{"id":2097,"date":"2021-11-29T16:14:42","date_gmt":"2021-11-29T15:14:42","guid":{"rendered":"https:\/\/blog.kodono.info\/wordpress\/?p=2097"},"modified":"2023-12-08T11:26:38","modified_gmt":"2023-12-08T10:26:38","slug":"debug-a-third-party-android-apk","status":"publish","type":"post","link":"https:\/\/blog.kodono.info\/wordpress\/2021\/11\/29\/debug-a-third-party-android-apk\/","title":{"rendered":"Debug a third party Android APK"},"content":{"rendered":"

(inspired by this blog post<\/a>)<\/p>\n

1) Install smalidea plugin<\/h2>\n

Download the smalidea plugin<\/a> (see also the related Github Repository<\/a>).<\/p>\n

Open up Android Studio<\/a> and you should see the welcome screen like the one on screenshot below (if not, close your current project by selecting File -> Close project<\/code>), go to the Plugins<\/code> section, and from the wheel icon, select Install Plugin from Disk...<\/code>. Select the smalidea plugin (ZIP file) you downloaded.
\n\"Android<\/p>\n

2) Get the third party APK<\/h2>\n

You first need to know the type of platform<\/strong> where you’ll do your debug tests. To do so, make sure your device is connected to your computer<\/b> (it could also be a virtual device started from the AVD Manager) with adb devices<\/code>.
\nThen, use the command adb shell getprop ro.product.cpu.abi<\/code> to find the type of processor you have. When I use my phone, I got arm64-v8a<\/b>.<\/p>\n

Go to an APK platform, like https:\/\/apkcombo.com\/<\/a> and search for the Android app you want to debug. Download the APK version<\/b> that fits to the type you found before:
\n\"screenshot<\/p>\n

2bis) Have a look at the APK content<\/h2>\n

You can use JADX<\/a> to open the APK and have a quick look at the code.<\/p>\n

3) Decompile APK<\/h2>\n

With APKTool<\/a>, we’ll use the command: .\\apktool.bat d \".\\the_original_app_from_apkcombo.com.apk\" -o app_to_debug<\/code>.
\nA folder called app_to_debug<\/b> is created with the decompiled version of the application.<\/p>\n

Next, we need to copy the source files: create a folder called “src”<\/b> in the new app_to_debug<\/b> folder, and type cp -R smali*\/* src\/<\/code>.<\/p>\n

4) Import project in Android Studio<\/h2>\n

Open an existing Android Studio project<\/b> and select the app_to_debug<\/code> folder where you unpacked APK.<\/p>\n

Once the project loads, you need to tell the IDE where is your source code. Make sure you’re using the “Project view” in the left side panel:
\n\"\"<\/p>\n

Now you can see folder structure in your left panel. Find src\/<\/code> subfolder right click it and select Mark Directory as -> Sources Root<\/code>.<\/p>\n

5) Prepare App for Debugging<\/h2>\n

Open AndroidManifest.xml<\/code> from the app_to_debug<\/code> and find the XML element <application><\/code>. Add the attribute android:debuggable<\/code> with value “true”<\/b>. Example:<\/p>\n

