MAC上反编译android apk---apktool, dex2jar, jd-jui安装使用(含手动签名)

来源：互联网发布：淘宝ipad货源编辑：程序博客网时间：2024/04/29 14:27

原文地址：http://blog.csdn.net/yanzi1225627/article/details/48215549

前文介绍了在Windows平台利用强大的APK-Multi-Tool进行反编译apk，修改smali源码后再回编译成apk的流程，最近受人之托，破解个apk，所幸的是所用到的这三个软件都是跨平台的，mac上也妥妥的。这里记录下在mac上所用的东西和流程。
总共需要三个软件，为了便于找到最新的版本，把官网也放后面：

Apktool：http://ibotpeaches.github.io/Apktool/install/ 最新版本2.0.1
dex2jar: https://github.com/pxb1988/dex2jar 最新版本2.0
JD-GUI: http://jd.benow.ca/ 最新版本1.4.0
这三个软件Apktool的安装稍微麻烦点，其他都还好，基本上下载下来解压了就能用。

MAC上Apktool的安装

1，在官网链接里找到如下所示：
这里写图片描述
基本上按照上面的6个步骤就ok了。第一步是下载一个shell脚本，保存的名字就是”apktool”,不要带.sh后缀。可以复制到sublimetext，然后保存下。
2，下载最新的apktool-2，在bitbucket上：

3，将所下载的jar文件改名为”apktool.jar”
4,将shell脚本”apktool”和”apktool.jar”放到 “/usr/local/bin”目录下
5,增加这两个文件可执行权限，chmod a+x file
6,执行shell apktool就ok了。
安装完毕后可以运行apktool -v查看版本信息：

