Thursday 13 February 2014

Now we have Android Decompiler. How to use and why to use it ?

Hi, today we present our new great feature - automated decompiler for Android apps in our mobile apps scanner. This feature could be useful for security researchers and other Android enthusiasts.


From now on, the package with:

  • Disassembled code
  • Decompiled code 
  • Decompressed resources (XML in readable state)

becomes available by one click. 


The package's structure :
├── com.marblesecurity.access.androi.hackapped
│   ── com.opera.browser.yandex.decoded
│      ├── src
│      │   └── [JAVA code]
│      ├── smali
│      │   └── [Disassembled Classes]
│      ├── res
│      │   └── [Readable XML and pictures]
│      ├── lib
│      │   └── [ELF Shared objects and futher staff]
│      ├── assets
│      │   └── [Other resources]
|      ├── AndroidManifest.xml [readable]
|      |      ──apktool.yml [ config for apktool ]
── README.TXT
This structure was designed for convinet work with Android Studio, which you can download here absolutely free. Of course, you can't build App back, because of information loss during decompilation, but IDE could be quite suitable in code exploration. To open a package as a project, follow steps below:


>

>


>


>

>



To see IDE advantage here, compare disassembled and decompiled listings of the same classes:



All questions and suggestions are very wecome, as usual.

P.S.
This engine was designed with consideration of best practices of futher open source instruments: