Download the Show Java tool, and use it to extract Java code from an app.
- [Man] There's an interesting app available on play store called Show Java and it provides decompilation capability directly on the phone. The interface is quite simple. It shows a list of apps that you've already analyzed. The menu option at the top left and at the top right both give access to the settings of the app. Both also provide the option for reporting bugs. You can click on an existing entry in the list to return to that analysis. Or to analyze a new app, you can press the plus symbol at the bottom right.
If you select a new app to analyze, you'll be asked whether you want to pick it from the SD card or from the list of installed apps. Once you select the app, you can select either CFR, JaDX or FernFlower to use as the decompiler. You can set the default in settings and suppress this question. Once you've used Show Java you'll get a feel for which decompiler suits you best. Having selecting your decompiler, Show Java then takes a few minutes to process the APK and produce the decompiled results.
The results of decompilation are listed as shown. There's a Java Source folder, a resources folder, the manifest file and the icon. There are two action icons at the top right; share and trash. If we select share, the source files are compressed into a zip and we can select one of the apps we have loaded to share the file. For instance, email, Skype and so on. This is useful if we want to have a larger workspace and set of tools to analyze the files. Once we no longer require the analyzed app, we can select the trash icon.
By clicking on the manifest file entry, the file is displayed and we can scroll through it. By clicking the Java source folder, we can navigate through the various subfolders and get down to the source files. Here's an example of a main activity file from my Android studio developed app. I can see the code as I wrote it in Android Studio. If we click on the res folder, the list of resource folders is displayed. We can select one and eventually get to the xml resource files. Show Java may be a convenient way for you to decompile your app and test how secure it is directly after it is installed by Android Studio.
Released
7/20/2017- Understanding Android OS, app, and hardware security components
- Using the Trusted Execution Environment
- Developing Android apps with security in mind
- Analyzing existing applications
- Understanding Android vulnerabilities
- Securing Android apps
- Developing secure enterprise apps
Share this video
Embed this video
Video: Analyzing apps on an Android phone