Exploring an APK
Published 2015-5-18Exploring APKs
Downloading the APK
First we need to pick a package that we're interested in. For this demonstration I'll choose LDS Tools because, well, I want to know what HTTP APIs it uses.
- I google "LDS Tools Google Play" which takes me to https://play.google.com/store/apps/details?id=org.lds.ldstools&hl=en
- I google "Download APK" which takes me to https://apps.evozi.com/apk-downloader
- I paste in the previous link and I get the download page https://apps.evozi.com/apk-downloader/?id=org.lds.ldstools
- I download
org.lds.tools.apk
Online Decompile
- I search for "Decompile APK"
- I upload the file to http://www.decompileandroid.com/
- Go into the Download directory
pushd ~/Download - Make a directory to work from
mkdir ./org.lds.tools.decompiled mv ./source.zip ./org.lds.tools.decompiled.zip- Go into it
pushd ./org.lds.tools.decompiled unzip ../org.lds.tools.decompiled
Manual Decompile
- Go into the Download directory
pushd ~/Download - Copy the file as a zip
rsync -av org.lds.tools.apk org.lds.tools.apk.zip - Make a directory to work from
mkdir ./org.lds.tools - Go into it
pushd ./org.lds.tools - Unzip it
unzip ../org.lds.tools.apk.zip
TODO dex decompile
Finding interesting things
In a well-constructed package there's likely to be some file that contains some base urls and uses them as templates later on.
I'm proud to say that LDS Tools (aka org.lds.tools) is such a package:
grep -R 'https://' ./
# yields src/org/lds/ldstools/prefs/PrefsConfig.java as a suspect
# further inspection shows 'photoBaseUrl' is the search term to try for
grep -R photoBaseURL ./
By AJ ONeal
Thanks!
It's really motivating to know that people like you are benefiting
from what I'm doing and want more of it. :)
Did I make your day?
Buy me a coffee
(you can learn about the bigger picture I'm working towards on my patreon page )