1) After unzipping Apkd.apk with zip, a classes.dex file will appear.

20 14/02/ 19 19:42

.

20 14/02/ 19 19:42

..

20 14/02/ 19 15:35 1，656 AndroidManifest.xml

2014/02/1915: 35 687 024.

20 14/02/ 19 15:49

Meta information

20 14/02/ 19 15:49

Representation residue

20 14/02/ 19 15:35

2) Enter the dex2jar directory and operate as follows:

d:\ developer \ tools \ test _ apk \ dex 2 jar-0 . 0 . 9 . 15 & gt； dex2jar.bat "..\Apkd(d2j)\classes.d

ex "

This cmd has been deprecated, please use d2j-dex2jar if possible.

Dex2jar version: translator-0.0.9. 15

dex2jar..\ Apkd(d2j)\ classes . dex-& gt； ..\Apkd(d2j)\classes_dex2jar.jar

It's done.

The Classes_dex2jar.jar file will appear in the directory where apk is located.

3) View the jar package with JD-GUI, and you can view the source file.

2. decompile apk

1. Extract three files (aapt.exe, APKTOOL.bat, apktool.jar) from the downloaded apktool into your Windows installation directory, so as to use the Dos command.

20 12/ 12/06 1 1:44 854 0 16 aapt.exe

For example, 2014/02/17:15 apkd.apk//apk document.

20 12/ 12/23 23:39 92 apk tool . bat

20 13/02/03 02:37

2. Enter the directory where apktool.bat is located and run:

apktool d Apkd.apk decode_dir

After decompilation, the contents in the decode_dir directory are as follows:

20 14/02/ 19 17: 16 7 16 Android manifest . XML

20 14/02/ 19 17: 16 237 apk tool . yml

20 14/02/ 19 17: 18

build

20 14/02/ 19 17: 16

Representation residue

20 14/02/ 19 17: 16

Smalley

At this point, I can check the original file AndroidManifest.xml, and I can also check the smali source file (written in smali language, which can be compared with java).

Three. Use of APKTOOL

1).

This command is used to decompile apk files, and its general usage is

apktool d

Indicates the path of the apk file to be decompiled, and it is best to write an absolute path, such as c: \ musicplayer.apk.

Represents the storage location of decompiled files, such as C:\MusicPlayer.

If the given command already exists, you will be prompted after entering the command and cannot execute it. You need to modify the command again and add the -f command.

apk tool d–f

This will force the existing file to be overwritten.

2). Construction

This command is used to compile the modified file, and its general usage is

apktool b

here

It was entered when you decompiled just now.

(for example, C:\MusicPlayer), after entering this command line, if everything is normal, you will find that there are two more folders in C:\MusicPlayer, namely build and dist, which store the files compiled one by one during the compilation process and the final packaged apk files respectively.

3). Install the frame

This command is used to install a specific framework-res.APK file for APKTool, so as to decompile some APK files that are interdependent with ROM. Please refer to frequently asked questions for details.

4.smali is compared with java source code and modified accordingly.

Java source code:

Import android.os.bundle;

Import android.app.activity;

Import android.view.menu;

Import android.widget. *;

Public class MainActivity extends Activity {

@ Overlay

Protected void oncreate (bundle saved instancestate) (

super . oncreate(savedInstanceState)；

setContentView(r . layout . activity _ main)；

TextView a =(TextView)this . findviewbyid(r . id . test)；

A.setText ("Rao Liang");

}

@ Overlay

Public boolean once creation menu (

//Expand the menu; If the action bar exists, this will add items to the action bar.

getMenuInflater()。 inflate(R.menu.main，menu)；

Return true

}

}

Corresponding smali source code:

. Class public Larry/text/apkd/mainactivity;

. Super land roid/app/Activity；;

. Source code "MainActivity.java"

# Direct method

. Method public constructor () v

. Local 0

. preface

. Line 8

invoke-direct {p0}，land roid/app/Activity； -& gt； () Five

Return-Invalid

. Ending method

# Virtual method

. Method to protect oncreate (landroid/OS/bundle; )V

. Locals 2

. Parameter "savedInstanceState"