<code class="hljs haml has-numbering" style="display: block; padding: 0px; color: inherit; box-sizing: border-box; font-family: 'Source Code Pro', monospace;font-size:undefined; white-space: pre; border-radius: 0px; word-wrap: normal; background: transparent;">Apktool v2.0.1 - a tool for reengineering Android apk fileswith smali v2.0.6 and baksmali v2.0.6Copyright 2014 Ryszard Wiśniewski <brut.alll@gmail.com>Updated by Connor Tumbleson <connor.tumbleson@gmail.com>usage: apktool -<span class="ruby" style="box-sizing: border-box;">advance,--advanced   prints advance information.</span> -<span class="ruby" style="box-sizing: border-box;">version,--version    prints the version <span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">then</span> exits</span>usage: apktool if|install-framework [options] <framework.apk> -<span class="ruby" style="box-sizing: border-box;">p,--frame-path <dir>   <span class="hljs-constant" style="box-sizing: border-box;">Stores</span> framework files into <dir>.</span> -<span class="ruby" style="box-sizing: border-box;">t,--tag <tag>          <span class="hljs-constant" style="box-sizing: border-box;">Tag</span> frameworks using <tag>.</span>usage: apktool d[ecode] [options] <file_apk> -<span class="ruby" style="box-sizing: border-box;">f,--force              <span class="hljs-constant" style="box-sizing: border-box;">Force</span> delete destination directory.</span> -<span class="ruby" style="box-sizing: border-box;">o,--output <dir>       <span class="hljs-constant" style="box-sizing: border-box;">The</span> name of folder that gets written. <span class="hljs-constant" style="box-sizing: border-box;">Default</span> is apk.out</span> -<span class="ruby" style="box-sizing: border-box;">p,--frame-path <dir>   <span class="hljs-constant" style="box-sizing: border-box;">Uses</span> framework files located <span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">in</span> <dir>.</span> -<span class="ruby" style="box-sizing: border-box;">r,--no-res             <span class="hljs-constant" style="box-sizing: border-box;">Do</span> <span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">not</span> decode resources.</span> -<span class="ruby" style="box-sizing: border-box;">s,--no-src             <span class="hljs-constant" style="box-sizing: border-box;">Do</span> <span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">not</span> decode sources.</span> -<span class="ruby" style="box-sizing: border-box;">t,--frame-tag <tag>    <span class="hljs-constant" style="box-sizing: border-box;">Uses</span> framework files tagged by <tag>.</span>usage: apktool b[uild] [options] <app_path> -<span class="ruby" style="box-sizing: border-box;">f,--force-all          <span class="hljs-constant" style="box-sizing: border-box;">Skip</span> changes detection <span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">and</span> build all files.</span> -<span class="ruby" style="box-sizing: border-box;">o,--output <dir>       <span class="hljs-constant" style="box-sizing: border-box;">The</span> name of apk that gets written. <span class="hljs-constant" style="box-sizing: border-box;">Default</span> is dist/name.apk</span> -<span class="ruby" style="box-sizing: border-box;">p,--frame-path <dir>   <span class="hljs-constant" style="box-sizing: border-box;">Uses</span> framework files located <span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">in</span> <dir>.</span>For additional info, see: http://ibotpeaches.github.io/Apktool/ For smali/baksmali info, see: http://code.google.com/p/smali/</code><ul class="pre-numbering" style="box-sizing: border-box; position: absolute; width: 50px; top: 0px; left: 0px; margin: 0px; padding: 6px 0px 40px; border-right-width: 1px; border-right-style: solid; border-right-color: rgb(221, 221, 221); list-style: none; text-align: right; background-color: rgb(238, 238, 238);"><li style="box-sizing: border-box; padding: 0px 5px;">1</li><li style="box-sizing: border-box; padding: 0px 5px;">2</li><li style="box-sizing: border-box; padding: 0px 5px;">3</li><li style="box-sizing: border-box; padding: 0px 5px;">4</li><li style="box-sizing: border-box; padding: 0px 5px;">5</li><li style="box-sizing: border-box; padding: 0px 5px;">6</li><li style="box-sizing: border-box; padding: 0px 5px;">7</li><li style="box-sizing: border-box; padding: 0px 5px;">8</li><li style="box-sizing: border-box; padding: 0px 5px;">9</li><li style="box-sizing: border-box; padding: 0px 5px;">10</li><li style="box-sizing: border-box; padding: 0px 5px;">11</li><li style="box-sizing: border-box; padding: 0px 5px;">12</li><li style="box-sizing: border-box; padding: 0px 5px;">13</li><li style="box-sizing: border-box; padding: 0px 5px;">14</li><li style="box-sizing: border-box; padding: 0px 5px;">15</li><li style="box-sizing: border-box; padding: 0px 5px;">16</li><li style="box-sizing: border-box; padding: 0px 5px;">17</li><li style="box-sizing: border-box; padding: 0px 5px;">18</li><li style="box-sizing: border-box; padding: 0px 5px;">19</li><li style="box-sizing: border-box; padding: 0px 5px;">20</li><li style="box-sizing: border-box; padding: 0px 5px;">21</li><li style="box-sizing: border-box; padding: 0px 5px;">22</li><li style="box-sizing: border-box; padding: 0px 5px;">23</li><li style="box-sizing: border-box; padding: 0px 5px;">24</li><li style="box-sizing: border-box; padding: 0px 5px;">25</li></ul>

dex2jar和JD-GUI的安装

这两个直接下载，然后解压缩就ok：
这里写图片描述

软件的安装就说到这，下面就是破解的过程了。为了检测下是否能破解，我们先用Apktool反编译，免得我们最后一场空。（只有Apktool能反编译／回编译，我们的破解才有意义）。
1，新建个apk文件夹，将待破译的apk放进去，之后进到这个目录运行命令: apktool d hongbao.apk
这里写图片描述