\r\n<application android:debuggable=\"true\" android:allowBackup=\"true\" android:icon=\"@mipmap\/ic_launcher\" android:label=\"@string\/app_name\" android:largeHeap=\"true\" android:name=\"org.horaapps.leafpic.App\" android:theme=\"@style\/Theme.AppCompat\">\r\n<\/pre>\n
6) Repack to APK<\/h2>\n
You can now repack to APK with the command .\\apktool.bat b -d \".\\app_to_debug\\\" -o app_unsigned.apk<\/code><\/p>\n
7) Sign the APK<\/h2>\n
7a) Create a keystore<\/h3>\n
You first need a keystore using keytool<\/a> and type the below command:
\nkeytool -genkeypair -v -keystore mykey.keystore -alias mykey -keyalg RSA -keysize 2048 -validity 10000<\/code><\/p>\n
Several questions you’ll be asked, as well as a password. Make sure to remember the password for later.<\/p>\n
7b) Validate the APK<\/h3>\n
You then need zipalign<\/code> that can be found in the Android SDK folder (e.g. C:\\Users\\USERNAME\\AppData\\Local\\Android\\Sdk\\build-tools\\31.0.0\\zipalign.exe<\/em>) to validate your APK:
\n.\\Path\\to\\Android\\Sdk\\build-tools\\31.0.0\\zipalign.exe -f -v 4 .\\app_unsigned.apk .\\app_ready.apk<\/code><\/p>\n
7c) Sign the APK<\/h3>\n
Finally you can sign the new created APK with apksigner<\/code>:
\n.\\Path\\to\\Android\\Sdk\\build-tools\\31.0.0\\apksigner.bat sign --ks .\\mykey.keystore --ks-key-alias app_to_debug --out .\\app_signed.apk .\\app_ready.apk<\/code><\/p>\n
8) Install the APK<\/h2>\n
You can install it using adb install app_signed.apk<\/code><\/p>\n
9) Prepare the host<\/h2>\n
On your Android device, go to Settings -> Developer options<\/code> and set USB debugging<\/code> and Wait for debugger options on<\/code>. The latter is optional but useful as it allows you wait for debugger connection and not to run app yet.<\/p>\n
Finally, you should tap on Select debug app<\/code> and choose the app you just installed. After all of these, your Developer options menu should look somewhat like this:
\n\"\"<\/p>\n
Now, launch the app<\/b> on the Android device, and you’ll get the below message:
\n\"\"<\/p>\n
10) Forward debugger port<\/h2>\n
You can use the adb’s port forwarding feature and forward JDWP service where application’s debug interface is listening.<\/p>\n
Find the JDWP port with the command adb jdwp<\/code>, then use this port with the command:
\nadb forward tcp:5005 jdwp:JDWP_PORT<\/code><\/p>\n
11) Connect Debugger<\/h2>\n
Go to Android Studio and from its top menu bar choose Run -> Debug\u2026<\/code>, then a small message appears with one unique option that is Edit Configurations...<\/code>. There, in the window, use a plus (+) button at the opt left, and add a new configuration of type Remote<\/b>. Leave the default configuration as is. Click the Debug button and your app should be running with the attached debugger which means it will stop once a breakpoint is hit and you can investigate the content of app’s variables.<\/p>\n","protected":false},"excerpt":{"rendered":"
(inspired by this blog post) 1) Install smalidea plugin Download the smalidea plugin (see also the related Github Repository). Open up Android Studio and you should see the welcome screen like the one on screenshot below (if not, close your current project by selecting File -> Close project), go to the Plugins section, and from […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_coblocks_attr":"","_coblocks_dimensions":"","_coblocks_responsive_height":"","_coblocks_accordion_ie_support":"","hide_page_title":"","footnotes":""},"categories":[98,23,170,20],"tags":[99,156,123,155],"class_list":["post-2097","post","type-post","status-publish","format-standard","hentry","category-android","category-debug","category-english","category-niveau-expert","tag-android-2","tag-debug","tag-english","tag-niveau-expert"],"_links":{"self":[{"href":"https:\/\/blog.kodono.info\/wordpress\/wp-json\/wp\/v2\/posts\/2097","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.kodono.info\/wordpress\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.kodono.info\/wordpress\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.kodono.info\/wordpress\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.kodono.info\/wordpress\/wp-json\/wp\/v2\/comments?post=2097"}],"version-history":[{"count":20,"href":"https:\/\/blog.kodono.info\/wordpress\/wp-json\/wp\/v2\/posts\/2097\/revisions"}],"predecessor-version":[{"id":2273,"href":"https:\/\/blog.kodono.info\/wordpress\/wp-json\/wp\/v2\/posts\/2097\/revisions\/2273"}],"wp:attachment":[{"href":"https:\/\/blog.kodono.info\/wordpress\/wp-json\/wp\/v2\/media?parent=2097"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.kodono.info\/wordpress\/wp-json\/wp\/v2\/categories?post=2097"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.kodono.info\/wordpress\/wp-json\/wp\/v2\/tags?post=2097"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}