I have a apk file built with corona. I need to edit the images. I don't have source code. Is there any way to decompile this to get the exact source code?
This is bad. Dont do it.
This is unnecessary. Modifying images doesnt require getting the code. The best option is to use ApkTool. Heres a quick guide, though I am not sure how old it is. If it doesnt suit you, find something else on Google. http://androidforums.com/esteem-all-things-root/520917-guide-how-properly-decompile-recompile-apks-apktool.html
Redistributing the apk after may be illegal. Look into this first.
Final note - See #1. This is bad. Dont decompile other peoples apps with the intention of modifying and reusing. Write your own app.
ApkTool - https://code.google.com/p/android-apktool/
Related
Please consider the following link:
https://code.google.com/p/android-apktool/wiki/KnownIssues
Towards the bottom it's stated:
I've found that some APKs don't conform to regular Android standards. They were probably built using a modified aapt, which makes decompiling near impossible. These APKs are called "Magic" apks and probably won't be supported.
So, how do I can protect my app? I'm interested in modified aapt, but I have no idea where to begin? Thank you.
You must first search about it, There is some useful link about reverse engineering and decompile .apk files :
How to avoid reverse engineering of an APK file?
decompiling DEX into Java sourcecode
This is generally a lost cause. There are tools that abuse the DEX file format to try to hide your code from popular tools, but they can be easily defeated. 'Near impossible' is a not quite true, just harder to make a general purpose tool for it.
Obfuscate your code, consider using Dex2Jar and above all build a great app so that more people will use it/pay for it.
So I published my android app, I proguarded it, applied LVL and even changed some of the LVL code but offcourse, I found it cracked somewhere using a tool called Lucky Patcher. I am not going to ask how can I protect against 1 click tools like that, as I guess there is no single answer ( unless you have an idea and can point me toward).
I need to ask you to help figure out how my code was cracked. I understand that this tool takes APK file and removes licensing. Now given that, how can I take this APK file and reverse engineer it back to Java files to see how the tool cracked my code (so I fix it)
Please help me
Thanks
After Proguard, there's no way to decompile your code into humanly-readable Java.
While it makes the reverse engineering process more difficult, it's not impossible for a clever reverser to figure out the hidden algorithm.
As for tools,
Use android-apktool to decompile to smali and extract all the encoded xml resources.
Use dex2jar to translate Dalvik into jar
and finally jd-gui to see the resulting reversed java code
There's a lot of info here on how to go from a DEX file back to Java source. Also, have you looked at this blog post which addresses many of the ways to protect your source?
piracy is a big issue , and i don't think that any platform or OS can be fully protected from it .
however , google already made some tutorials regarding protection against it , for example:
http://www.google.com/events/io/2011/sessions/evading-pirates-and-stopping-vampires-using-license-verification-library-in-app-billing-and-app-engine.html
also:
http://android-developers.blogspot.co.il/2010/09/securing-android-lvl-applications.html
i think that you can also put some sophisticated obstacles using C instead of java.
also , as google suggests, consider using a different approach : make the core features free , and make the rest purchaseable via in-app billing . you can also add ads and a feature to remove them by in-app billing as well .
I was thinking about this and it seems like if you really wanted to secure your application from hackers there is really only 1 way to do it. You can implement all kinds of fancy methods of insuring your application is licensed and paid for as described in the google article but all it takes is a good hacker to decompile your application and find where the code is and then comment it out or change a function to always return true.
Instead, implement some portion of your application that is required for use in jni/ndk, and check for validation in that code. It doesn't have to be extremely complicated code but you can't just put something like a function (eg. checkValidity) as a user could easily comment the java call that calls into the ndk. Instead you should make some call to your ndk to actually do something that is non-trivial for your application to run -- something the user can't just comment out or switch out with a defined function that does the same thing. From within the ndk code do the verification of your application's integrity/licensing and if it fails kill the application or whatever you need to do.
In order to bypass this the hacker would need to re-implement the ndk code or reverse engineer it.. Which should be much more complicated and not worth while.
This obviously isn't a simple solution and still won't guarantee your application never gets hacked, but it should be much harder to break than the other methods..
I personally think that Obfuscation {Proguard, Dexguard} and native {.so} are pretty effective way to go if used properly.
It definitely deters less experienced 'players' and definitely complicates the life of even experienced 'players'
Don't simply copy/paste the Google android example codes....
I am newer to android development. I have a couple apps I've made with appinventor. I would like to be able to take a completed and packaged .apk that is saved on my computer that was made with appinventor and open to edit it in eclipse. Mainly I want to see how a working app Ive made is actually written. This is for my own educational purposes only, no pirating or other illegal uses.
generally it is not possible to convert an App Inventor project into Java. However there are projects which have this goal, see the App Inventor-Java translation project and the Java Bridge project.
Check the android-apktool. I have no experience with the tool and as I see it will not show you the sources but it seems to be the best way to 'unpack' apk files.
I doubt this is possible, how are you going to bring the dex code back to your java code, even then, AppInventor makes for horrible APKs, two apps that do the exact same thing will differ greatly in size if made with the SDK vs AppInventor.
You should just read a couple of books, or search for information online, instead of trying to unpack an APK.
It's absolutely possible using dex2jar which involves a little time to set up and run but it give you a .jar that you can open with a java decompiler. As for getting the source files into eclipse, there are probably some decompilers that do this but probably cost money. You can use the one listed to copy/paste the code out but it will not provide you with an eclipse project.
I want to prevent anyone from apk reverse compilation. We need to do something. I browsed on the internet, but I still don't know the operational steps clearly.
Who can tell me how to do it?
Anyone's help is so welcome!! Thanks!!
You need an obfuscator. If you are running .NET or Java, these should be easy to find.
There is nothing to prevent people from decompiling your code. All you can do is make it as nasty to read as possible. Don't do this in source (as you will not be able to modify your code yourself), use an obfuscator to do it as a post build step.
Google recommends ProGuard. See this link in the Android docs for more information.
It won't prevent people from disassembling your code (you won't be able to stop that - after all, the operating system needs to disassemble your code to execute it!), but it will make it very hard to see what's going on.
It turns out that Google recommends obfuscating your Android app.
In order to understand the problem, I would like to disassemble my own app and see what information I can extract from the code. How do I do this?
There are tools available for that, such as the pair linked to in this sentence. I have not used them and therefore cannot vouch for how well or easily they work.
Some tools are listed at What is a good android disassember that can produce infomative results
Also you can try undx http://undx.sourceforge.net/
Use them only for good :)