Last modified: 2022-12-30
The Android Package with the file extension apk is the file format used by the Android operating system, and a number of other Android-based operating systems for distribution and installation of mobile apps, mobile games and middleware.
You can retrieve "classes.dex".
unzip example.apk -d ./Example
Now you can observe files.
For React Native, it may contain the sensitive information in the bundle file.
You can retrieve JAR file.
JD-GUI is a JAVA decompiler tool. It reveals class in the JAR file.
# Decode APK file apktool d example.apk -o ./example ghidra
An open-source mobile threat intelligence platform.
MobSF (Mobile Security Framework) is an automated all-in-one mobile application pentesting, malware analysis framework capable of static and dynamic analysis.
If you pentest on virtual devices, you need to install some emulator as below.
(printf "\x1f\x8b\x08\x00\x00\x00\x00\x00" ; tail -n +5 sample.ab) | tar -xvz