











362 Shares

Apktool is used for reverse engineering 3rd party Android apps. Debugging is made easier with Apktool’s ability to decrypt properties to their practically original forms. By rebuilding the properties post alteration, a user can gradually debug a smali code.

Kali lists the features of apktool:

decoding resources to nearly original form (including resources.arsc, XMLs and 9.png files) and rebuilding them

smali debugging: SmaliDebugging

helping with some repetitive tasks

Installation for apktool is simple with Linux (as always). Get the most recent version of apktool and run the following commands:

cd ~/

mkdir apktool

wget https://raw.githubusercontent.com/iBotPeaches/Apktool/master/scripts/linux/apktool

wget https://bitbucket.org/iBotPeaches/apktool/downloads/apktool_2.1.1.jar

mv apktool_2.1.1.jar apktool.jar

chmod +x apktool*

sudo mv apktool* /usr/local/bin/

A wide variety of commands are available in apktool, but the trick is learning the tool before using it. Play around with your phone and computer – test out different things. Spend time researching tutorials and step by step guides. Take it gradually; start out by learning the basics.

Kali lists apktool’s basic commands:

d[ecode] [OPTS] <file.apk> [<dir>]

Decode <file.apk> to <dir>.

OPTS:

-s, –no-src Do not decode sources.

-r, –no-res Do not decode resources.

-d, –debug Decode in debug mode. Check project page for more info.

-b, –no-debug-info Baksmali — don’t write out debug info (.local, .param, .line, etc.)

-f, –force Force delete destination directory.

-t <tag>, –frame-tag <tag> Try to use framework files tagged by <tag>.

–frame-path <dir> Use the specified directory for framework files

–keep-broken-res Use if there was an error and some resources were dropped, e.g.: “Invalid config flags detected. Dropping resources”, but you want to decode them anyway, even with errors. You will have to fix them manually before building.



Remember: apktool is not meant for illegal activity. Do not abuse its use for selfish means (and if you do, don’t get caught). In conclusion, this tool is useful for a variety of different things. Don’t be afraid to explore in more depth.