✅ Static Analysis for Android and iOS

Learn how to analyze and bypass security for APK and IPA files.

Table of Contents

Frameworks

APKInspector

APKinspector is a powerful GUI tool for analysts to analyze the Android applications.

APKTool

Tool for reverse engineering 3rd party, closed, binary Android apps. It can decode resources to nearly original form and rebuild them after making some modifications.

To decompile:

apktook d package.apk

To build after the modifications:

apktook b package

References:

Sign an apk

Recompile APK:

apktool b decompiled/apk/directory -o app-patched.apk

Zipalign APK to make it compatible with Android:

zipalign -p 4 app-patched.apk app-aligned.apk

Sign APK with Android debug key (Password: android):

apksigner sign --ks ~/.android/debug.keystore app-aligned.apk

If you don’t have Android Studio installed, use those commands instead, to sign the apk:

Create a signing key:

keytool -genkey -v -keystore my-release-key.jks -keyalg RSA -keysize 2048 -validity 10000 -alias my-alias

Sign the APK:

apksigner sign --ks my-release-key.jks app-aligned.apk

Verify signature

Validate an APK signature

apksigner verify -v --print-certs name.apk

Androguard

Androguard
Androguard

Androguard is a full python tool to play with Android files.

For decoding Android XML (AXML):

androguard axml res/xml/network_security_config.xml

For decoding resources.arsc:

androguard arsc resources.arsc

Mobile Security Framework – MobSF

Mobile Security Framework
Mobile Security Framework

Mobile Security Framework is an intelligent, all-in-one open source mobile application (Android/iOS) automated pen-testing framework capable of performing static and dynamic analysis.

git clone https://github.com/MobSF/Mobile-Security-Framework-MobSF.git
cd Mobile-Security-Framework-MobSF
pip install -r requirements.txt
python manage.py runserver

or using Docker:

docker pull opensecurity/mobile-security-framework-mobsf
docker run -it -p 8000:8000 opensecurity/mobile-security-framework-mobsf:latest
firefox http://localhost:8000

Reverse Engineering

.smali reverse engineering tools

  • baksmali
  • smali

Steps:

  1. Unzip
unzip test.apk


2. Baksmali

baksmali classes.dex -o smaliClasses


3. Smali

smali smaliClasses -o classes.dex


4. Zip -r

zip -r test.apk AndroidManifest.xml classes.dex res/ resources.arsc


5. Jarsign

java -jar signapk.jar testkey.x509.pem testkey.pk8 test.apk test-patched.apk


6. Zipalign

zipalign -v 4 test-patched.apk final-apk.apk

How to transform an aab (Android Bundle) to apk

First, download https://github.com/google/bundletool/releases

java -jar bundletool.jar build-apks --bundle=name.aab --output=name.apks
mv name.apks name.zip
unzip name.zip -d name

Android apk reverse engineering

Unziping the APK, we can convert all Dalvik dex files to a jar file:

d2j-dex2jar -f classes.dex

Directly from the jar file we can decompile it to get the source code:

java -jar jd-gui/build/install/jd-gui-osx/JD-GUI.app/Contents/Resources/Java/jd-gui-1.4.0.jar $FILE.jar

Android:allowBackup

curl https://github.com/nelenkov/android-backup-extractor/releases/download/20181012025725-d750899/abe-all.jar -o abe.jar
adb backup -apk -f out.ab $PACKAGE
java -jar abe.jar unpack out.ab out.tar
tar xvf out.tar

References:

Unity Engine Reverse Engineering from Windows

Download https://github.com/Perfare/Il2CppDumper (Unity il2cpp reverse engineer)

apktool d package.apk
copy package\lib\armeabi-v7a\libil2cpp.so .
copy package\assets\bin\Data\Managed\Metadata\global-metadata.dat .
Il2cppDumper.exe libil2cpp.so global-metadata.dat package_re\

Now open package_re\DummyDll\Assembly-CSharp.dll with DnSpy

Also you can use the following Frida wrapper to save time: https://github.com/vfsfitvnm/frida-il2cpp-bridge

iOS Reverse Engineering

To reverse engineer IPA files use Hopper: https://www.hopperapp.com/ (Hopper Disassembler, the reverse engineering tool that lets you disassemble, decompile and debug your applications).

Or Veracode iRET framework: https://www.veracode.com/blog/2014/03/introducing-the-ios-reverse-engineering-toolkit

Disassembling OPcodes

Best option is to use http://shell-storm.org/online/Online-Assembler-and-Disassembler/

And https://armconverter.com/?code=nop

Also Google’s Dalvik bytecode page is a good resource.

AndroidManifest.xml Analysis

You can always exclude a task from the Recents screen entirely by setting the <activity> attribute, android:excludeFromRecents to true.

Source: https://developer.android.com/guide/components/activities/recents

Other useful resources inside the apk file:

  • res/values/strings.xml

How useful was this post?

Click on a star to rate it!

We are sorry that this post was not useful for you!

Let us improve this post!

Tell us how we can improve this post?