<code class="hljs mathematica has-numbering" style="display: block; padding: 0px; color: inherit; box-sizing: border-box; font-family: 'Source Code Pro', monospace;font-size:undefined; white-space: pre; border-radius: 0px; word-wrap: normal; background: transparent;">yanzideMacBook-Pro:apk yanzi$ apktool d hongbao.apk <span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">I</span>: <span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">Using</span> Apktool <span class="hljs-number" style="color: rgb(0, 102, 102); box-sizing: border-box;">2.0</span><span class="hljs-number" style="color: rgb(0, 102, 102); box-sizing: border-box;">.1</span> on hongbao.apk<span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">I</span>: Loading resource table...<span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">I</span>: Decoding AndroidManifest.xml with resources...<span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">I</span>: Loading resource table from file: /Users/yanzi/Library/apktool/framework/<span class="hljs-number" style="color: rgb(0, 102, 102); box-sizing: border-box;">1.</span>apk<span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">I</span>: Regular manifest package...<span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">I</span>: Decoding file-resources...<span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">I</span>: Decoding values */* XMLs...<span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">I</span>: Baksmaling classes.dex...<span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">I</span>: Copying assets and libs...<span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">I</span>: Copying unknown files...<span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">I</span>: Copying original files...</code><ul class="pre-numbering" style="box-sizing: border-box; position: absolute; width: 50px; top: 0px; left: 0px; margin: 0px; padding: 6px 0px 40px; border-right-width: 1px; border-right-style: solid; border-right-color: rgb(221, 221, 221); list-style: none; text-align: right; background-color: rgb(238, 238, 238);"><li style="box-sizing: border-box; padding: 0px 5px;">1</li><li style="box-sizing: border-box; padding: 0px 5px;">2</li><li style="box-sizing: border-box; padding: 0px 5px;">3</li><li style="box-sizing: border-box; padding: 0px 5px;">4</li><li style="box-sizing: border-box; padding: 0px 5px;">5</li><li style="box-sizing: border-box; padding: 0px 5px;">6</li><li style="box-sizing: border-box; padding: 0px 5px;">7</li><li style="box-sizing: border-box; padding: 0px 5px;">8</li><li style="box-sizing: border-box; padding: 0px 5px;">9</li><li style="box-sizing: border-box; padding: 0px 5px;">10</li><li style="box-sizing: border-box; padding: 0px 5px;">11</li><li style="box-sizing: border-box; padding: 0px 5px;">12</li></ul>

目录如下：
这里写图片描述
之后再运行命令回编译apk：
apktool b hongbao (hongbao 就是反编译出来的文件夹)

<code class="hljs mathematica has-numbering" style="display: block; padding: 0px; color: inherit; box-sizing: border-box; font-family: 'Source Code Pro', monospace;font-size:undefined; white-space: pre; border-radius: 0px; word-wrap: normal; background: transparent;">yanzideMacBook-Pro:apk yanzi$ apktool b hongbao<span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">I</span>: <span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">Using</span> Apktool <span class="hljs-number" style="color: rgb(0, 102, 102); box-sizing: border-box;">2.0</span><span class="hljs-number" style="color: rgb(0, 102, 102); box-sizing: border-box;">.1</span><span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">I</span>: Checking whether sources has changed...<span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">I</span>: Smaling smali folder into classes.dex...<span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">I</span>: Checking whether resources has changed...<span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">I</span>: Building resources...<span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">I</span>: Building apk file...</code><ul class="pre-numbering" style="box-sizing: border-box; position: absolute; width: 50px; top: 0px; left: 0px; margin: 0px; padding: 6px 0px 40px; border-right-width: 1px; border-right-style: solid; border-right-color: rgb(221, 221, 221); list-style: none; text-align: right; background-color: rgb(238, 238, 238);"><li style="box-sizing: border-box; padding: 0px 5px;">1</li><li style="box-sizing: border-box; padding: 0px 5px;">2</li><li style="box-sizing: border-box; padding: 0px 5px;">3</li><li style="box-sizing: border-box; padding: 0px 5px;">4</li><li style="box-sizing: border-box; padding: 0px 5px;">5</li><li style="box-sizing: border-box; padding: 0px 5px;">6</li><li style="box-sizing: border-box; padding: 0px 5px;">7</li></ul>

这里写图片描述
上面的build和dist就是回编译apk过程中生成的东西，编译出来的apk在dist目录下，打开build/apk文件夹会发现少了original文件夹下的META-INF文件夹：

也就意味着dist里的apk文件是没有签名的，这个稍后再谈。
2，我们要用dex2jar将apk转成jar文件，实质是将apk里的classes.dex转成jar。将dex2jar里的d2j_invoke.sh／d2j-dex2jar.sh增加可执行权限。然后进到dex2jar这个文件夹下运行:
./d2j-dex2jar.sh /Users/yanzi/apk/hongbao.apk
得到hongbao-dex2jar.jar文件。
3，打开JD-GUI，将hongbao-dex2jar.jar拖进去就看到源码了。
通过看java源码对比smali文件，修改后回编译就ok了！

如何手动给apk增加签名?

