Decompiling Android Apps

Once you have an APK you want to take a look at you need to extract the contents of it. An APK is really just a jar/zip file. To extract it’s contents just


unzip YourApp.apk

This will give you a directory with all the resources in it along with a classes.dex file. This file is the compiled Dalvik code. There are a couple of good tools for decompiling the dex. Below is a link to each of them along with instructions on how to run it.

Dedexer: http://dedexer.sourceforge.net/

The following will decompile classes.dex into the out_dir of your choice. Just download the Dedexer jar from the link above and rename the jar to ddx.jar or change the command below to reflect the new filename.


java -jar ddx.jar -d out_dir classes.dex

I also recommend taking a look at this presentation on Dedexer on slideshare.

Smali/Baksmali: http://code.google.com/p/smali/

Smali is ‘assembler’ in Icelandic and Baksmali is ‘disassembler’. All we care about right this second is disassembly so you want to download the baksmali jar. I also recommend downloading the wrapper script and the example below assumes you are running baksmali via that wrapper. This will place the decompiled results into a directory called ‘out’.


baksmali classes.dex

Doing this is almost a violation of the terms of service for any application you look at so be-careful and use these tools for good.

Update: I created a Textmate bundle for syntax highlighting smali, check it out: http://github.com/steve918/smali-textmate-bundle

Advertisements