Is there any way to get to .js files with code created with Appcelerator from compiled .apk?
I lost a source coude of one of projects and now have only .apk files and would like not to rewrite the whole code.
Thank in advance
If you would like to do this manually:
In release version of the app, Titanium puts all of the assets into Java class called AssetCryptImpl, you would have to decompile apk and look for that class file in the sources.
AssetCryptImpl file will contain private method called initAssetsBytes, which returns one large chunk of data as CharBuffer, which contains encrypted data for all of the asset files. The other method called initAssets, will contain all of the original asset filenames and also ranges for each of the asset files.
Asset data is encrypted using AES in ECB mode, and last 16 bytes from asset data are the decryption key. Asset decryption method implementation is inside JNI library but its not hard to rewrite. filterDataInRange will call native code to decrypt the resource.
You can easily rewrite filterDataInRange method, with your implementation, which will get the key and decrypt the resource data and write it to file. And write a method which will call readAsset for each filename from HashMap, from initAssets method.
If you want one click solution:
You can use the tool called ti_recover.
Install it with node package manager:
npm install ti_recover
Than use it from terminal/command line:
ti_recover apkfile.apk outputdir
Depends on how the Titanium app was built. If it's an emulator build, then yes, you can get the JavaScript files. If the apk is from a device or dist build, then no.
For device and dist builds, Titanium minifies and encrypts all JavaScript, then injects it into the Java code before compiling it.
So if you have an apk from an emulator build, you can just rename the .apk to .zip and unzip and the JS files will be there.
One thing to note is if your app is an Alloy app, then you'll only get the compiled Alloy code, not the original Alloy code. That means you won't find any .xml views, .tss styles, etc.
This Website might be your best bet. It uses a range of technologies to decompile .apk files.
You can try making a new folder and copy over the .apk file that you want to decode. Rename the extension of this .apk file to .zip (e.g. rename from filename.apk to filename.zip) and save it. After extructing, Now you can access the classes.dex files, etc. Also, in Asset folder you will get the resources. Though you can't get the .js file by following this process. You can use this http://www.javadecompilers.com/apk website. But still it will give you a java dicompilation.
Related
I am using React Native and integrated library react-native-obfuscating-transformer
to obfuscate my code. Now after decompiling my APK, I believe my whole js code is under assets/index.android.bundle.
How can I debundle it and see my code whether obfuscation worked or not.
For Macbook
brew install apktool
after install apktool, unzip apk file by run this command on terminal like this:
apktool d /pathOfApkFile.apk
After that you will get index.android.bundle file at pathOfApkFile/assets/index.android.bundle
than you can use react-native-decompiler for decompile index.android.bundle file
Decompile index.android.bundle File
you can decompile index.android.bundle by run this command
npx react-native-decompiler -i ./index.android.bundle -o ./output
after that, you will get JS decompiled file in ./output directory
JS Code Decompile
React Native is already doing uglify js code.
and react-native-obfuscating-transformer is also make complex uglifying code
It is something like MD5 and SHA256 encryption and there is no the tool available right know when make machine learning and bruteforce to give us estimated code
If you want to varify react-native-obfuscating-transformer is implemented or not then you can edit index.android.bundle and save code then implement react-native-obfuscating-transformer and edit and compare both file
you can make more uglify code by adding flag in build.gradle called bundleInRelease: true and add Hermes which turns js bundle to bytecode for efficiency
REF
Note: There is no way to decompile index.android.bundle because this file contains uglify code which has many reverses possible of one line
Java Code Decompile
you can use DEX2JAR to convert apk to java code
and you can view that code from JD-GUI
you can see this VIDEO
See https://android.jlelse.eu/getting-inside-apk-files-21dbd01529d4 :
If your app is written on React Native, using the same apktool you can find index.android.bundle file inside assets folder of decompiled APK folder.
To open it using IntelliJ IDEA, right click on the file, Associate with File Type… and choose JavaScript. And it is usual minified .js file.
In other words, opening the .bundle file in an IDE such as Intellij will yield a minified .js file, which can then be formatted and compared with your source code. I hope this helps!
There is a tool called APK Easy Tool download it from here, install it, and open it.
Select apk by choosing browse option and click on Extract apk, when it is extrcted click on decompiled apk directory, and open directory. you would see something like this
navigate inside Extracted APKs directory you would get the bundle.
I have a project with native libraries that I want to use, files with this format: lib<name>.so do get included into apk. But files with <name>.so format does not.
Is there a way to include the later type into apk in lib directory?
If not, is there a way to include the files into a directory inside apk, where I can load it from my native code?
The short answer is "no". The native binaries will only be packed into APK, and extracted to executable files upon installation, if their names follow the lib….so pattern.
Note that these libraries will be extracted to files according to the ABI of the target system. The installer does not check the actual properties of the file. The decision is based on the name of the folder under lib in the APK structure.
If you add the attribute extractNativeLibs=false to the application tag in AndroidManifest.xml of your APK, the installer (on Android Nougat and higher) will not extract the native libraries.
You can trick the system and have files that don't follow the above rule to the lib folder of APK, but there is very little sense in it, because they will never be extracted by the loader (it may also extract file gdbserver if the file is there).
