ApkTool

Yesterday, we had a little issue whereby we needed to modify a production APK to work with Integration. So I want describe how to Decompile, Alter and Compile an apk using the Apktool. I have done some decompiling of Android APK’s in the past to learn how people and companies have achieved something. Never did I have to decompile, alter and re-compile an app using the Apktool. I volunteered naturally as this option seemed loads simpler than looking for the original branch source code at that point.

You should have a good compression tool on you machine I prefer Winrar, but you can use anything you wish.

A text Editor, I use Notepad++

At this point I will assume you already have the current JAVA JRE and SDK installed. You will need this for signing the APK. You should also have the Android SDK, for editing & Compiling etc… You will more then likely already have these if you are at this point.

You will need the ApkTool,the latest version can be downloaded here. The tool allows you to reverse engineer 3rd party, closed and binary Android applications. The tool does this by decompiling / compiling the code using Smali / baksmali. This tool required three files:

  1. apktool.bat
  2. apktool.jar
  3. aapt.exe

Once you have all these tools (not many I know this isn’t that difficult at all), the you are ready to get cracking… I mean reverse engineering.

On your c:\ drive create a folder where you can place all the files, shorter names and paths always help when using the CMD prompt. Since this is the main folder we will be working out of make it simple. Now we need our apk, to download this apk you can use a Google Chrome extension for it, register etc and follow the process. In my case I got it from the team that does the Deployments to the Google play store. When you done your folder should look similar to this:
Folder structure

Setting up the ApkTool

Before we can decompile the .apk file we need to tell the Apktool a few pieces of information, we will install them using the following command:

C:\AndroidDecompile>apktool if Test.apk

After install run apktool

You may need to install other apk’s depending on your instance, you would use the same command for those APK’s, the the APKtool Documentation for more information

Using the ApkTool to Decompile

At this point we are ready to decompile our Apk, for the we run the following command. the -f is not required, this just specifies that we can overwrite the destination files.

C:\AndroidDecompile>apktool d Test.apk -f

After this command has been run we will see a few things happening, this is the actual process of decompiling to source to Smali. This then places all the files into a folder structure that is almost identical to the original Apk. I would advice against fiddling with this as it may not recompile.

apktool After install run folder structure

Making your Changes

At this point you can browse the structure as you would a normal Android Studio project, only difference that we will see is that our “Source code” is now under the Smali directory. If you need to make a JAVA code change you will do that here. If you need to make a change to a resource file then you can see the usual RES folder.

This article is not about the change but the process but suffice to say you can make quite few far reaching changes to the smail with differing degrees of success if you want to learn how smali works.

apktool decompiled Smali sample

Using the ApkTool to Recompile

To recompile the Smali, we pass the cmd prompt the following cmd, this tell the apktool to take the “test” we used earlier and compile it to a new Apk called “test_new.apk”. Ironically I have not seen the purpose in it as we are only interested in two parts of the Apk. so run this cmd:

C:\AndroidDecompile>apktool b test test_new.apk -f

Or this cmd:

C:\AndroidDecompile>apktool b test -f

You should see something similar to the following:
apktool Recompile command

And inside the “Source” folder you should some extra directories
After recompile run folder structure

if you where to look in the “dist” folder you would find a new apk, if you where to try install it you will find that this will not work, as the playservices / store requires everything to be signed with a certificate. Also since we can and I think it’s more reliable (from trying), we can rather just copy the changes files into the original APK.

To do that we open the original APK using WinRar. Once opened we are interested in doing three things. Firstly, deleting the “classes.dex” and “resources.arsc”. Secondly, if you made any changes to any resource xml files, place those in here now, these can be found in the “build\apk\res” path in Windows Explorer. Or proceed to the “build\apk” locate the “classes.dex” and “resources.arsc” file and copy these files into the Winrar Archive.

Lastly, Open the “META-INF” folder, make a note of the name on the two files we will be deleting (in this case “CERT.RSA”) and delete the two files “*.RSA” and “*.SF”. These file are related to your Certificate, more about this shortly. We should now have a very similar folder structure to the Windows Explorer structure.
Winrar folder structure

At this point we are completed the editing portion and can close WinRar.

Troubles installing the .apk after the code change.

OKAY, the hardest part is behind us, but this is the most important step else nothing you have done will work.

Open your command prompt as Administrator and navigate to the location of your JAVA JRE, and go to the bin folder. You command prompt should be similar to this:

C:\Program Files\Java\jdk1.7.0_67\bin>

Copy the APK, into this folder, you don’t have to it just makes it loads easier.

Here we are interested in two tools, the “keytool.exe” and the “jarsigner”. The keytool will create our certificate, this will allow us to sign our Apk. Give your Certificate store a name in our case “TestCertStore” (or whatever you would like to call it) and an Alias, I called this Cert as this was the name of my original Certificate, as mentioned above before we deleted them.

keytool.exe -genkey -v -keystore <yourkeystore> -alias <youralias> -sigalg MD5withRSA -keyalg RSA -k
i.e:
keytool.exe -genkey -v -keystore TestCertStore -alias CERT -sigalg MD5withRSA -keyalg RSA -keysize 2048 -validity 10000
</youralias></yourkeystore>

On running this command you will see various questions complete them, when prompted if it’s correct enter “y”, and enter the password when requested:
Cert questions

This step is now done.

Now we will sign out Apk, using the certificate we just created, simply enter the following command, note the name of our certificate store at the end of the string. Then run the command:

jarsigner -verbose  -sigalg MD5withRSA -digestalg SHA1 -keystore <yourkeystorename> <appname> <youralias>
i.e:
jarsigner -verbose -sigalg MD5withRSA -digestalg SHA1 -keystore TestCertStore test.apk CERT
</youralias></appname></yourkeystorename>

Signing apk with jarsigner

And that is all, you can now, or should be able upload and install this to your device, if it fails then check an make shure you have correct what needs be return them to the original apk, You may not get this right the first time, tyr it it’s not the hard and it does work

Leave a Reply

You must be logged in to post a comment.