As the person I follow who does reverse engineering, do you have any suggestions for finding resources on reverse engineering Android apps?
Specifically, there's an app I'm playing with, where after seeing the structure of the "export as Markdown" output I want to know what the internal structure and representation of the data is. The end goal of understanding it is to be able to add certain kinds of data dynamically, rather than up front. That's certainly doable typing in raw markdown, but being able to do it "app style" would be more convenient.
The google Play Store entry does not mention any open source licenses, or looking for the source code and hopefully a git repo or something would have been my first step.
(I'll probably need to bang together a crappy app to do what I really want regardless, but maybe this app's data structure would be more convenient than doing so with markdown.)
So, android stuff:
First you need the APK. You can do some trickery with your phone to pull it over the ADB connection if you install the android SDK, but generally I just google "app name APK" and you'll find some greymarket site that'll give you a copy.
Secondly, APKs are just ZIP files (JAR files, technically, but JAR files are also just ZIP files!). Unzip them and you can find lots of interesting stuff, often.
For disassembling/decompiling them, my go-to program is jadx. It's a java decompiler that's been around a while and can natively open APK files and decompile them. There's some weirder new APKs that it can't handle (something to do with a newer bytecode revision, I think?) but I can't recall the details on how you handle those. Those are rare, in my experience. jadx is pretty good, but you'll occasionally find methods or entire classes that it just can't figure out, and it'll give you a bytecode dump. I don't yet have a good solution for those, other than "get good at reading JVM bytecode".
If you're dealing with games, another useful thing can be UABE and dotPeek. These are unity/C# tools, but you would be surprised how many android games (and non-games!) are actually unity under the hood.
Bluestacks can also be useful, because it'll let you run the app on your desktop and that can be handy for things like running WireShark to log all network traffic.
Speaking of logging, the other handy thing I've done is enabling android developer mode on my phone to get to one specific option: Bluetooth HCI snoop log.
Now, actually getting that log is tricky and varies from phone to phone, because for some reason manufacturers like to move it around, but it's one of the best ways to reverse engineer bluetooth communication stuff. You basically turn on the log and everything your phone does to communicate with your Smart Toothbrush or whatever will be logged to a file, then you can yank that file over and stuff it into Wireshark.
So... hopefully some of that is a helpful start? I've not done a huge amount of Android reversing so I'm not super familiar with the tools used, but these are the ones I've got on hand for when I do.
also sorry for all the horny robotgirl posters who saw "android reverse engineering" in the tags and thought this was gonna be about taking them apart with screwdrivers and rooting around in their insides. Not today!
