SMT

Resource

Center

 

Coming Soon

Security Management Technology Center Develop Elearning, FAQ , New Center...

SMT BLOG

Android is now the most used operating system around the world , as you read this article more than million users just downloaded an android app , majority of app downloads come from google play store ( official store for android apps ) but users may go for external sources to get the paid apps free , which create a great dangerous cause these apps usually modified with embedded malware or adware scripts .

how hackers can get the source of an app ? how they can modified it and sign it ? in this article we will give all information you need to know about this subject .

what is reverse engineering ?

"Reverse Engineering also called back engineering, is the processes of extracting knowledge or design information from anything man-made and re-producing it or reproducing anything based on the extracted information.[1]:3 The process often involves disassembling something (a mechanical device, electronic component, computer program, or biological, chemical, or organic matter) and analyzing its components and workings in detail." - wikipedia

in simplified words its the process of getting the source of product through analyzing only the final product without another information , in this field we mean how to apply some algorithms to reverse the work of compiling algorithms and knowing how the program work by disassembling it to smaller pieces ( assembly code and byte code ) then translate the gathered information into a source code similar to the analyzed program . 

 

Why Reverse Engineering Android Apps ?

there is two reasons to apply the Reverse Engineering .

Bad Reasons :

1) hackers want the source code so they can steal the idea of the program and to develop a simliar app with more features this would save a great time figuring the base code .

2) hackers want the source code so they can create an app the same to the original but with embedded trojan or adware so they can hack into these devices or to sell ads through these victims .

Good Reasons :

3) Cyber Forensics use it to analyze the app for melecious behavior and to get info about the person who made the apps ( Malware Analysis ) .

4) Programs use it to the test difficult of reversing their own programs and to develop ways to secure it . 

Important details about Android Applications .

The APK file format is a variant of the JAR file format.


An APK file usually contains the following folders:


 META-INF
 res


along with a set of files:


 AndroidManifest.xml
 classes.dex
 resources.arsc


The two main files for consideration are the Androidmanifest.xml and classes.dex
files.

The classes.dex file contains the Dalvik bytecode of all the code in the application.

How we will Reverse Engineer Android apps ?

1) first way is to get the source code as java code but if you want to build it and make new app you need to edit it with IDE like ( eclipse ) .

 Advantages : you will get the original source code .

 Disadvantages : you will need more effort to build the Source code .

2) second way is to decompile the .dex file into .smali then edit the program and build it using the same tool without any usage of IDE .

 Advantages : you can decompile and compile the application with single terminal command .

 Disadvantages : you will need a good knowledge with .smali which is a assembly like code for android .

 

How To Defend Your Program From Revers Engineering ?

To defend your porgram from reverse engineering you must use code obfuscator which is a tools that divide the classes into more pieces, reorgnize them , remove classes names and replace them with random names to make it hard to understand from hackers .

One of these tools is Java ProGaurd : Download it from here

Tools used in video tutorial :

1) Dex2Jar : this tool decompile the .APK file to .JAR file .   you can download from it here : Download

2) Java Decompiler : this tool decompile .JAR file to .Java readable source code .   you can download it from here : Download

3) APKTool : this tool decompile the .APK file into Folder has all resources with .smali code .   you can download it from here : Download

4) JavaSign : this tool sign the application so you can install it on the system .   you can download it from here : Download

5) GenyMotion : this tool create android virtual environment to test the applications .   you can download it from here : Download

 

now lets watch the video :

 

** Disclaimer **

Any actions and or activities related to the material contained within this Website is solely your responsibility.The misuse of the information in this website can result in criminal charges brought against the persons in question. The authors will not be held responsible in the event any criminal charges be brought against any individuals misusing the information in this website to break the law.

This site contains materials that can be potentially damaging or dangerous. If you do not fully understand something on this site, then GO OUT OF HERE! Refer to the laws in your province/country before accessing, using,or in any other way utilizing these materials.These materials are for educational and research purposes only.Do not attempt to violate the law with anything contained here. If this is your intention, then LEAVE NOW! Neither administration of this server, the authors of this material, or anyone else affiliated in any way, is going to accept responsibility for your actions. Neither the creator is responsible for the comments posted on this website.

Newsletter

Subscribe to our newsletter and stay updated on the latest news and special offers!
Please wait