Monday, October 22, 2012

Android: pulling APK from non-rooted device and exploring the source code

Here is a simple way to pull the installed app APK from non-rooted device.
Well this technique worked on my Samsung Tab 10.1 tablet and didn't work on my Nexus Galaxy phone.

The main problem here is that with non-rooted device one can not browse the file system, to figure out which packages are installed, and their file names.

Here are the steps how to do this with SDK adb tool.
1. Pull down the packages.xml file to get the files that describes the packages that are installed on the device:
adb pull /data/system/packages.xml

2. Find the package tag that you are interested in. It should have a property codePath="/data/app/[name].apk"

Pull the apk file with:
adb pull /data/app/[name].apk

Now you are free to "reverse engineer" and explore the package with for example Android apktool for example.

Here is how get the decompiled java source code from the apk file.

1. Extract classes.dex:
jar xvf [name].apk classes.dex

2. With the help of dex2jar tool (http://code.google.com/p/dex2jar/), convert dex to jar:
d2j-dex2jar.sh classes.dex

3. Now you can explore the source code in the classes-dex2jar.jar with any java decompiler like for example JD-GUI (http://java.decompiler.free.fr/).

Enjoy!

Friday, October 19, 2012

Mandiant on Android

I went to MIRcon 2012 conference this week and one of speakers was a guy from our company who does some R&D for Android at our New York office.
I found his blog very interesting and just wanted to share here:
http://thecobraden.blogspot.com/

Enjoy! :)