Android applications are bundled in an “apk” format. All the android source code files are compiled and converted into a compressed “dex” file viz. classes.dex. In-order to retrieve the android source files we must go the reverse order – (dex to jar to java and then back to dex). The entire process is explained in detail below.
Step 1: Convert the “dex” file into a jar file, using “dex2jar” utility
Command used – “d2j-dex2jar.bat <path + name of the apk file>”
Step 3: Using a text editor, open the java file that you want to modify. In this case, we are editing the MainActivity file. I have added a new Toast message inside the onCreate method i.e. when the activity loads, saying – “Hacked!”
Step 4: Once you have modified the java file, it’s time to compile it using the – “javac” command. Make sure you specify the following locations in the classpath:
a) “android.jar” found in any of the versions of the android in the “platforms” folder of the android SDK
b) Jar file obtained in the step 1 (i.e. from dex2jar)
On compilation you will get the .class files of the modified java file:
Step 5: Now our next step is to replace these .class files with the ones present in the original jar file (one obtained in step 1). To do this go back to that jar file and rename it to “zip”, unpack it and copy and replace these .class files, with the ones already present in them.
Step 6: Convert them back to jar file using the jar command, make sure you are in the directory containing all the class files.
Step 7: Now, convert the jar file to dex using “dex2jar” utility.
Command used: “d2j-jar2dex.bat -f -o <path where classes.dex needs to be stored> <location of the jar file>”
Step 8: Replace the newly obtained “classes.dex” with the one present in the original “apk” file, the way we did in case of .class files.
To do this rename the .apk file to .zip, unpack it, copy and replace the classes.dex file and convert it back to .zip file. However, while zipping it back select all the files and then add them to zip file.
Step 9: Sign the apk file using “dex2jar”
Install the modified apk file in the emulator/device.
On running the application you will find that the modified logic works, as in our case, the app now runs with a Toast message – “Hacked!!”
So this is how you can tweak an android code!
1) dex2jar: https://code.go
2) jd-GUI: http://jd.benow