This is a quick guide to get started with Android application testing. I wont delve into details of testing, but instead cover what is necessary to do in order to get started. The topics I go through are:

Get a hold of an Android device through emulation or physical device Find and download the APK you want to test Decompile the APK Sign, Build and Install the updated APK

Find a suitable Android device

First, get ahold of a suitable Android device emulator, e.g. using the Android SDK or a commercial product such as Genymotion, Alternatively, set your device to USB debugging and connect your phone with a USB cable.

Get a hold of the APK

You need the APK file you want to attack. Normally developers have multiple ways of allowing you access to the APK file, however if it is located on the Android Play store, install it to your device, then pull the APK file with ADB.

Locate your package using ADB

Use the packet manager to list all packages on your device.

C:\Users\Chris>adb shell pm list packages package:com.dropbox.android package:com.augmentra.viewranger.android package:com.motorola.android.buacontactadapter package:com.google.android.apps.cloudprint package:com.android.musicfx package:no.securesolutions.pentest package:com.google.android.apps.docs package:com.google.android.apps.maps package:com.google.android.apps.plus package:com.android.cellbroadcastreceiver package:com.google.android.webview

Then figure out its path on the device

Use the packet manager to locat the path of the installed package.

C:\Users\Chris>adb shell pm path no.securesolutions.pentest package:/data/app/no.securesolutions.pentest-1/base.apk

Pull the file from the device onto your workstation

Use adb pull a long with the path of the APK you discovered in the last step.

C:\Users\Chris>adb pull /data/app/no.securesolutions.pentest-1/base.apk 2084 KB/s (3640905 bytes in 1.706s)

Decompile the APK

Grab apktool to easily decompile th APK into its different parts.

C:\Users\Chris>apktool d base.apk

This will give us a directory tree containing assets, smali code, resources and manifests. You can also open up the APK with a zip viewer, e.g. 7zip and view and extract the contents.

Dalvik Excutable into Java

The APK is essentially only a compressed container. You can open it up in e.g. 7zip and review its files. One of the files is a dex file, a Dalvik Executionable, which is essentially the compiled Android application. This file can b decompiled into Java code using dex2jar.

C:\Users\Chris>dex2jar-2.0\d2j-dex2jar.bat base.apk dex2jar base.apk -> .\base-dex2jar.jar

The Dalvik Executable has now been converted into a Java JAR container. This can be further disassembled and inspected by a tool such as jd-gui.

Create keystore, build, sign, uninstall and deploy

Once you have made the necessary modifications to the source code, either through modifying e.g. assets or smali, you are now ready to deploy the modified application.

Create a keystore

C:\Users\Chris>mkdir keys C:\Users\Chris>"C:\Program Files\Java\jdk1.8.0_45\bin\keytool.exe" -genkey -v -keystore keys/base.keystore -alias base -keyalg RSA -keysize 1024 -sigalg SHA1withRSA -validity 10000

Build the modified code back into APK

This will create a release folder containing the updated APK.

C:\Users\Chris>apktool b android-release

Sign the updated APK

C:\Users\Chris>"C:\Program Files\Java\jdk1.8.0_45\bin\jarsigner.exe" -keystore keys\base.keystore base\dist\base.apk -sigalg SHA1withRSA -digestalg SHA1 base

Uninstall the APK from the device to allow for reinstall

C:\Users\Chris>adb uninstall no.securesolutions.pentest

Install the updated APK

C:\Users\Chris>adb install base\dist\base.apk

Put it all together

The above commands can get tedius to write over and over when making small modifications to your APK. Instead pull them all together into one single line of command as this (commands after the keystore has been created):

C:\Users\Chris>apktool b android-release & "C:\Program Files\Java\jdk1.8.0_45\bin\jarsigner.exe" -keystore keys\base.keystore base\dist\base.apk -sigalg SHA1withRSA -digestalg SHA1 base & adb uninstall no.securesolutions.pentest & adb install base\dist\base.apk