APKTool is a tool for reverse engineering 3rd party, closed, binary Android apps. It can decode resources to nearly original form and rebuild them after making some modifications; it makes possible to debug smali code step by step. Also it makes working with app easier because of project-like files structure and automation of some repetitive tasks like building apk, etc.
Note: It is NOT intended for piracy and other non-legal uses. It could be used for localizing, adding some features or support for custom platforms and other GOOD purposes. Just try to be fair with authors of an app, that you use and probably like.
Features
- Disassembling resources to nearly original form (including resources.arsc, classes.dex, 9.png. and XMLs)
- Rebuilding decoded resources back to binary APK/JAR
- Organizing and handling APKs that depend on framework resources
- Smali Debugging (Removed in 2.1.0 in favor of IdeaSmali)
- Helping with repetitive tasks
Requirements
- Java 8 (JRE 1.8)
- Basic knowledge of Android SDK, AAPT and smali
How To Install APKTool
- Windows:
- Download Windows wrapper script (Right click, Save Link As apktool.bat).
- Download apktool.
- Rename downloaded jar to apktool.jar.
- Move both files (apktool.jar & apktool.bat) to your Windows directory (Usually C://Windows).
- If you do not have access to C://Windows, you may place the two files anywhere then add that directory to your Environment Variables System PATH variable.
- Try running apktool via command prompt.
- Linux:
- Download Linux wrapper script (Right click, Save Link As apktool).
- Download apktool.
- Rename downloaded jar to apktool.jar.
- Move both files (apktool.jar & apktool) to /usr/local/bin (root needed).
- Make sure both files are executable (chmod +x).
- Try running apktool via cli.
- Mac OS X:
- Download Mac wrapper script (Right click, Save Link As apktool).
- Download apktool.
- Rename downloaded jar to apktool.jar.
- Move both files (apktool.jar & apktool) to /usr/local/bin (root needed).
- Make sure both files are executable (chmod +x).
- Try running apktool via cli.
Note: Wrapper scripts are not needed, but helpful so you don’t have to type java -jar apktool.jar over and over.
How to Build APKTool from Source
APKTool is a collection of 1 project, containing sub-projects and a few dependencies.
- brut.apktool.lib – (Main, all the Library code)
- brut.apktool.cli – The cli interface of the program
- brut.j.dir – Utility project
- brut.j.util – Utility project
- brut.j.common – Utility project
Requirements:
- JDK8 (Oracle or OpenJDK)
- git
Build Steps:
- First clone the repository.
- git clone git://github.com/iBotPeaches/Apktool.git
- cd Apktool
- For steps 3-5 use ./gradlew for unix based systems or gradlew.bat for windows.
- [./gradlew][gradlew.bat] build shadowJar – Builds Apktool, including final binary.
- Optional (You may build a Proguard jar) [./gradlew][gradlew.bat] build shadowJar proguard
After build completes you should have a jar file at:./brut.apktool/apktool-cli/build/libs/apktool-xxxxx.jar
Windows Requirements
Windows has some limitations regarding max filepath. At one location in APKTool, there is a 218 character directory path which means due to the limitation of max 255 characters on Windows we need to enforce some requirements.
This leaves 37 characters total to clone the project on Windows. For example, we can clone this project to the location.
This is 31 characters, which allows APKTool to be cloned properly. Cloning the project into a directory longer than 37 characters will not work.
You might also like:
- Bluto – DNS Recon, Brute Forcer, DNS Zone Transfer, DNS Wild Card Checks, DNS Wild Card Brute Forcer, Email Enumeration, Staff Enumeration, and Compromised Account Checking
- ARDT – Akamai Reflective DDoS Tool
- Sonar.js – A Framework for Identifying and Launching Exploits Against Internal Network Hosts
- CredCrack – A Fast and Stealthy Credential Harvester
- SPF – SpeedPhishing Framework
- King Phisher – Phishing Campaign Toolkit
- D-Link Password Decryptor – Tool for Recovering Passwords from D-Link Modems/Routers
- Kadimus – Local File Inclusion (LFI) Scan & Exploit Tool
- SNMPBrute – Fast SNMP Brute Force, Enumeration, CISCO Config Downloader and Password Cracking Script
- Egresser – Client/Server Scripts Designed To Test Outbound Firewall Rules
- OnionShare – Tool For Sharing Files Securely and Anonymously (Windows, Linux, Mac OS X)
- Pyrasite – Tools for Injecting Code Into a Running Python Process
- Dumb0 – Simple Script To Harvest Usernames From Popular Forums and CMS
- iGoat – A Deliberately Insecure iOS Application