逆向工程安卓应用（附源码）

Question

Looking at an existing Android app, I have the full source, I'm wondering how to determine which Adapter handles events from the UI for a particular screen in the running app.

There are a number of layout (XML) files, and a fistful (dramatically lower number) of Adapters. Guessing, grepping and setting debug points have not lead me to the Adapter in question thus far. (Frankly I'm unsure I can even find the correct layout file for the screen I'm trying to work on!)

I'm very familiar with Web development and PHP and given an app, have a plethora of methods to find my way into the 'controller' code. Also know Java fairly well, and have been making mods to the app so far, but stuck now... Can someone throw me pointers on reverse engineering an Android app?

Answer 1

last time i did this was a year ago, when Android security sucked (and not a lot of proguard), so i used an eclipse decompiler and dex2jar. Actually i'm surprised - how were you able to get the full code?

the benefit of using eclipse is that you can backtrace callers to function.

the thing is - i don't think you're after the adapter. if the screen is a list, you're actually after the ListView (which contains the adapter). maybe the adapter might even contain a reference to the listview itself. so, try to find the view and not the adapter

if it's a listView then, actually, look for something named "xxxx_row.xml" something with the word "row" in it, because that's the standard convention for listview views.

Answer 2

This will work for most Android apps.

In general, each screen is built by an instance of the Activity class.

• Check AndroidManifest.xml in the root of the project. Look for an activity declaration which contains an intent filter like this:

   <intent-filter> <action android:name="android.intent.action.MAIN"/> <category android:name="android.intent.category.LAUNCHER"/> </intent-filter> </activity>

This is the "entry" point to the application, not strictly true but close enough for this task. In fact, Android creates an internal singleton instance of the Application class, which might be extended but usually not. Grep for "extends Application" or " : Application" to know.

• Find the class file with the same name as the activity name, in this case SampleAppMainActivity.

• Open this class file and find onCreate(). This is the first method that Android calls when the activity is instantiated.

• Find setContentView(). It will reference a layout, to be found in res/layout or a subfolder therein, like this. R.layout.sampleappmainlayout. The file itself will be XML. This file defines the UI elements used in the activity screen (it might have includes to merge other layouts).

• If there are multiple activities, then look for creation of instances of the Intent class in this activity, usually attached to button or menu click listeners.

Recurse from step 2 :)

The other answers deal with the specifics of adapters. Or perhaps not? Android uses adapters to handle the retrieval of data and binding those data to UI elements. They do not "respond to UI events". Are you perhaps asking about view controllers in the MVC model?

Good luck.

PS Whatever your client is paying you, it's not enough. I can guess how you landed this gig but yeuch. Just yeuch.

Answer 3

Instructions for OS Windows:

1. Dowload dex2jar-0.0.7.10-SNAPSHOT.zip (version can be different) and extract it ie to folder D:\\Decompile.
2. Dowload Java Decompiler ie JD-GUI and extract to the same folder.
3. Dowload apktool1.4.1.tar.bz2 and apktool-install-windows-r04-brut1.tar.bz2 and extract to the system folder ie C:\\Windows.
4. For example our aplication is called Calculator.apk, move it to folder with Java Decompiler and dex2jar
5. Open command line tool C:\\Windows\\System32\\cmd.exe
6. Change dirrectory into folder where dex2jar located, input command dex2jar Calculator.apk , if all successful in the same folder appears file Calculator.apk.dex2jar.jar
7. Open jd-gui and open file from previous step.
8. Select File-Save All Sources and save file.
9. Extract the resulting zip archive.
10. Put the resulting folder to folder src (must be pre-created). (To get around this structure is D: \\ Decompile \\ Calculator \\ src \\ com \\ android).
11. Again, at the command line enter the command apktool d Calculator.apk Calculator , where Calculator.apk-package name, Calculator-folder to decompile.
12. If all is well, then in the folder will be the source in two formats (java and smali), resources and files AndroidManifest.xml, apktool.yml.