Skip to content

Reverse

ApkTools

Decompress apk file

Bash
apktool d <myFile>.apk
# Alternative methode without decoding ressources and files. Easier to repack app after
apktool d -fs <myFile>.apk

Repack apk file from source folder

Bash
apktool b <myFile>.apk

Frida

Install frida cli

Bash
pip install frida-tools

Frida gadget injection

We can use Frida Gadget Lief Injector

Bash
git clone https://gitlab.com/jlajara/frida-gadget-lief-injector.git
pip install xtract

Sign apk

Generate a keystore

Bash
keytool -genkey -v -keystore my-release-key.keystore -alias alias_name -keyalg RSA -keysize 2048 -validity 10000

Signing the apk

Bash
jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore my-release-key.keystore my_app.apk alias_name

Exploitation

Enumerate processes

Bash
frida-ps -U

Hook frida

Bash
frida -U -p <PID>

Sources