文章目录
反编译与手机平板apk提取
反编译
下载
apktool.bat内容
apktool相关参数
操纵步骤:
1.把设备中的framework-res.apk提取出来
2.把framework-res.apk解析到对应文件夹
4. 反编译apk
5.搞定
提取设备系统apk
用python写一个通用的apk提取代码
反编译与手机平板apk提取
仅用于安卓设备
反编译
本文只做介绍
下载
apktool官网: https://ibotpeaches.github.io/Apktool/install/
apktool官方下载地址: https://bitbucket.org/iBotPeaches/apktool/downloads/
apktool.bat内容
@echo off set PATH=%CD%;%PATH%; java -jar "%~dp0\apktool.jar" %1 %2 %3 %4 %5 %6 %7 %8 %9
apktool相关参数
参数: Apktool v2.5.0 - a tool for reengineering Android apk files with smali v2.4.0 and baksmali v2.4.0 Copyright 2010 Ryszard Wi?niewski <brut.alll@gmail.com> Copyright 2010 Connor Tumbleson <connor.tumbleson@gmail.com> usage: apktool -advance,--advanced prints advance information. -version,--version prints the version then exits usage: apktool if|install-framework [options] <framework.apk> -p,--frame-path <dir> Stores framework files into <dir>. -t,--tag <tag> Tag frameworks using <tag>. usage: apktool d[ecode] [options] <file_apk> -f,--force Force delete destination directory. -o,--output <dir> The name of folder that gets written. Default is apk.out -p,--frame-path <dir> Uses framework files located in <dir>. -r,--no-res Do not decode resources. -s,--no-src Do not decode sources. -t,--frame-tag <tag> Uses framework files tagged by <tag>. usage: apktool b[uild] [options] <app_path> -f,--force-all Skip changes detection and build all files. -o,--output <dir> The name of apk that gets written. Default is dist/name.apk -p,--frame-path <dir> Uses framework files located in <dir>. For additional info, see: https://ibotpeaches.github.io/Apktool/ For smali/baksmali info, see: https://github.com/JesusFreke/smali
操纵步骤:
1.把设备中的framework-res.apk提取出来
adb pull /system/framework/framework-res.apk
2.把framework-res.apk解析到对应文件夹
apktool_2.5.0 if -p C:\Users\Lvan8\Desktop\temp framework-res.apk
D:\G_Working\自动化小工具需求\性能工具\反编译工具\ApkToolBoxStudio_jb51\ApkToolBox Studio_v1.6.4\tool>apktool_2.5.0 if -p C:\Users\Lvan8\Desktop\temp framework-res.apk I: Framework installed to: C:\Users\Lvan8\Desktop\temp\1.apk
4. 反编译apk
- 1.d 就是将apk反编译成文件夹的形式
- 2.-p 后面跟的就是上一个步骤中framework指定的地址
- 3.-f 理解为强制的意思
- 4.最后接需要反编译的文件的名字(我放在和apptool同一个目录下)
apktool_2.5.0.bat d -p C:\Users\Lvan8\Desktop\temp -f setting.apk
反编译的时候想要放在别的目录下,需要加上 -o 参数 ,因为版本升级了
#把对应文件夹下面的apk反编译到主目录下的temp文件夹里面 #每次编译都会覆盖掉temp下面的所有内容 window_apk_path = '../resources/all_apk_files/IconPackCircularAndroidOverlay.apk' save_path = '../temp/' os.system(f'apktool_2.5.0.bat d -p {framework_path} -f {window_apk_path} -o {save_path}')
apktool反编译时经常会出现下面的信息 1.Input file was not found or was not readable. 3.Exception in thread "main" brut.androlib.AndrolibException: Could not decode ars c fil.......... 解决方案: 1和2是因为apktool升级到2.0以上时,使用方式已经替换,格式为:apktool d [-s] -f <apkPath> -o <folderPath>,参数具体的意思可以直接打apktool回车(windows)查看帮助 3是因为apktool版本过低导致,请升级到最新版本,地址: https://bitbucket.org/iBotPeaches/apktool/downloads
5.搞定
D:\G_Working\自动化小工具需求\性能工具\反编译工具\ApkToolBoxStudio_jb51\ApkToolBox Studio_v1.6.4\tool>apktool_2.5.0.bat d -p C:\Users\Lvan8\Desktop\temp -f setting.apk I: Using Apktool 2.5.0 on setting.apk I: Loading resource table... I: Decoding AndroidManifest.xml with resources... I: Loading resource table from file: C:\Users\Lvan8\Desktop\temp\1.apk I: Regular manifest package... I: Decoding file-resources... I: Decoding values */* XMLs... I: Baksmaling classes.dex... I: Baksmaling classes2.dex... I: Copying assets and libs... I: Copying unknown files... I: Copying original files... D:\G_Working\自动化小工具需求\性能工具\反编译工具\ApkToolBoxStudio_jb51\ApkToolBox Studio_v1.6.4\tool>
完整得资源文件
提取设备系统apk
adb pull system/app test adb pull system/priv-app test adb pull data/app test #注解: /system/app 存放rom本身附带的软件即系统软件; /data/app 存放用户安装的软件; #注意: /system/priv-app/下的apk不用系统签名,就能够获取signatureOrSystem权限。 /system/app/下的apk,要获取signatureOrSystem权限,必须用系统签名才行。 /data/app下面的apk无法提取,需要把它复制到别的目录下,在下载到电脑 adb shell cp /data/app/com.xueqiu.android-TKqF3b6wXa1KQ3KyKK6o6Q==/base.apk /sdcard/temp123 #获取apk包名 aapt dump badging PartnerBookmarksProvider.apk #获取包名所在路径 adb shell pm path 包名
用python写一个通用的apk提取代码
import os #获取apk的包名 import time class Pull_apk(): def __init__(self,package_name,windows_apk_path): """ : package_name : apk的包名 : windows_apk_path : 指定电脑存储apk的路径 """ self.get_package_name = package_name self.self.windows_apk_path = windows_apk_path def pull_select_apk(self): #获取apk所在的路径 apk_path_cmdshow = os.popen(f"adb shell pm path {self.get_package_name}").read() apk_path = apk_path_cmdshow.split(":")[1].strip() apk_name = apk_path.split("/")[-1] windows_apk_path = self.windows_apk_path #尝试提取到windows系统,如果提取不了,则复制到设备的sdcard目录中,再提取到Windows try: msg = os.popen(f'adb pull {apk_path} {windows_apk_path} ').read() print("----------------") if "1 file pulled" in msg: print("apk复制成功") else: #复制到sdcard目录下 os.system(f'adb shell cp {apk_path} /sdcard/') time.sleep(3) os.system(f'adb pull /sdcard/{apk_name} {windows_apk_path}') print("else分支,apk复制成功") except Exception as e : print(e) return apk_name
