Reverse Engineering

AndroidManifest.xml

Contains essential information for app execution.

  • Permissions

  • Intents exposed

  • Start classes

However, with an XML extension, it is encoded and compressed.

  • Can be obtained with apktool, appt and many others.

Access to AndroidManifest.xml "is an issue" as it exposes public interfaces and data sources.

  • Can be explored by simple observation/sniffing/injection and no further RE.

  • But there is nothing to do about it. It's always available.

META/MANIFEST.MF

classes.dex

Contains all Dalvik bytecode.

  • Reverse engineering from APKs is always easier.

    • A copy of the APK exists on the phone but is only accessible to root.

  • It is possible to recover most Java code.

Includes both application code and some Java libraries.

  • Some Android/google optional frameworks.

  • Additional frameworks the developers required for development.

  • May include unused frameworks.

  • Doesn't include base framework classes.

Reversing DEX may follow two approaches.

  • Convert to smali, more difficult to understand, but always possible.

  • Convert to Java sources, easier to understand but not exact.

PreviousApplication StructureNextExercise 1

Last updated