image

JK Gyllenhaal’s Source Code is one of my favorite movies, but we’re not going to talk about it here. This is not a movie review, but let’s see how to extract source code from compiled Android apps. Let’s first understand what APK is.

An Android Package Kit (APK for short) is an archive type package file format used by the Android operating system for distribution and installation of mobile apps.

We see Apk as an application rather than a package. Many of us don’t know if we can see the source code or understand the application logic. Most Android users also use the Play Store to install apps, making it difficult to find the file in the file manager. The method of retrieving the source code from the compiled application is called reverse engineering or decompilation. If you are interested in SAST you should be aware of one of these decompilation tools, as you will start the process from the source code itself. In this blog, we will learn how to retrieve the necessary files from an application package.

We will be using JADX for this purpose. JADX is a java decompiler that comes with both CLI/GUI interfaces making our activity easier. Without further ado let’s get started 😉

Installation and configuration

  1. Head over to the JADX GitHub repo. image

  2. Click on releases and download the latest version of the JADX zip file. image

  3. Once downloaded extract the contents of the zip file in a folder of your preference. image

  4. Now open the bin directory and right-click on the jadx-gui file. Select run as administrator. image

  5. It will start the application and upon loading the GUI it will prompt you to choose the APK. Select the appropriate Apk and you are good to go. image

  6. The retrieved information can be found in different directories For example, the Source code directory contains the source code information, Resources contains various resources including XML file and so on. image

If you’re having trouble with the latest versions of JADX feel free to install downgraded versions also, choose the one which works fine for you. I chose JADX because it is super beginner-friendly and easy to setup. Also, JADX is not the only tool capable of doing this you could use Apktool which comes pre-installed in most kali distributions or use any alternatives that suit you best.