
Apktool – A tool for reverse engineering Android apk files - johninsfo
https://ibotpeaches.github.io/Apktool/
======
patcon
Good to see this on HN. I know Guardian Project and F-Droid lean on it, as
it's great for trying to sort out issue with deterministic builds

I also used it once to add log output into the resulting smali code (which was
obfuscated and I couldn't walk through easily), and repackaging that back into
an apk helped me understand the obfuscated code in the app

[https://github.com/intrepidusgroup/IGLogger](https://github.com/intrepidusgroup/IGLogger)

------
harishneit
Jadx is another great project -
[https://github.com/skylot/jadx](https://github.com/skylot/jadx)

------
CountHackulus
This tool is also great for verifying that you've built you APK correctly. I
just used it for the past week diagnosing some issues with building an APK
with Unity. It was invaluable.

------
iBotPeaches
Current maintainer here. Glad to see apktool has been of use for a good deal
of businesses.

Happy to answer any questions anyone might have.

~~~
voltagex_
There are so many tools for apk decompilation and analysis out there - lots
use apktool in the backend even. How do I as a beginner know what to use and
what to trust?

~~~
iBotPeaches
That is a tough question. I would just stick with the popular known ones out
there: smali, apktool, dex2jar, jeb, jad.

------
downandout
I've been using Apktool for years. Great work. I had to do a double-take when
I saw it on the front page though, given that it's been around for quite a
while and I thought it was a pretty standard dev tool.

------
seibelj
Many companies have built software products on top of this tool. I was heavily
involved in enterprise apps for several years. It's a great tool

~~~
616c
As a hobbyist Android geek that has done minor Android dev work, I can see the
use of the tool. But I am very curious: who is building enterprise tools on
top of it and why? I could see securiy analysts interested, but beyond that?

This is not meant to be dismissive, I am very curious. It sounds like there is
cool stuff out there I could not even dream of!

~~~
RyanZAG
There's a concept called 'app wrapping'. A generic app is decompiled, and then
the manifest and code is changed to add in some 'wrapper' code around the app.
The app can then be resigned with the enterprises certificate.

------
incepted
"Reverse engineering" makes it sound as if the .apk format is obfuscated or
protected. It's just a zip file with files inside.

It's not a reverse engineering tool any more than unzip or tar are.

~~~
iBotPeaches
Not true. You can go unzip an apk and for one resources.arsc won't be decoded,
classes.dex won't be disassembled and any xml file will be in its binary axml
format.

