apkx - Android APK Decompilation for the Lazy

A Python wrapper to popular free dex converters and Java decompilers. Extracts Java source code directly from the APK. Useful for experimenting with different converters/decompilers without having to worry about classpath settings and command line args.

Installation

$ git clone https://github.com/b-mueller/apkx
$ cd apkx
$ sudo ./install.sh

Notes:

• JRE needs to be installed and in PATH
• enjarify requires Python 3

Usage

Pass the APK filename on the command line:

$ apkx HelloWorld.apk 
Extracting HelloWord.apk to HelloWord
Converting: classes.dex -> classes.jar (dex2jar)
dex2jar HelloWord/classes.dex -> HelloWord/classes.jar
Decompiling to HelloWord/src (cfr)

The default combination of converter and decompiler is dex2jar and cfr. Use the -c and -d flags to change this. E.g.:

$ apkx -c enjarify -d procyon HelloWorld.apk

To get help, run:

$ apkx -h

Tools

This script integrates the following tools:

• Procyon by Mike Strobel - Apache License Version 2.0
• CFR by Lee Benfield - MIT License
• dex2jar by Bob Pan - Apache License Version 2.0
• enjarify by Storyyeller - Apache License Version 2.0

About

This script accompanies the OWASP Mobile Security Testing Guide. For further instructions and usage examples, see also:

• Tampering and Reverse Engineering on Android
• Testing Resiliency Against Reverse Engineering on Android