Download the Show Java tool, and use it to extract Java code from an app.
- [Man] There's an interesting app available on play store called Show Java and it provides decompilation capability directly on the phone. The interface is quite simple. It shows a list of apps that you've already analyzed. The menu option at the top left and at the top right both give access to the settings of the app. Both also provide the option for reporting bugs. You can click on an existing entry in the list to return to that analysis. Or to analyze a new app, you can press the plus symbol at the bottom right.
If you select a new app to analyze, you'll be asked whether you want to pick it from the SD card or from the list of installed apps. Once you select the app, you can select either CFR, JaDX or FernFlower to use as the decompiler. You can set the default in settings and suppress this question. Once you've used Show Java you'll get a feel for which decompiler suits you best. Having selecting your decompiler, Show Java then takes a few minutes to process the APK and produce the decompiled results.
The results of decompilation are listed as shown. There's a Java Source folder, a resources folder, the manifest file and the icon. There are two action icons at the top right; share and trash. If we select share, the source files are compressed into a zip and we can select one of the apps we have loaded to share the file. For instance, email, Skype and so on. This is useful if we want to have a larger workspace and set of tools to analyze the files. Once we no longer require the analyzed app, we can select the trash icon.
By clicking on the manifest file entry, the file is displayed and we can scroll through it. By clicking the Java source folder, we can navigate through the various subfolders and get down to the source files. Here's an example of a main activity file from my Android studio developed app. I can see the code as I wrote it in Android Studio. If we click on the res folder, the list of resource folders is displayed. We can select one and eventually get to the xml resource files. Show Java may be a convenient way for you to decompile your app and test how secure it is directly after it is installed by Android Studio.
Author
Malcolm Shore
Released
7/20/2017- Understanding Android OS, app, and hardware security components
- Using the Trusted Execution Environment
- Developing Android apps with security in mind
- Analyzing existing applications
- Understanding Android vulnerabilities
- Securing Android apps
- Developing secure enterprise apps
Skill Level Intermediate
Duration
Views
-
Introduction
-
Welcome49s
-
-
1. Android Technology
-
Introducing the Android OS6m 54s
-
Securing Android4m 10s
-
Securing Android apps7m 27s
-
Trusty TEE1m 44s
-
Samsung Knox2m 24s
-
-
2. Developing Android Apps
-
3. Analyzing Android Apps
-
Recovering the Java code4m 44s
-
-
4. Securing Android Apps
-
Basic app hygiene5m 18s
-
Storing data in the sandbox1m 58s
-
Using cryptography2m 8s
-
Adding tamper detection3m 47s
-
5. Advanced Security Development
-
What's new in Android O2m 2s
-
Conclusion
-
Summary1m 15s
-
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.
Share this video
Embed this video
Video: Analyzing apps on an Android phone