DEV Community

Cover image for Extract code from Android APK with 3 commands
Brian Mayo
Brian Mayo

Posted on

Extract code from Android APK with 3 commands

I mean, with 3 tools

Disclaimer

This post is for informational and educational purposes only

Requirements

Terminal Time

# extract classes.dex
unzip -j <apkfile.apk> classes.dex
# transform dex file to jar file
d2j-dex2jar.sh classes.dex
# read the sources
jd-gui classes-dex2jar.jar
Enter fullscreen mode Exit fullscreen mode

Bonus

Do you use NativeScript/Ionic/Cordova/Phonegap/"insert some webview based mobile framework"?
This is how easy someone can read your javascript code

# find the bundled JS
unzip -l <apK file> | grep '.js'
# extract the bundle
unzip -j <apk file> assets/app.js
# find endpoint, or api keys
cat app.js | grep 'api*\|http*'
# DoS the endpoints
echo "just kidding"
Enter fullscreen mode Exit fullscreen mode

Edit

If you want to avoid commands an just use an app with UI you have

Hope you find it useful and educational.

Cover Image from https://www.eff.org/issues/coders/reverse-engineering-faq

Discussion (2)

Collapse
nguyenkien profile image
Nguyễn Trung Kiên • Edited on

you don't have to unzip it.
Unzip only need when there is more than 1 dex file

Collapse
protium profile image
Brian Mayo Author

You are right. I wanted to mention unzip for the bonus part.
And, as a matter of fact, you can use jadx and open directly the apk. Also you have a binary analysis tool from google