Home > Android, MalwareAnalysis, Mobile Security > Reversing and Spoofing Android Applications

Reversing and Spoofing Android Applications

October 18th, 2011 Leave a comment Go to comments

One of the major drawbacks with Mobile apps is that they can be Reversed. If we look at the Android app architecture, it contains a source code which is developed by user. That source code is compiled and finally created as a ‘.dex’ file which is the dalvik executable. This ‘.dex’ file can be compared with ‘.jar’ file of java. Dex file clubbed with the resources files are archived to become a APK file. So this apk file is just a archive file similar to a zip file whose contents can be extracted using any archive explorer tool like winzip or 7-zip. After extracting files from an apk file you’ll get a ‘classes.dex’ file which contains the actual code of the application. This dex file can be reversed using my opensource tools like Baksmali(click here to download), dex2jar , apktool.
The video attached below will show you how we can use baksmali tool to decompile and compile the application again. The one thing which gets eliminated by this process is the Application signature. After compiling the application we need to add signature to it so that it can be installed on a device or emulator.

.
.

.
.

Hope you enjoyed it!!
We’ll upload some more tutorials for dex2jar and apktool pretty soon!!

  1. No comments yet.
  1. No trackbacks yet.

Switch to our mobile site