Skip to content

Reverse engineering - Android

Uncpack

unpack apk

apktool d app.apk
unzip app.apk -d app_raw
convert dex to jar
d2j-dex2jar classes.dex

IDE

jd-gui

jd-gui classes-dex2jar.jar &
jadx-gui
jadx-gui

Secrets leaked

sudo $ pip3 install apkleaks
apkleaks -f ecorp.apk

Static code analysis

apkid

sudo pip3 install apkid
apkid app.apk

  • The output "anti_vm: Build.FINGERPRINT check, Build.HARDWARE check, Build.MANUFACTURER check, Build.TAGS check, SIM operator check, network operator name check" indicates that the Android application is using anti-VM techniques to detect whether it is running in a virtual environment.

mobsf

docker run -it --rm -p 8000:8000 opensecurity/mobile-security-framework-mobsf:latest
mariana-trench
sudo pip3 install mariana-trench
mariana-trench --apk-path app.apk --output-directory mariana-tmp