Source Code Analysis

Pre-requisites

• Following tools should be installed:
  • Enjarify
  • JD-GUI
  • APKTool
  • SignApk

Steps

1. Translate Dalvik bytecode to equivalent Java bytecode using enjarify. Enjarify takes an APK file as input and returns a JAR file as output.

    $ enjarify <app-name>.apk
   

2. Start the JD-GUI application and import the jar file that was generated by enjarify.

   $ java -jar jd-gui-1.4.1.jar
   

   

3. Analyze the decompiled source code.

   

4. Modify app logic and rebuild the application using apktool.

    $ apktool -o ./<new-file-name>.apk b <root-folder-containing-modified-code>/
    $ apktool -o ./InsecureBankv2Modified.apk b InsecureBankv2/
   

5. Sign the new APK file.

    $ java -jar sign.jar <new-file-name>.apk
    $ java -jar sign.jar InsecureBankv2Modified.apk
   

6. Install the modified app into an android device/emulator to bypass restrictive functionalities.