回编译后的apk是安装不成功的，总是提示
Failure [INSTALL_PARSE_FAILED_UNEXPECTED_EXCEPTION]
实质是没签名。
1，生成签名:

<code class="hljs lasso has-numbering" style="display: block; padding: 0px; color: inherit; box-sizing: border-box; font-family: 'Source Code Pro', monospace;font-size:undefined; white-space: pre; border-radius: 0px; word-wrap: normal; background: transparent;">keytool <span class="hljs-attribute" style="box-sizing: border-box;">-genkey</span> <span class="hljs-attribute" style="box-sizing: border-box;">-keystore</span> hongbao<span class="hljs-built_in" style="color: rgb(102, 0, 102); box-sizing: border-box;">.</span>keystore <span class="hljs-attribute" style="box-sizing: border-box;">-keyalg</span> RSA <span class="hljs-attribute" style="box-sizing: border-box;">-validity</span> <span class="hljs-number" style="color: rgb(0, 102, 102); box-sizing: border-box;">10000</span> <span class="hljs-attribute" style="box-sizing: border-box;">-alias</span> hongbao</code><ul class="pre-numbering" style="box-sizing: border-box; position: absolute; width: 50px; top: 0px; left: 0px; margin: 0px; padding: 6px 0px 40px; border-right-width: 1px; border-right-style: solid; border-right-color: rgb(221, 221, 221); list-style: none; text-align: right; background-color: rgb(238, 238, 238);"><li style="box-sizing: border-box; padding: 0px 5px;">1</li></ul>

注意：上面-keystore后面跟的是签名文件的名字，而-alias是别名，一般情况下-keystore后面跟-alias是一样的，但其实两者没有关系，这也是我故意搞成不一样的原因。
2，为apk增加签名：

<code class="hljs lasso has-numbering" style="display: block; padding: 0px; color: inherit; box-sizing: border-box; font-family: 'Source Code Pro', monospace;font-size:undefined; white-space: pre; border-radius: 0px; word-wrap: normal; background: transparent;">jarsigner <span class="hljs-attribute" style="box-sizing: border-box;">-digestalg</span> SHA1 <span class="hljs-attribute" style="box-sizing: border-box;">-sigalg</span> MD5withRSA <span class="hljs-attribute" style="box-sizing: border-box;">-tsa</span> <span class="hljs-attribute" style="box-sizing: border-box;">-verbose</span> <span class="hljs-attribute" style="box-sizing: border-box;">-keystore</span> hongbao<span class="hljs-built_in" style="color: rgb(102, 0, 102); box-sizing: border-box;">.</span>keystore <span class="hljs-attribute" style="box-sizing: border-box;">-signedjar</span> hongbao<span class="hljs-attribute" style="box-sizing: border-box;">-signed</span><span class="hljs-built_in" style="color: rgb(102, 0, 102); box-sizing: border-box;">.</span>apk hongbao<span class="hljs-built_in" style="color: rgb(102, 0, 102); box-sizing: border-box;">.</span>apk hongbao</code><ul class="pre-numbering" style="box-sizing: border-box; position: absolute; width: 50px; top: 0px; left: 0px; margin: 0px; padding: 6px 0px 40px; border-right-width: 1px; border-right-style: solid; border-right-color: rgb(221, 221, 221); list-style: none; text-align: right; background-color: rgb(238, 238, 238);"><li style="box-sizing: border-box; padding: 0px 5px;">1</li></ul>

注意：
1，最后的”hongbao”就是－alias后面带的，必须保持一致。
2，如果不带-digestalg SHA1 -sigalg MD5withRSA签名后的apk安装也是不成功的，说INSTALL_PARSE_FAILED_NO_CERTIFICATES的错误，如果不带-tsa会报一个时间方面的警告。

文中所提到的附件下载：

Apktool
dex2jar
JD-GUI

0 0