How You Can Easily Reverse Engineer Android Apps
My straightforward approach to decompiling Android applications.
I will deal exclusively with a very simple technique to decompile Android applications installed (or not) on your mobile device (cell phone, tablet, etc.).
The procedure is very simple. I emphasize that I recommend this practice only for study purposes, to understand how the apps were made, etc. and that I am not responsible for what you will do with this knowledge.
Reverse engineering in a nutshell
For those who don’t know, reverse engineering is the practice of starting from the executable code of a system, obtaining the source code, allowing in some cases even to modify it and recompile it for distribution, which is often the type of cruel practice that crackers use to circumvent computer game executables.
In compiled programming languages like C or hybrid languages like Java and C#, the reverse engineering process consists of reading the binary code from the CLASS, DLL, EXE, etc., file and converting it back to its equivalent in Java C, C#, etc. That simple.
The first step to reverse-engineer an Android app is to have the .APK file of the application you want to see the source code for. If you got this app from the Internet (outside Google Play), skip the following two topics. If not, read on as it is essential.
How to become an Android OS administrator (Rooting)
By default, Android does not allow user access, or even applications, to operating system resources, including installed applications.
To keep this even more “secure,” Google Play does not allow download applications to a traditional computer, only for tablets and smartphones.
However, there is a practice called rooting that eliminates the security locks of the platform and gives the user super-powers, like an Android admin user. To be able to access the apps installed on your smartphone, the first step is to root it.
There are several apps for rooting Android devices. One I’ve used and recommend is KingoRoot. Even though I have used it successfully and it has worked perfectly, there is no guarantee that the same will happen to your smartphone. So, I am not responsible for what may occur during the rooting process. Also, the rooting process eliminates the device’s factory warranty, so only use it if your warranty has expired.
Once you have downloaded KingoRoot on your machine, go to your Android and enable the USB Debugging option. Then run KingoRoot as an administrator and click on the first button of the program to root your device.
How to Get an App Installed on Your Android Smartphone/Tablet
Now that you have administrator privileges, you can go to Google Play and download the excellent Titanium Backup, which lets you copy other apps installed on your device to your SD card. For Titanium Backup to work, you must run it on a rooted phone.
Also, you cannot have the USB cable connected to your computer. Otherwise, it will not be able to access your SD to save your app's backup. Titanium Backup has two versions, but the free version is enough for our example.
Once you run Titanium Backup as root on Android (it will ask you to do this), click on the button that says “Backup/Restore” and choose the app you want to backup.
Okay, you’ve just completed the first step of the process. Now connect your smartphone to the PC again and go to your SD card, copying the TitaniumBackup folder that must be inside it with the app backup.
How to Reverse Engineering in APK
With the APK in hand, you can change its extension to .ZIP and unzip it into a folder. Yes, the APK is just a zipped folder. Inside the new folder will be the entire directory structure of the application project, including the static files (assets), the resources (resources), and the Java classes, which are compiled in a binary file called classes.dex.
DEX is the executable file extension understood by Android’s Dalvik virtual machine. To read it, we first have to convert it to the traditional Java executable, .JAR.
To convert DEX files to JAR, I recommend using Dex2Jar, an open-source project hosted on Github. Very simple to use, copy the classes.dex to the same folder as Dex2Jar, open the DOS prompt, navigate to the Dex2Jar directory and run the command (without quotes) “dex2jar.bat classes.dex” and it will create a classes_dex2jar. jar To open the JAR file, just change its extension to .ZIP and unzip it, just like you did with the .APK.
We have the project's directory structure inside the folder that originated from the JAR, but now in the traditional Java model. But we still haven’t gotten where we want to be because the .class files, also known as Java bytecodes, were generated, which cannot be read by humans, only by the JVM.
So the next step is to convert the .class files to the traditional .JAVA classes in plain text. For that, we will need another little program, the JD-GUI. With this little program, just open the Java binary files, showing you the source code that originated that file. And voila, we have the source code of an Android app installed on your phone. Easy, no?!
How to Reverse Engineer an app’s SQLite Database
But what if the application has a database? Wouldn’t you like access to it to better understand the application? Or to read your data?
Well, Titanium Backup also backs up the application’s database, which it places inside a data folder in the backup folder.
Inside, you will have a file with the extension .db, which is nothing more than the SQLite database used by the application. To open it, I recommend calling SQLite Manager. It is a Chrome plugin that is in the browser’s tools menu. With it, you can open .db files by selecting them from the open file menu. With that, you will see all the tables and data of the database, including being able to execute queries on the database. Nice, no?!
Conclusion
The process is long but straightforward. We use a series of little programs, each with its utility, to have final access to an Android application's source code (and data).
The process is heavily documented on the Internet and in books and is possible thanks to the very architecture of Java and Android, which allow this type of decompilation.