When analysing an Android application, the minified and/or obfuscated code needs to be refactored in order for it to make sense. AndroidProjectCreator combines known open-source tools (JD-CMD, part of JD-GUI, Fernflower, JAD-X, CFR, Procyon, Dex2Jar and APKTool) together with the power the Android Studio IDE to allow the analyst to use the combined advantages. For those with a proper license, JEB3 Pro can also be used to decompile the APK.

One can download the JAR file from this Github repository.

Table of contents

AndroidProjectCreator converts the APK to an Android Studio project. More details about this process can be found in this blog. Below, multiple advantages are given as well as some disadvantages in comparison to paid tools.

Advantages

Cross platform

Written in Java 8, AndroidProjectCreator is cross platform and cross architecture. It has been tested on Windows 10, Ubuntu 18.04 and MacOS Mojave but should work on all recent versions of Windows, MacOS and Linux distributions.

Visualised GUI

The GUI is visualised within the IDE using the decoded XML file. This instantly provides valuable insight which is not present in paid tools.

Garbage code removal

Upon analysing a sample with lots of useless code, one can simply remove the unwanted code and save the Java files using the IDE. This way, a clean decompiled sample can be used.

Interactive usage of the manifest

Within the manifest, the declared classes can be instantly visited by jumping to the declaration of the class. This makes navigating based on the manifest’s declarations easier and faster.

All information in one place

The manifest, Java code, SMALI code, libraries, assets and resources are bundled within a single Android Studio project file. This way, all required files are quickly available during the analysis, without the need for tooling after the conversion has already taken place.

Fix decompiler mistakes

Code can be edited within Android Studio. This means that wrongly compiled code can manually be changed into the correct code. Comments can also be added in the way the analyst prefers, either using a comment block or a single line, as is shown below.

/** * This is a comment block */ //This is single line comment

Inspect Android’s code base

The value corresponding with an enumeration can easily be found by jumping to the declaration within Android’s code base.

Plug-ins

Plug-ins can be used to execute custom scrips. Additionally, existing plug-ins can be used to perform certain actions.

Updates

Android Studio is being updated whenever the Android OS is updated, meaning that the IDE is never too old to handle new code (if it is updated).

Automated parallel conversion

AndroidProjectCreator’s temporary folder contains all files of all running instances. Each instance has its own directory which is equal to a GUID. This way, an unlimited amount of instances can be started as long as the system has disk space and RAM left.

Support for commercial tooling

Alas, the quality of the decompiled code is not always without mistakes. In general it works properly, but using a better decompiler would help with the analysis. In order to support those who have a JEB3 Pro license, AndroidProjectCreator can also use the JEB3 headless client with a customised script to decompile an APK into Java code.

Prerequisites

Before installing AndroidProjectCreator, one should have installed the following tools:

Java 8 Runtime Environment (open JRE works fine) Java 8 Development Kit (open JDK8 works fine) Maven The JAVA_HOME variable should exist and point towards the Java 8 JDK folder

On Debian based systems, the following command installs all prerequisites:

sudo apt-get install openjdk- 8 -jre openjdk- 8 -jdk maven

Compiling AndroidProjectCreator

To compile AndroidProjectCreator from the source files, one should use the following command in the terminal when the current working directory is within the root folder of the project:

mvn clean compile assembly:single

After the installation, the JAR can be found within the target folder, which is located in the root of the project folder.

Installing AndroidProjectCreator

To install AndroidProjectCreator, one must have a working internet connection. After that, simply run the JAR with the -install flag, an example is given below.

java -jar . / AndroidProjectCreator.jar -install

This will take a while, depending on the speed of both your internet and your machine. When the installation is done, the usage information is displayed.

To quickly install AndroidProjectCreator, one can use the compact installation, as is shown below.

java -jar . / AndroidProjectCreator.jar -compactInstall

This clones all required tools from a repository that is occasionally updated by me. As such, one does not need to be able to build all tools. The download size is roughly 55 megabytes in size, meaning that it uses less than 10% of the full installation’s disk size, and is extremely fast to install. Note that the update functionality does not work. To update the compact installation, simply remove the library folder and run the compact install command again.

Updating is done using the -update flag. For each tool, a pull request is made. After that, each tool is built again and the build output is copied into the library. Updating only takes a few minutes, depending on the speed of your machine.

To decompile, the -decompile flags has to be given, together with the decompiler which should be used. The currently included decompilers are Fernflower, CFR, Procyon, JD-CMD JAD-X and JEB3, if one possesses the pro license of said tool. Additionally, one should provide the path to the APK, as well as a path where the Android Studio project should be placed. If JEB3 is selected, the path to the application folder should also be provided.

Note that the current directory of the terminal/command prompt is used when a relative path is used, regardless where the JAR is placed on the system. This allows AndroidProjectCreator to be placed in a folder which is referenced in the ~/.bash_aliases or within the system variable PATH (depending on your operating system), whilst the output of the project is saved as ./output. An example is given below.

libra@laptop : ~ / Documents$ java - jar AndroidProjectCreator. jar - decompile fernflower ~ / samples / sms - stealer / sample. apk . / sms - stealer - fernflower

Note that the decompiler flag is case insensitive but the file locations might be, based on your operating system.

