Android is now the most used operating system around the world , as you read this article more than million users just downloaded an android app , majority of app downloads come from google play store ( official store for android apps ) but users may go for external sources to get the paid apps free , which create a great dangerous cause these apps usually modified with embedded malware or adware scripts .
how hackers can get the source of an app ? how they can modified it and sign it ? in this article we will give all information you need to know about this subject .
what is reverse engineering ?
"Reverse Engineering also called back engineering, is the processes of extracting knowledge or design information from anything man-made and re-producing it or reproducing anything based on the extracted information.:3 The process often involves disassembling something (a mechanical device, electronic component, computer program, or biological, chemical, or organic matter) and analyzing its components and workings in detail." - wikipedia
in simplified words its the process of getting the source of product through analyzing only the final product without another information , in this field we mean how to apply some algorithms to reverse the work of compiling algorithms and knowing how the program work by disassembling it to smaller pieces ( assembly code and byte code ) then translate the gathered information into a source code similar to the analyzed program .
Why Reverse Engineering Android Apps ?
there is two reasons to apply the Reverse Engineering .
Bad Reasons :
1) hackers want the source code so they can steal the idea of the program and to develop a simliar app with more features this would save a great time figuring the base code .
2) hackers want the source code so they can create an app the same to the original but with embedded trojan or adware so they can hack into these devices or to sell ads through these victims .
Good Reasons :
3) Cyber Forensics use it to analyze the app for melecious behavior and to get info about the person who made the apps ( Malware Analysis ) .
4) Programs use it to the test difficult of reversing their own programs and to develop ways to secure it .
Important details about Android Applications .
The APK file format is a variant of the JAR file format.
An APK file usually contains the following folders:
along with a set of files:
The two main files for consideration are the Androidmanifest.xml and classes.dex
The classes.dex file contains the Dalvik bytecode of all the code in the application.
How we will Reverse Engineer Android apps ?
1) first way is to get the source code as java code but if you want to build it and make new app you need to edit it with IDE like ( eclipse ) .
Advantages : you will get the original source code .
Disadvantages : you will need more effort to build the Source code .
2) second way is to decompile the .dex file into .smali then edit the program and build it using the same tool without any usage of IDE .
Advantages : you can decompile and compile the application with single terminal command .
Disadvantages : you will need a good knowledge with .smali which is a assembly like code for android .
How To Defend Your Program From Revers Engineering ?
To defend your porgram from reverse engineering you must use code obfuscator which is a tools that divide the classes into more pieces, reorgnize them , remove classes names and replace them with random names to make it hard to understand from hackers .
One of these tools is Java ProGaurd : Download it from here
Tools used in video tutorial :
1) Dex2Jar : this tool decompile the .APK file to .JAR file . you can download from it here : Download
2) Java Decompiler : this tool decompile .JAR file to .Java readable source code . you can download it from here : Download
3) APKTool : this tool decompile the .APK file into Folder has all resources with .smali code . you can download it from here : Download
4) JavaSign : this tool sign the application so you can install it on the system . you can download it from here : Download
5) GenyMotion : this tool create android virtual environment to test the applications . you can download it from here : Download
now lets watch the video :