Determining if my app was published
One tip that helped me in determining if my app was published or not was knowing what the URL looked like to access the app in the market, because Google won't tell you how to reach it from the Developer Console. This is the format
https://play.google.com/store/apps/details?id=app.package.name where app.package.name is your application package.
------------------------------------------------------------------------------------------------
- Method 1: Use SaveAPK + OI File Manager
- Install OI File Explorer from Google Play Store
- Install SaveAPK from Google Play Store
- Run SaveAPK and select the application(apk) you want to save, then select the directory to store the apk (on SD card)
- Method 2: Use Astro File Manager
- Install Astro File Manager from Google Play Store
- Start Astro File Manager then select Application Backup, backup the applications and the apk files will be store in backups/ directory on SD car
- Procedure for decoding .apk files, step-by-step method:
Step 1:
Make a new folder and put .apk file in it (which you want to decode). Now rename the extension of this .apk file to .zip (eg.: rename from filename.apk to filename.apk.zip) and save it. Now you get classes.dex files, etc. At this stage you are able to see drawable but not xml and java files, so continue.Step 2:
Now extract this zip apk file in the same folder (or NEW FOLDER). Now download dex2jar from this linkhttp://code.google.com/p/dex2jar/ and extract it to the same folder (or NEW FOLDER). Now open command prompt and change directory to that folder (or NEW FOLDER). Then writedex2jar classes.dex
and press enter. Now you get classes.dex.dex2jar file in the same folder. Then download java decompiler from http://java.decompiler.free.fr/?q=jdgui and now double click on jd-gui and click on open file. Then open classes.dex.dex2jar file from that folder. Now you get class files and save all these class files (click on file then click "save all sources" in jd-gui) by src name. At this stage you get java source but the xml files are still unreadable, so continue.Step 3:
Now open another new folder and put these files- put .apk file which you want to decode
- download apktool v1.x AND apktool install window using google and put in the same folder
- download framework-res.apk file using google and put in the same folder (Not all apk file need framework-res.apk file)
- Open a command window
- Navigate to the root directory of APKtool and type the following command:
apktool if framework-res.apk
apktool d "fname".apk
("fname" denotes filename which you want to decode)
now you get a file folder in that folder and now you can easily read xml files also.Step 4:
It's not any step just copy contents of both folder(in this case both new folder)to the single oneand now enjoy with source code...REVERSE ENGG PROCESSHow to avoid reverse engineering of an APK file?
http://stackoverflow.com/questions/13854425/how-to-avoid-reverse-engineering-of-an-apk-file?lq=1 this link help you to avoid decoding 100%.
- Recently, I discovered how to convert an APK file into readable Java source code and XML files. There are three tools you will need: apktool, dex2jar, and jd-gui (or any other java decompiler, JD Gui happens to be the best one I’ve found so far). You can download them from the following URLs:
http://code.google.com/p/dex2jar/
http://code.google.com/p/android-apktool/
http://java.decompiler.free.fr/?q=jdguiMake sure you follow the installation instructions for APKTool. Windows users will have to download two files to get it working.Once you have these downloaded and installed, the next thing you will need is an APK. With a bit of googling you can easily find APKs for just about anything (e.g. Facebook, Twitter, Amazon App Store).Now, that you have everything you will need to do the following:
1) Extract the APK using APKTool. Run: apktool d <apk>
2) Extract the classes.dex file found in the APK file. Run: jar xvf <apk> classes.dex
3) Extract the classes from classes.dex file. Run: dex2jar classes.dex
4) Extract the classes.dex.dex2jar.jar. Run: jar xvf classes.dex.dex2jar.jarYou now have the raw data available to you. You can use JD-Gui to peruse the extracted classes and even save the source down as Java. All of the layouts, manifest, strings, images, and assets are also available to you in the appropriate folders.Some things I’ve discovered while playing around with this:
1) Hardly anyone actually runs Proguard on their source code.
2) Some developers (e.g. Rovio) have encoded much of their assets into proprietary files. This leads me to my next topic: safe guarding your applications.There are several things you can do to help safeguard your application against hackers:
1) Run Proguard on your release APK. This obfuscates all class names, method names, and variables to make it more difficult for hackers to read.
2) Sensitive data should be encoded in a proprietary binary format.
3) If you have sensitive logic (e.g. encoding / decoding mechanisms), I would suggest writing native code and calling it from Java.These safeguards aren’t 100% fool proof, but it will at least slow down hackers from easily gaining access to sensitive information.EDIT: I’ve written another article on how to pull APKs from non-rooted Android devices. Give it a read if you are curious.THESE ARE REFERENCE POST. THANKS for sharing these ideas . Wel come to to that corresponding bloggers.
No comments:
Post a Comment