The IDE is not perfectly set-up by default to be used this way, hence the reason for a couple of adjustments before one should start the analysis. Not all of these are necessarily only for analysing an application, as some are also required during the development of an application.

Missing build-tools

If there is no matching version of the build-tools present for the Android API that is specified within the Android Manifest, an error will be given. Simply let Android Studio download the missing files and the problem is resolved.

Refactoring

To properly refactor code, one should alter the default refactor settings. Use the refactor hotkey twice on the same variable to open the settings screen. Twice on the same variable means to press the hotkey twice without doing anything else in between. Then, make sure only the only check boxes which are selected are Rename variables and Rename inheritors. Selecting other check boxes will result in incorrect results.

Expecting errors

Errors during the Gradle build process are expected since Android Studio is dealing with decompiled code. Android Studio only needs to process the project in such a way, that the execution of plug-ins is possible, together with the ability to refactor code. An error during the Build -> Run Build -> Run Tasks part is common. Let the indexing of Android Studio finish and see if the functionality works. In case it does not, another decompiler can be used. If none of the decompilers works, the problem might be with the system Android Studio is running on instead of the program.

Using this Github repository, pull requests can be made. If you find an issue or have a suggestion, an issue can be filed. To contact me outside Github, please use any of the options that are given at the bottom of this page.

In the future, multiple additional features will be added to AndroidProjectCreator. The updates that are currently planned, are listed below in no apparent order.

Support multiple DEX files within the APK

Support to merge multiple DEX files

Creating an UML diagram based on the code to speed up the analysis

Refactor the internal code to use interfaces and an implementation per tool

Embed AndroidProjectCreator in an API with a front-end for internal use

In the list below, all changes are kept together with the release date of the given version.

1.4-stable [28th of July 2020]

List of features

Added the compact installation feature to download the required dependencies in a precompiled format. This downloads roughly 55 megabytes of data, which is less than 10% of the size of a full installation. Additionally, the building process is omitted. This makes the installation a process of mere seconds. The update functionality is not function with this installation, but one can easily update the compact installation by deleting the library folder and running the compact installation command again: -compactInstall.

1.3.1-stable [30th of March 2020]

List of features

Fixed a bug where one or more spaces in the file path would be interpreted as multiple command line arguments. The same bug was already fixed for APKs with a space in their name in version 1.2.2-stable.

1.3-stable [9th of August 2019]

List of features

Improved documentation in the code

Multiple bugs are fixed, including one where the Fernflower decompiler had to be written with a specific casing in order to work. Thank those who reached out to me with bug reports. Do not hesitate to message me when you think you’ve found something!

The JD-CMD repository has been changed to a mirror on my own Github account, which avoids the error that occurs when compiling the project from scratch, since the Maven repositories miss certain parts of this project.

The CFR decompiler repository has been changed from the repository on my own Github account to the official repository. The build process has been made possible when using Java 8 by a change in the POM.xml.

1.2.2-stable [2nd of April 2019]

List of features

This update contains a bugfix in which the casing of Fernflower caused an error. Additionally, file names with a space in them cause no more errors.

1.2-stable [15th of March 2019]

List of features

Improved documentation in the code

Greatly improved user feedback when the wrong arguments are entered

Wrong decompiler arguments now provide feedback to the user to improve the ease of use

The cloned repositories are now preserved on the disk after the installation, causing the disk usage to increase from 45 megabytes to 520 megabytes. Note that the size now stays 520 megabyte whereas previously it was only required a few minutes during the installation of APC

The repositories are now used in the update mechanism to avoid cloning the whole repository again. This improves the speed of updating and decreases the bandwidth usage.

The native libraries and SMALI code are now written to the same folder as the Java code. This allows for easier navigation within Android Studio

Internal code has been refactored in such a way that each class has only a single purpose. Future tools can now be implemented easier.

JEB3 is now supported as a decompiler. An additional (fifth) parameter is then required: the location of the JEB3 folder.

CFR 0.140 is now used, instead of CFR 0.138.

Minor bugs have been fixed.

1.1-stable [4th of January 2019]

List of features

Added the prebuilt CFR decompiler

Added the prebuilt Procyon decompiler

Added functionality to save and copy the SMALI files into the resources folder of the project

Added functionality to save and copy assets of the APK into the resources folder of the project

Improved feedback to the user upon handling incorrect parameters

Improved code quality of the project

Added an additional parameter to APKTool (“-k”) to also parse broken resources

1.0-stable [7th of December 2018]

List of features

Multiple platform support for Windows, MacOS and Linux distributions

Supports JD-CMD, JAD-X and Fernflower as decompilers

Uses Dex2Jar and APKTool to convert the APK to the required formats

Uses the empty project template version 1.0-stable, which is located here

To contact me, you can e-mail me at [info][at][maxkersten][dot][nl], send me a PM on Reddit or DM me on Twitter @LibraAnalysis.