When analysing an Android application, the minified and/or obfuscated code needs to be refactored in order for it to make sense. AndroidProjectCreator combines known open-source tools (JD-CMD, part of JD-GUI, Fernflower, JAD-X, Dex2Jar and APKTool) together with the power the Android Studio IDE to allow the analyst to use the combined advantages.
One can download the JAR file from this Github repository.
How does AndroidProjectCreator work?
AndroidProjectCreator converts the APK to an Android Studio project. More details about this process can be found in this blog. Below, multiple advantages are given as well as some disadvantages in comparison to paid tools.
Written in Java 8, AndroidProjectCreator is cross platform and cross architecture. It has been tested on Windows 10, Ubuntu 18.04 and MacOS Mojave but should work on all recent versions of Windows, MacOS and Linux distributions.
The GUI is visualised within the IDE using the decoded XML file. This instantly provides valuable insight which is not present in paid tools.
Garbage code removal
Upon analysing a sample with lots of useless code, one can simply remove the unwanted code and save the Java files using the IDE. This way, a clean decompiled sample can be used.
Interactive usage of the manifest
Within the manifest, the declared classes can be instantly visited by jumping to the declaration of the class. This makes navigating based on the manifest’s declarations easier and faster.
All information in one place
The manifest, Java code, SMALI code, libraries, assets and resources are bundled within a single Android Studio project file. This way, all required files are quickly available during the analysis, without the need for tooling after the conversion has already taken place.
Fix decompiler mistakes
Code can be edited within Android Studio. This means that wrongly compiled code can manually be changed into the correct code. Comments can also be added in the way the analyst prefers, either using a comment block or a single line, as is shown below.
/** * This is a comment block */ //This is single line comment
Inspect Android’s code base
The value corresponding with an enumeration can easily be found by jumping to the declaration within Android’s code base.
Plug-ins can be used to execute custom scrips. Additionally, existing plug-ins can be used to perform certain actions.
Android Studio is being updated whenever the Android OS is updated, meaning that the IDE is never too old to handle new code (if it is updated).
Automated parallel conversion
AndroidProjectCreator’s temporary folder contains all files of all running instances. Each instance has its own directory which is equal to a GUID. This way, an unlimited amount of instances can be started as long as the system has disk space and RAM left.
Alas, the quality of the decompiled code is not always without mistakes. In general it works properly, but using a better decompiler would help with the analysis. In order to also support those who have a JEB license, this tool will also be supported in a future update.
Before installing AndroidProjectCreator, one should have installed the following tools:
- Java 8 Runtime Environment (open JRE works fine)
- Java 8 Development Kit (open JDK8 works fine)
- The JAVA_HOME variable should exist and point towards the Java 8 JDK folder
On Debian based systems, the following command installs all prerequisites:
sudo apt-get install openjdk-8-jre openjdk-8-jdk maven
To compile AndroidProjectCreator from the source files, one should use the following command in the terminal when the current working directory is within the root folder of the project:
mvn clean compile assembly:single
After the installation, the JAR can be found within the target folder, which is located in the root of the project folder.
To install AndroidProjectCreator, one must have a working internet connection. After that, simply run the JAR with the -install flag, an example is given below.
java -jar ./AndroidProjectCreator.jar -install
This will take a while, depending on the speed of both your internet and your machine. When the installation is done, the usage information is displayed.
Currently, the update mechanism simply removes the installed programs and runs the installation again, including downloading the repositories. In a future update, this method will be improved by leaving the repositories on the system and simply pulling new updates.
Decompling APK files
To decompile, the -decompile flags has to be given, together with the decompiler which should be used. The currently included decompilers are Fernflower, JD-CMD and JAD-X. Additionally, one should provide the path to the APK, as well as a path where the Android Studio project should be placed.
Note that the current directory of the terminal/command prompt is used when a relative path is used, regardless where the JAR is placed on the system. This allows AndroidProjectCreator to be placed in a folder which is referenced in the ~/.bash_aliases or within the system variable PATH (depending on your operating system), whilst the output of the project is saved as ./output. An example is given below.
libra@laptop:~/Documents$ java -jar AndroidProjectCreator.jar -decompile fernflower ~/samples/sms-stealer/sample.apk ./sms-stealer-fernflower
Note that the decompiler flag is case insensitive but the file locations might be, based on your operating system.
How to configure Android Studio?
The IDE is not perfectly set-up by default to be used this way, hence the reason for a couple of adjustments before one should start the analysis. Not all of these are necessarily only for analysing an application, as some are also required during the development of an application.
If there is no matching version of the build-tools present for the Android API that is specified within the Android Manifest, an error will be given. Simply let Android Studio download the missing files and the problem is resolved.
To properly refactor code, one should alter the default refactor settings. Use the refactor hotkey twice on the same variable to open the settings screen. Twice on the same variable means to press the hotkey twice without doing anything else in between. Then, make sure only the only check boxes which are selected are Rename variables and Rename inheritors. Selecting other check boxes will result in incorrect results.
Errors during the Gradle build process are expected since Android Studio is dealing with decompiled code. Android Studio only needs to process the project in such a way, that the execution of plug-ins is possible, together with the ability to refactor code. An error during the Build -> Run Build -> Run Tasks part is common. Let the indexing of Android Studio finish and see if the functionality works. In case it does not, another decompiler can be used. If none of the decompilers works, the problem might be with the system Android Studio is running on instead of the program.
How to contribute to AndroidProjectCreator?
Using this Github repository, pull requests can be made. If you find an issue or have a suggestion, an issue can be filed. To contact me outside Github, please use any of the options that are given at the bottom of this page.
In the future, multiple additional features will be added to AndroidProjectCreator. The updates that are currently planned, are listed below in no apparent order.
- Support multiple DEX files within the APK
- Support to merge multiple DEX files
- Implement a working update mechanism which includes keeping the repositories after the installation
- Creating an UML diagram based on the code to speed up the analysis
- Include support for JEB (paid) as decompiler
In the list below, all changes are kept together with the release date of the given version.
1.1-stable [4th of January 2019]
List of features
- Added the prebuilt CFR decompiler
- Added the prebuilt Procyon decompiler
- Added functionality to save and copy the SMALI files into the resources folder of the project
- Added functionality to save and copy assets of the APK into the resources folder of the project
- Improved feedback to the user upon handling incorrect parameters
- Improved code quality of the project
- Added an additional parameter to APKTool (“-k”) to also parse broken resources
1.0-stable [7th of December 2018]
List of features
- Multiple platform support for Windows, MacOS and Linux distributions
- Supports JD-CMD, JAD-X and Fernflower as decompilers
- Uses Dex2Jar and APKTool to convert the APK to the required formats
- Uses the empty project template version 1.0-stable, which is located here