. preface

. Line 12

invoke-super {p0，p 1}，land roid/app/Activity； -& gt； onCreate(land roid/OS/Bundle； )V

. Line 13

Constant/height 16 v 1, 0x7f03

Invoke-virtual {p0, v 1}, Larry/text/apkd/mainactivity; -& gt； Set the content view (1) v

. Line 14

Constant/height 16 v 1, 0x7f08

Invoke-virtual {p0, v 1}, Larry/text/apkd/mainactivity; -& gt； findViewById(I)land roid/View/View；

Move result object v0

check-cast v0，land roid/widget/TextView；

. Line 15

. Local v0, a: landroid/widget/textview;

Constant string v 1, "around the beam"

invoke-virtual {v0，v 1}，land roid/widget/TextView； -& gt； setText(Ljava/lang/char sequence； )V

. Line 16

Return-Invalid

. Ending method

. Methods public once creation smenu (landroid/view/menu; )Z

. Locals 2

. Parameter "menu"

. preface

. Line 2 1

Invoke-virtual {p0}, Larry/text/apkd/mainactivity; -& gt； getMenuInflater()land roid/view/MenuInflater；

Move result object v0

const/high 16 v 1，0x7f07

invoke-virtual {v0，v 1，p 1}，land roid/view/MenuInflater； -& gt； inflate(iland roid/view/Menu； )V

. Line 22

const/4 v0，0x 1

Return to v0

. Ending method

By comparison, we can see that the constant does not necessarily change, and it can be modified according to smali's grammar.

V.3. Packaging, signature and installation of the modified apk

After modification, you can pack it back to apk. Execute the following command:

apktool b decode_dir

Dist in the mygame directory will now see the packaged apk.

Of course, it is generally impossible to install it now, because apk has not been signed yet. Let's sign now. Signature requires a keystore file. I already have a dedicated keystore. If not, please check here to generate it.

Execute the following command to sign the recompiled my_game.apk:

jarsigner-verbose-keystore demo . keystore apkd . apk demo . keystore

Finally, before installing on the mobile phone, you need to uninstall the existing version in the mobile phone, because if the signature is different, you will not be able to cover the installation, and you will be prompted with an "application not installed" error.

The complete operation is as follows:

d:\ developer \ tools \ test _ apk \ new \ decode \ dist & gt； keytool-genkey-alias demo . keystore-keyalg RSA-validity 40000-keystore demo . keystore

Enter the keystore password:

Enter the new password again:

What's your first and last name?

[Unknown]: Rao

What is the name of your organizational unit?

[Unknown]: Rao

What is the name of your organization?

[unknown]:

What is the name of your city or region?

[unknown]:

What is the name of your state or province?

[unknown]:

What is the two-letter country code of this unit?

[unknown]:

Is cn = Rao, ou = Rao, o = unknown, l = unknown, ST = unknown and c = unknown correct?

[no ]: y

Entered master password

(If it is the same as the keystore password, press Enter):

d:\ developer \ tools \ test _ apk \ new \ decode \ dist & gt； jarsigner-verbose-keystore demo . keystore apkd . apk demo . keystore

Enter the password for the keystore:

Add: meta-INF/manifest.mf.

Add: meta-INF/demo _ key.sf.

Add: meta-INF/demo _ key.rsa.

Signing: res/drawable-hdpi/IC _ launcher.png.

Signing: RES/drawable-mdpi/IC _ launcher.png.

Signing: RES/drawable-xhdpi/IC _ launcher.png.

Signing: RES/drawable-xxhdpi/IC _ launcher.png.

Signature: res/layout/activity _ main.xml.

Signature: res/menu/main.xml.

Signature: AndroidManifest.xml

Signature: classes.dex

Signature: resources.arsc

d:\ developer \ tools \ test _ apk \ new \ decode \ dist & gt；

At this point, the modified apk can be installed normally. However, the previous apk must be uninstalled before installation and cannot be directly replaced (because the signature is different).