The common practice is to put the arbitrary files in the assets folder of your APK, and extract them programmatically when the app runs for the first time after install. You cannot extract these files to the secured location where the usual native libraries go. You should not extract the native libraries to sdcard (e.g. getExternalFilesDir()), because the system may not allow execution of the files there, regardless of the execute access flag on the file. Make sure that you use the correct ABI flavour.
You can peek at the source code of Nougat native lib loader that can load native libraries from the APK without extraction, and use it to load your custom libraries directly from the assets folder of your APK.
I am trying to link to an external file from a shared repository between my iOS and Android apps. This does not present a problem for iOS, but it does for Android. My current solution is to create a copy of the file from the external repository and place it in my projects Assets folder. This solution works, but is not much of a good one in my opinion and involves too many extra steps.
Using Eclipse, I am able to link to a resource. It's as simple as copying a file into my Assets folder and being prompted to either copy the file or link to the resource. If I link to the resource and try to run my app, I get a FileNotFoundException. If I copy the file instead, the app file is found just fine.
Ideally, I'd like to link to the file so that when I pull a new update from git then I don't need to copy the file over every single time. I'd prefer to link to the file.
I don't know what Eclipse uses "under the covers" for "Link here" drag-and-drop stuff. However, it is an Eclipse-ism. Android's build tools are fairly isolated from Eclipse proper, and so they won't know about those links.
Using a hardlink, or perhaps a symlink, at the OS X filesystem level should work, as both Eclipse and Android's build tools should treat it like a local file.
I know this is possible to decompile and recompile an apk. And I saw this post : Injecting code into APK
before, But what I want is not decompiling or reverse engineering.
In my case I just want to make some games that uses touch events compatible with gamepad. I've seen some companies that do something like this and make android games compatible with their gamepads.
Unfortunately I found no solution to inject some codes into an existing apk.
So My question is :
Is there a way to do some changes into an apk (changing touch and key events in game application) and add some codes into that without effecting the real source code ?
For something simple like this, all you need is baksmali/smali. Just insert a single call into the assembly into your custom class, and you can write the rest in Java.
Decompiling/recompiling rarely works and is overkill for this situation anyway. Using smali will work even for obfuscated applications, though some applications calculate integrity checks on themselves and will refuse to run if modified.
For this purpose first of all you decompile this apk into source code
for decompiling the apk following purpose is used
Step 1:
Make a new folder and copy over the .apk file that you want to decode.
Now rename the extension of this .apk file to .zip (e.g. rename from filename.apk to filename.zip) and save it. Now you can access the classes.dex files, etc. At this stage you are able to see drawables but not xml and java files, so continue.
Step 2:
Now extract this .zip file in the same folder (or NEW FOLDER).
Download dex2jar (https://code.google.com/p/dex2jar/downloads/detail?name=dex2jar-0.0.9.15.zip&can=2&q=) and extract it to the same folder (or NEW FOLDER).
Move the classes.dex file into the dex2jar folder.
Now open command prompt and change directory to that folder (or NEW FOLDER). Then write d2j-dex2jar classes.dex and press enter. You now have the classes_dex2jar.jar file in the same folder.
Download java decompiler(http://jd.benow.ca/), double click on jd-gui, click on open file, and open classes.dex.dex2jar file from that folder: now you get class files.
Save all of these class files (In jd-gui, click File -> Save All Sources) by src name. At this stage you get the java source but the .xml files are still unreadable, so continue.
Step 3:
Now open another new folder
Put in the .apk file which you want to decode
Download the latest version of apktool (https://code.google.com/p/android-apktool/downloads/detail?name=apktool1.5.2.tar.bz2&can=2&q=) AND apktool install window (https://code.google.com/p/android-apktool/downloads/detail?name=apktool-install-windows-r05-ibot.tar.bz2&can=2&q= ) (both can be downloaded from the same link) and place them in the same folder
Download framework-res.apk and put it in the same folder (Not all apk file need this file, but it doesn't hurt)
Open a command window
Navigate to the root directory of APKtool and type the following command: apktool if framework-res.apk
apktool d myApp.apk (where myApp.apk denotes the filename that you want to decode)
now you get a file folder in that folder and can easily read the apk's xml files.
Step 4:
It's not any step just copy contents of both folder(in this case both new folder)to the single one
and update the source code...
is it possible to add to my apk file some XML file storing program version, update path and other useful data (note: I don't mean Android XML file). All I want to is this file to be unpacked somewhere to local data folder and I will use it for comparing version info installed locally and on the server in case of updates.
I am asking - is it possible to add to apk some other file?
Thanks
The assets/ folder in apk is intended to store any extra user files in any formats. They will be included to apk automatically on compilation stage and can be accessed from the app using getAssets() function. For example:
final InputStream is = getResources().getAssets().open("some_file.xml")
It is even unnecessary to copy them to some local folder to read them.
If you only want to know the version info of the app then there is a much easier way to identify it. You can use
getPackageManager().getPackageInfo(getPackageName(),PackageManager.COMPONENT_ENABLED_STATE_DEFAULT).versionCode
to get the version code and
getPackageManager().getPackageInfo(getPackageName(),PackageManager.COMPONENT_ENABLED_STATE_DEFAULT).versionName
to get app's version name