Apktool is used for reverse engineering 3rd party Android apps. Debugging is made easier with Apktool’s ability to decrypt properties to their practically original forms. By rebuilding the properties post alteration, a user can gradually debug a smali code.
Kali lists the features of apktool:
- decoding resources to nearly original form (including resources.arsc, XMLs and 9.png files) and rebuilding them
- smali debugging: SmaliDebugging
- helping with some repetitive tasks
Installation for apktool is simple with Linux (as always). Get the most recent version of apktool and run the following commands:
- cd ~/
- mkdir apktool
- wget https://raw.githubusercontent.com/iBotPeaches/Apktool/master/scripts/linux/apktool
- wget https://bitbucket.org/iBotPeaches/apktool/downloads/apktool_2.1.1.jar
- mv apktool_2.1.1.jar apktool.jar
- chmod +x apktool*
- sudo mv apktool* /usr/local/bin/
A wide variety of commands are available in apktool, but the trick is learning the tool before using it. Play around with your phone and computer – test out different things. Spend time researching tutorials and step by step guides. Take it gradually; start out by learning the basics.
Kali lists apktool’s basic commands:
d[ecode] [OPTS] <file.apk> [<dir>]
Decode <file.apk> to <dir>.
- -s, –no-src
- Do not decode sources.
- -r, –no-res
- Do not decode resources.
- -d, –debug
- Decode in debug mode. Check project page for more info.
- -b, –no-debug-info
- Baksmali — don’t write out debug info (.local, .param, .line, etc.)
- -f, –force
- Force delete destination directory.
- -t <tag>, –frame-tag <tag>
- Try to use framework files tagged by <tag>.
- –frame-path <dir>
- Use the specified directory for framework files
- Use if there was an error and some resources were dropped, e.g.: “Invalid config flags detected. Dropping resources”, but you want to decode them anyway, even with errors. You will have to fix them manually before building.
Remember: apktool is not meant for illegal activity. Do not abuse its use for selfish means (and if you do, don’t get caught). In conclusion, this tool is useful for a variety of different things. Don’t be afraid to explore in more depth.