This is a quick guide to get started with Android application testing. I wont delve into details of testing, but instead cover what is necessary to do in order to get started. The topics I go through are:
- Get a hold of an Android device through emulation or physical device
- Find and download the APK you want to test
- Decompile the APK
- Sign, Build and Install the updated APK
Find a suitable Android device
First, get ahold of a suitable Android device emulator, e.g. using the Android SDK or a commercial product such as Genymotion, Alternatively, set your device to USB debugging and connect your phone with a USB cable.
Get a hold of the APK
You need the APK file you want to attack. Normally developers have multiple ways of allowing you access to the APK file, however if it is located on the Android Play store, install it to your device, then pull the APK file with ADB.
Locate your package using ADB
Use the packet manager to list all packages on your device.
C:\Users\Chris>adb shell pm list packagespackage:com.dropbox.android package:com.augmentra.viewranger.android package:com.motorola.android.buacontactadapter package:com.google.android.apps.cloudprint package:com.android.musicfx package:no.securesolutions.pentest package:com.google.android.apps.docs package:com.google.android.apps.maps package:com.google.android.apps.plus package:com.android.cellbroadcastreceiver package:com.google.android.webview
Then figure out its path on the device
Use the packet manager to locat the path of the installed package.
C:\Users\Chris>adb shell pm path no.securesolutions.pentest package:/data/app/no.securesolutions.pentest-1/base.apk
Pull the file from the device onto your workstation
Use adb pull a long with the path of the APK you discovered in the last step.
C:\Users\Chris>adb pull /data/app/no.securesolutions.pentest-1/base.apk 2084 KB/s (3640905 bytes in 1.706s)
Decompile the APK
Grab apktool to easily decompile th APK into its different parts.
C:\Users\Chris>apktool d base.apk
This will give us a directory tree containing assets, smali code, resources and manifests. You can also open up the APK with a zip viewer, e.g. 7zip and view and extract the contents.
Dalvik Excutable into Java
The APK is essentially only a compressed container. You can open it up in e.g. 7zip and review its files. One of the files is a dex file, a Dalvik Executionable, which is essentially the compiled Android application. This file can b decompiled into Java code using dex2jar.
C:\Users\Chris>dex2jar-2.0\d2j-dex2jar.bat base.apk dex2jar base.apk -> .\base-dex2jar.jar
The Dalvik Executable has now been converted into a Java JAR container. This can be further disassembled and inspected by a tool such as jd-gui.
Create keystore, build, sign, uninstall and deploy
Once you have made the necessary modifications to the source code, either through modifying e.g. assets or smali, you are now ready to deploy the modified application.
Create a keystore
C:\Users\Chris>mkdir keys C:\Users\Chris>"C:\Program Files\Java\jdk1.8.0_45\bin\keytool.exe" -genkey -v -keystore keys/base.keystore -alias base -keyalg RSA -keysize 1024 -sigalg SHA1withRSA -validity 10000
Build the modified code back into APK
This will create a release folder containing the updated APK.
C:\Users\Chris>apktool b android-release
Sign the updated APK
C:\Users\Chris>"C:\Program Files\Java\jdk1.8.0_45\bin\jarsigner.exe" -keystore keys\base.keystore base\dist\base.apk -sigalg SHA1withRSA -digestalg SHA1 base
Uninstall the APK from the device to allow for reinstall
C:\Users\Chris>adb uninstall no.securesolutions.pentest
Install the updated APK
C:\Users\Chris>adb install base\dist\base.apk
Put it all together
The above commands can get tedius to write over and over when making small modifications to your APK. Instead pull them all together into one single line of command as this (commands after the keystore has been created):
C:\Users\Chris>apktool b android-release & "C:\Program Files\Java\jdk1.8.0_45\bin\jarsigner.exe" -keystore keys\base.keystore base\dist\base.apk -sigalg SHA1withRSA -digestalg SHA1 base & adb uninstall no.securesolutions.pentest & adb install base\dist\base.apk