line info, etc.)
  • https://github.com/JesusFreke/smali

20190222_170409.jpg

Furether reading (picture)