#!/usr/bin/env bash
WORKDIR="$(pwd)/android-reversing"
get_the_tools () {
sudo apt update
sudo apt install openjdk-11-jdk unzip file git
wget https://bitbucket.org/JesusFreke/smali/downloads/smali-2.5.2.jar
wget https://bitbucket.org/JesusFreke/smali/downloads/baksmali-2.5.2.jar
wget https://github.com/pxb1988/dex2jar/releases/download/v2.1/dex2jar-2.1.zip
wget https://github.com/intoolswetrust/jd-cli/releases/download/jd-cmd-1.1.0.Final/jd-cli-1.1.0.Final-dist.zip
wget https://bitbucket.org/iBotPeaches/apktool/downloads/apktool_2.6.1.jar
wget https://github.com/skylot/jadx/releases/download/v1.4.4/jadx-1.4.4.zip
unzip -d jadx jadx-1.4.4.zip
unzip -d jd-cli jd-cli-1.1.0.Final-dist.zip
}
if [ ! -d "$WORKDIR" ]; then
mkdir -p $WORKDIR
pushd $WORKDIR
get_the_tools
fi| Tool | Note |
|---|---|
| aapt | installed with android build-tools with sdkmanager. can list permission, extract AndroidManifest.xml |
| adb | installed with android-sdk, connection to an android device |
| unzip | extraction of apk |
| dex2jar | converts Dalvik-Bytecode to Java-Bytecode |
| enjarify | same as dex2jar |
| baksmali | converts Dalvik-Bytecode to smali |
| smali | converts smali back to bytecode |
| JD-GUI & JD-Core | Java-Decompiler |
| JADx-GUI | Extracts and Converts APK to human-readable output. classes.dex to java, AndroidManifest.xml, etc |
| Androguard | python-shell and functions to analyse apk, does a lot of stuff |
| Codeinspect | Analyse and Execution like an IDE |
| MobileSecurityFramework | Suite for static and dynamic auto analysis |
| drozer | client server application for runtime analysis and manipulation, external Modules via python and java reflection |
| Android Package Manager | ondevice package manager, list installed packages, installs apks etc. |
| apktool | packs and unpacks apks to disable features inside an apk like debug mode, backup mode |
| CydiaSubstrate | API-Hooking, external modules |
wget https://github.com/mwrlabs/drozer/releases/download/2.3.4/sieve.apkRestores the original files from apk
unzip example.apk converts .jar from dalvik-bytecode
unzip dex2jar-2.1.zip
cd dex-tools-2.1/
sh d2j-dex2jar.sh
# needs original classes.dex or .apk
sh ../dex-tools-2.1/d2j-dex2jar.sh sieve.apk
sh ../dex-tools-2.1/d2j-dex2jar.sh classes.dexwrapper for jd-core decompile for java
unzip jd-cli-1.1.0.Final-dist.zip jd-cli.jar
# needs jar file use dex2jar
java -jar jd-cli.jar classes-dex2jar.jar
# creates a zip file
file classes-dex2jar.src.jar
mkdir sieve-java
unzip sieve-dex2jar.src.jar -d sieve-java/
# java codejava -jar apktool_2.6.1.jar d example.apk
cat example/AndroidManifest.xml install drozer oldsql (without docker)
sudo apt install python2.7
curl https://bootstrap.pypa.io/pip/2.7/get-pip.py --output get-pip.py
python2.7 get-pip.py
python2.7 -m pip install virtualenv
python2.7 -m virtualenv .venv
source .venv/bin/activate
pip install pyopenssl twisted protobuf
# get drozer from https://github.com/WithSecureLabs/drozer/releases
wget https://github.com/WithSecureLabs/drozer/releases/download/2.4.4/drozer-2.4.4-py2-none-any.whl
pip install drozer-2.4.4-py2-none-any.whl
drozerrun with docker
sudo docker run -it --network host fsecurelabs/drozer
drozer console connect # after starting drozer agent and forwarding port see below# get drozer agent from https://github.com/WithSecureLabs/drozer/releases/download/2.3.4/drozer-agent-2.3.4.apk
wget https://github.com/WithSecureLabs/drozer/releases/download/2.3.4/drozer-agent-2.3.4.apk
adb install drozer-agent-2.3.4.apk
adb forward tcp:31415 tcp:31415