Android Pentesting

Last modified: 2022-12-30

Malware Mobile Reverse Engineering

The Android Package with the file extension apk is the file format used by the Android operating system, and a number of other Android-based operating systems for distribution and installation of mobile apps, mobile games and middleware.

APK Analysis

1. Extract APK File to DEX File

You can retrieve "classes.dex".

unzip example.apk -d ./Example

Now you can observe files.
For React Native, it may contain the sensitive information in the bundle file.

strings assets/

2. Convert DEX to JAR

You can retrieve JAR file.

d2j-dex2jar classes.dex

3. Observation

JD-GUI is a JAVA decompiler tool. It reveals class in the JAR file.
Open JD-GUI.


Static Analysis

# Decode APK file
apktool d example.apk -o ./example

  • Pithus

    An open-source mobile threat intelligence platform.

  • MobSF

    MobSF (Mobile Security Framework) is an automated all-in-one mobile application pentesting, malware analysis framework capable of static and dynamic analysis.

Dynamic Analysis

If you pentest on virtual devices, you need to install some emulator as below.

Android Backup (.ab)


(printf "\x1f\x8b\x08\x00\x00\x00\x00\x00" ; tail -n +5 sample.ab) | tar -xvz