Repository: b-mueller/apkx
Branch: master
Commit: fcb74ff37c9f
Files: 6
Total size: 5.5 KB
Directory structure:
gitextract_ke2tles2/
├── .gitignore
├── README.md
├── apkx
├── apkx-libs.jar
├── enjarify.pex
└── install.sh
================================================
FILE CONTENTS
================================================
================================================
FILE: .gitignore
================================================
.DS_Store
.python-version
================================================
FILE: README.md
================================================
# apkx - Android APK Decompilation for the Lazy
A Python wrapper to popular free dex converters and Java decompilers. Extracts Java source code directly from the APK. Useful for experimenting with different converters/decompilers without having to worry about classpath settings and command line args.
## Installation
```bash
$ git clone https://github.com/b-mueller/apkx
$ cd apkx
$ sudo ./install.sh
```
Notes:
- JRE needs to be installed and in PATH
- enjarify requires Python 3
## Usage
Pass the APK filename on the command line:
```bash
$ apkx HelloWorld.apk
Extracting HelloWord.apk to HelloWord
Converting: classes.dex -> classes.jar (dex2jar)
dex2jar HelloWord/classes.dex -> HelloWord/classes.jar
Decompiling to HelloWord/src (cfr)
```
The default combination of converter and decompiler is dex2jar and cfr. Use the -c and -d flags to change this. E.g.:
```bash
$ apkx -c enjarify -d procyon HelloWorld.apk
```
To get help, run:
```bash
$ apkx -h
```
## Tools
This script integrates the following tools:
- [Procyon](https://bitbucket.org/mstrobel/procyon) by Mike Strobel - [Apache License Version 2.0](https://www.apache.org/licenses/LICENSE-2.0.html)
- [CFR](http://www.benf.org/other/cfr/) by Lee Benfield - [MIT License](https://opensource.org/licenses/MIT)
- [dex2jar](https://github.com/pxb1988/dex2jar) by Bob Pan - [Apache License Version 2.0](https://www.apache.org/licenses/LICENSE-2.0.html)
- [enjarify](https://github.com/Storyyeller/enjarify) by Storyyeller - [Apache License Version 2.0](https://www.apache.org/licenses/LICENSE-2.0.html)
## About
This script accompanies the [OWASP Mobile Security Testing Guide](https://github.com/OWASP/owasp-mstg). For further instructions and usage examples, see also:
- [Tampering and Reverse Engineering on Android](https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05c-Reverse-Engineering-and-Tampering.md)
- [Testing Resiliency Against Reverse Engineering on Android](https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md)
================================================
FILE: apkx
================================================
#!/usr/bin/python
#
# apkx -- A Python wrapper for popular dex converters and Java decompilers.
# Because nobody likes messing with Java classpaths & jar command lines.
# v0.9.2
#
# Author: Bernhard Mueller
# This file is part of the OWASP Mobile Testing Guide (https://github.com/OWASP/owasp-mstg)
#
# See also:
#
# Dex2jar - https://github.com/pxb1988/dex2jar
# CFR - http://www.benf.org/other/cfr/
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, version 3.
import os
import sys
import subprocess
import zipfile
import re
import argparse
cwd = os.path.dirname(os.path.realpath(__file__))
FNULL = open(os.devnull, 'w')
def convert(converter, lib_path, ext_path, infile, outfile):
if (converter == 'dex2jar'):
subprocess.call(['java', '-Xms512m', '-Xmx1024m', '-cp', lib_path, 'com.googlecode.dex2jar.tools.Dex2jarCmd', ext_path + '/' + infile, '-o', ext_path + '/' + outfile, '-f'])
elif (converter == 'enjarify'):
subprocess.call([cwd + '/enjarify.pex', ext_path + '/' + infile, '-o', ext_path + '/' + outfile, '--force'])
def decompile(decompiler, lib_path, ext_path, jar_filename):
if (decompiler == 'cfr'):
subprocess.call(['java','-Xms512m', '-Xmx1024m', '-cp', lib_path, 'org.benf.cfr.reader.Main', ext_path + '/' + jar_filename, '--outputdir', src_path, '--caseinsensitivefs', 'true', '--silent', 'true'], stdout=FNULL)
elif (decompiler == 'procyon'):
subprocess.call(['java','-Xms512m', '-Xmx1024m', '-cp', lib_path, 'com.strobel.decompiler.DecompilerDriver', '-jar', ext_path + '/' + jar_filename, '--o', src_path], stdout=FNULL)
'''
====== Main ======
'''
parser = argparse.ArgumentParser(description='Decompile an Android APK archive.')
parser.add_argument('-c', '--converter', help='Dex to jar conversion method (default: dex2jar)', choices=['dex2jar','enjarify'], default = "dex2jar")
parser.add_argument('-d', '--decompiler', help='Decompiler backend to use (default: cfr)', choices=['cfr','procyon'], default = "cfr")
parser.add_argument('apkfile', help='File to decompile')
args = parser.parse_args()
'''
Unzip the application package.
'''
ext_path = os.path.splitext(os.path.basename(args.apkfile))[0]
src_path = ext_path + "/src"
lib_path = cwd + "/apkx-libs.jar"
print("Extracting " + args.apkfile + " to " + ext_path)
try:
zip_ref = zipfile.ZipFile(args.apkfile, 'r')
zip_ref.extractall(ext_path)
zip_ref.close()
except IOError as e:
print("Error extracting apk: " + str(e))
sys.exit(0)
'''
Iterate over all .dex files
'''
for root, dirs, files in os.walk(ext_path):
for file in files:
if file.endswith((".dex")):
jar_filename = os.path.splitext(file)[0] + ".jar"
print('Converting: ' + file + ' -> ' + jar_filename + ' (' + args.converter + ')')
'''
Conversion Step
'''
try:
convert(args.converter, lib_path, ext_path, file, jar_filename)
except Exception as e:
print('Error converting dex to jar:'+ str(e))
next
'''
Decompilation Step
'''
print("Decompiling to " + src_path + ' (' + args.decompiler + ')')
try:
decompile(args.decompiler, lib_path, ext_path, jar_filename)
except Exception as e:
print('Error decompiling:' + str(e))
================================================
FILE: install.sh
================================================
#!/bin/bash
if [[ $EUID > 0 ]]; then
echo "The installation script needs to be run as root."
exit 1
else
cp apkx apkx-libs.jar enjarify.pex /usr/local/bin
chmod 755 /usr/local/bin/apkx /usr/local/bin/enjarify.pex
fi