Joshua's Cheatsheets

Android APK Inspecting / Decompiling

  1. Pull the APK off the phone

    • You could use a dev tool, Titanium Backup Pro, or something simple like "APK Extractor"
    • Send to yourself, sync via Dropbox, or transfer via USB
  2. You have two options for getting readable content

    • A) Use an online decompiler, like this one
    • B) Manually process the APK, by hand

      • First, unpack the archive (.apk), using something like Peazip.

        • Depending on how the APK was produced, you might have readable content right away, or you might need to keep going through steps
      • If the AndroidManifest.xml appears garbled, it probably was converted to a binary asset before packaging.

        • If you have the Android SDK tools already installed, you can use appt.exe dump xmltree {APK_PATH} AndroidManifest.xml > manifest_dump.txt to get extracted values
      • Many XML files might appear garbled, due to binary asset conversion

        • You can use Apktool (see below) to extract
        • You could also keep using aapt, but that is not going to produce clean XML

          • aapt.exe dump xmltree {APK_PATH} {ASSET_PATH} > asset_dump.txt
    • C) (Best option) - Process APK with Apktool

      • Instructions here
      • Without wrapper script: java -jar apktool_2.4.1.jar decode {APK_FILE}.apk
  3. For finding intent strings, AndroidManifest.xml is a good place to start
Markdown Source Last Updated:
Sun Jan 19 2020 03:24:02 GMT+0000 (Coordinated Universal Time)
Markdown Source Created:
Fri Jan 03 2020 23:58:05 GMT+0000 (Coordinated Universal Time)