Skip to content

Instantly share code, notes, and snippets.

Last active April 18, 2024 07:46
Show Gist options
  • Save luciopaiva/809f198e8c96781ad1db63c01732e985 to your computer and use it in GitHub Desktop.
Save luciopaiva/809f198e8c96781ad1db63c01732e985 to your computer and use it in GitHub Desktop.
Android APK hacking how-to

Android APK hacking how-to

Install and configure SDK

  • install Android Studio (google it)

  • configure your shell (considering Linux+Bash):

    export ANDROID_HOME=$HOME/Android/Sdk
    export PATH=$PATH:$ANDROID_HOME/tools
    export PATH=$PATH:$ANDROID_HOME/platform-tools
  • if you plan on using Android Studio's IDE, mind the following:

    • if the apply changes button is disabled (thus disallowing quickly redeploying the app after some change), then use the "invalidate caches and restart" Android Studio option
    • if the name of your Android device doesn't show up correctly, doing the same as above will also fix it
  • put your Android in debugging mode (google it)

  • if you run into this issue: insufficient permissions for device: user in plugdev group; are your udev rules wrong?

    Then you may need to also connect as MTP, otherwise adb won't work (see this)

  • adb devices to verify that your device was recognized

Choose some app to pull

Choose one of the apps you have installed on your Android. Go to its Play Store page and take note of its package name that appears in the URL. For instance:

The package name is com.ubercab.

Considering your Android is connected and in debugging mode, proceed to pull the apk:

> adb shell pm path com.ubercab

This will give the path to the apk file. Pull it:

> adb pull /data/app/com.ubercab-lzaIdKjzcMboa5YtWZ15Ew==/base.apk

Notice it will download base.apk to the current folder. To pull it to somewhere else, append an extra param telling where to put it.

Here's a fish function to do this all at once:

> function adbpullpkg; adb shell pm path $argv[1] | grep -o -P "(?<=package:).*" | xargs -I "%s" adb pull "%s" $argv[2]; end

You may want to rename base.apk to something more meaningful. The remaining of this how-to will still use base.apk, though. Remember to replace it accordingly.

Disassemble it

Use apktool. Follow its documentation and install it. Finally:

> apktool d base.apk

apktool handles binary manifest.xml and all the stuff necessary to have a working source (though no Java code, only smali). Here you can experiment changing code or configuration files before reassembling it.

Reassemble it

Use apktool to build it. Below, base refers to the folder where the apk was disassembled to:

> apktool b base

If all went well, now base/dist contains your new apk file, ready to be signed and delivered.

Sign it

See this for a thorough explanation. For a quick one:

  • go to the folder where apktool generated the apk

  • align file:

    > $ANDROID_HOME/build-tools/28.0.3/zipalign -v -p 4 base.apk base-aligned.apk
  • prepare key if it doesn't exist yet:

    > keytool -genkey -v -keystore my-release-key.jks -keyalg RSA -keysize 1024 -validity 999999 -alias my-alias
  • sign apk:

    > $ANDROID_HOME/build-tools/28.0.3/apksigner sign -ks my-release-key.jks --out base-release.apk base-aligned.apk
  • verify signature:

    > $ANDROID_HOME/build-tools/28.0.3/apksigner verify base-release.apk

    if it says nothing, signature is good.

  • install it:

    > adb install base-release.apk
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment