1) After unzipping Apkd.apk with zip, a classes.dex file will appear.
20 14/02/ 19 19:42
.
20 14/02/ 19 19:42
..
20 14/02/ 19 15:35 1,656 AndroidManifest.xml
2014/02/1915: 35 687 024.
20 14/02/ 19 15:49
Meta information
20 14/02/ 19 15:49
Representation residue
20 14/02/ 19 15:35
2) Enter the dex2jar directory and operate as follows:
d:\ developer \ tools \ test _ apk \ dex 2 jar-0 . 0 . 9 . 15 & gt; dex2jar.bat "..\Apkd(d2j)\classes.d
ex "
This cmd has been deprecated, please use d2j-dex2jar if possible.
Dex2jar version: translator-0.0.9. 15
dex2jar..\ Apkd(d2j)\ classes . dex-& gt; ..\Apkd(d2j)\classes_dex2jar.jar
It's done.
The Classes_dex2jar.jar file will appear in the directory where apk is located.
3) View the jar package with JD-GUI, and you can view the source file.
2. decompile apk
1. Extract three files (aapt.exe, APKTOOL.bat, apktool.jar) from the downloaded apktool into your Windows installation directory, so as to use the Dos command.
20 12/ 12/06 1 1:44 854 0 16 aapt.exe
For example, 2014/02/17:15 apkd.apk//apk document.
20 12/ 12/23 23:39 92 apk tool . bat
20 13/02/03 02:37
2. Enter the directory where apktool.bat is located and run:
apktool d Apkd.apk decode_dir
After decompilation, the contents in the decode_dir directory are as follows:
20 14/02/ 19 17: 16 7 16 Android manifest . XML
20 14/02/ 19 17: 16 237 apk tool . yml
20 14/02/ 19 17: 18
build
20 14/02/ 19 17: 16
Representation residue
20 14/02/ 19 17: 16
Smalley
At this point, I can check the original file AndroidManifest.xml, and I can also check the smali source file (written in smali language, which can be compared with java).
Three. Use of APKTOOL
1).
This command is used to decompile apk files, and its general usage is
apktool d
Indicates the path of the apk file to be decompiled, and it is best to write an absolute path, such as c: \ musicplayer.apk.
Represents the storage location of decompiled files, such as C:\MusicPlayer.
If the given command already exists, you will be prompted after entering the command and cannot execute it. You need to modify the command again and add the -f command.
apk tool d–f
This will force the existing file to be overwritten.
2). Construction
This command is used to compile the modified file, and its general usage is
apktool b
here
It was entered when you decompiled just now.
(for example, C:\MusicPlayer), after entering this command line, if everything is normal, you will find that there are two more folders in C:\MusicPlayer, namely build and dist, which store the files compiled one by one during the compilation process and the final packaged apk files respectively.
3). Install the frame
This command is used to install a specific framework-res.APK file for APKTool, so as to decompile some APK files that are interdependent with ROM. Please refer to frequently asked questions for details.
4.smali is compared with java source code and modified accordingly.
Java source code:
Import android.os.bundle;
Import android.app.activity;
Import android.view.menu;
Import android.widget. *;
Public class MainActivity extends Activity {
@ Overlay
Protected void oncreate (bundle saved instancestate) (
super . oncreate(savedInstanceState);
setContentView(r . layout . activity _ main);
TextView a =(TextView)this . findviewbyid(r . id . test);
A.setText ("Rao Liang");
}
@ Overlay
Public boolean once creation menu (
//Expand the menu; If the action bar exists, this will add items to the action bar.
getMenuInflater()。 inflate(R.menu.main,menu);
Return true
}
}
Corresponding smali source code:
. Class public Larry/text/apkd/mainactivity;
. Super land roid/app/Activity;;
. Source code "MainActivity.java"
# Direct method
. Method public constructor () v
. Local 0
. preface
. Line 8
invoke-direct {p0},land roid/app/Activity; -& gt; () Five
Return-Invalid
. Ending method
# Virtual method
. Method to protect oncreate (landroid/OS/bundle; )V
. Locals 2
. Parameter "savedInstanceState"
. preface
. Line 12
invoke-super {p0,p 1},land roid/app/Activity; -& gt; onCreate(land roid/OS/Bundle; )V
. Line 13
Constant/height 16 v 1, 0x7f03
Invoke-virtual {p0, v 1}, Larry/text/apkd/mainactivity; -& gt; Set the content view (1) v
. Line 14
Constant/height 16 v 1, 0x7f08
Invoke-virtual {p0, v 1}, Larry/text/apkd/mainactivity; -& gt; findViewById(I)land roid/View/View;
Move result object v0
check-cast v0,land roid/widget/TextView;
. Line 15
. Local v0, a: landroid/widget/textview;
Constant string v 1, "around the beam"
invoke-virtual {v0,v 1},land roid/widget/TextView; -& gt; setText(Ljava/lang/char sequence; )V
. Line 16
Return-Invalid
. Ending method
. Methods public once creation smenu (landroid/view/menu; )Z
. Locals 2
. Parameter "menu"
. preface
. Line 2 1
Invoke-virtual {p0}, Larry/text/apkd/mainactivity; -& gt; getMenuInflater()land roid/view/MenuInflater;
Move result object v0
const/high 16 v 1,0x7f07
invoke-virtual {v0,v 1,p 1},land roid/view/MenuInflater; -& gt; inflate(iland roid/view/Menu; )V
. Line 22
const/4 v0,0x 1
Return to v0
. Ending method
By comparison, we can see that the constant does not necessarily change, and it can be modified according to smali's grammar.
V.3. Packaging, signature and installation of the modified apk
After modification, you can pack it back to apk. Execute the following command:
apktool b decode_dir
Dist in the mygame directory will now see the packaged apk.
Of course, it is generally impossible to install it now, because apk has not been signed yet. Let's sign now. Signature requires a keystore file. I already have a dedicated keystore. If not, please check here to generate it.
Execute the following command to sign the recompiled my_game.apk:
jarsigner-verbose-keystore demo . keystore apkd . apk demo . keystore
Finally, before installing on the mobile phone, you need to uninstall the existing version in the mobile phone, because if the signature is different, you will not be able to cover the installation, and you will be prompted with an "application not installed" error.
The complete operation is as follows:
d:\ developer \ tools \ test _ apk \ new \ decode \ dist & gt; keytool-genkey-alias demo . keystore-keyalg RSA-validity 40000-keystore demo . keystore
Enter the keystore password:
Enter the new password again:
What's your first and last name?
[Unknown]: Rao
What is the name of your organizational unit?
[Unknown]: Rao
What is the name of your organization?
[unknown]:
What is the name of your city or region?
[unknown]:
What is the name of your state or province?
[unknown]:
What is the two-letter country code of this unit?
[unknown]:
Is cn = Rao, ou = Rao, o = unknown, l = unknown, ST = unknown and c = unknown correct?
[no ]: y
Entered master password
(If it is the same as the keystore password, press Enter):
d:\ developer \ tools \ test _ apk \ new \ decode \ dist & gt; jarsigner-verbose-keystore demo . keystore apkd . apk demo . keystore
Enter the password for the keystore:
Add: meta-INF/manifest.mf.
Add: meta-INF/demo _ key.sf.
Add: meta-INF/demo _ key.rsa.
Signing: res/drawable-hdpi/IC _ launcher.png.
Signing: RES/drawable-mdpi/IC _ launcher.png.
Signing: RES/drawable-xhdpi/IC _ launcher.png.
Signing: RES/drawable-xxhdpi/IC _ launcher.png.
Signature: res/layout/activity _ main.xml.
Signature: res/menu/main.xml.
Signature: AndroidManifest.xml
Signature: classes.dex
Signature: resources.arsc
d:\ developer \ tools \ test _ apk \ new \ decode \ dist & gt;
At this point, the modified apk can be installed normally. However, the previous apk must be uninstalled before installation and cannot be directly replaced (because the signature is different).