Autopsy of an APK file
Let's suppose we have obtained an APK file. For the purpose of this section, and to keep the exercise easy, we will create a HelloWorld application, including merely a TextView inside Activity.
To proceed analyzing the interior of our application, let's first unzip the APK and check its content. We will see content similar to the following:
For the newbies in this world, we can see that the Android manifest and the resources inside the res folder are directly accessible. The file, classes.dex, includes the compiled Java files as we explained in the previous section. The file, Resources.arsc (Application Resource Files), contains a list of binary resources, including any kind of data used by the program. This file is created by the
Android Asset Packaging Tool (aapt).
We will now introduce the first technique to read the code of a file that has not been obfuscated, and is transforming the file into a JAR file and then opening it with a decompiler. We will need two tools...
