APK decompilers

Tip

AWS ํ•ดํ‚น ๋ฐฐ์šฐ๊ธฐ ๋ฐ ์—ฐ์Šตํ•˜๊ธฐ:HackTricks Training AWS Red Team Expert (ARTE)
GCP ํ•ดํ‚น ๋ฐฐ์šฐ๊ธฐ ๋ฐ ์—ฐ์Šตํ•˜๊ธฐ: HackTricks Training GCP Red Team Expert (GRTE) Azure ํ•ดํ‚น ๋ฐฐ์šฐ๊ธฐ ๋ฐ ์—ฐ์Šตํ•˜๊ธฐ: HackTricks Training Azure Red Team Expert (AzRTE)

HackTricks ์ง€์›ํ•˜๊ธฐ

๊ฐ ๋„๊ตฌ์— ๋Œ€ํ•œ ์ž์„ธํ•œ ๋‚ด์šฉ์€ https://eiken.dev/blog/2021/02/how-to-break-your-jar-in-2021-decompilation-guide-for-jars-and-apks/#cfr ์›๋ณธ ๊ฒŒ์‹œ๋ฌผ์„ ํ™•์ธํ•˜์„ธ์š”.

JD-Gui

์„ ๊ตฌ์ ์ธ GUI Java ๋””์ปดํŒŒ์ผ๋Ÿฌ์ธ JD-Gui๋Š” APK ํŒŒ์ผ ๋‚ด์˜ Java ์ฝ”๋“œ๋ฅผ ์กฐ์‚ฌํ•  ์ˆ˜ ์žˆ๊ฒŒ ํ•ด์ค๋‹ˆ๋‹ค. ์‚ฌ์šฉ์ด ๊ฐ„๋‹จํ•˜๋ฉฐ, APK๋ฅผ ์–ป์€ ํ›„ JD-Gui๋กœ ์—ด์–ด ์ฝ”๋“œ๋ฅผ ๊ฒ€์‚ฌํ•˜๋ฉด ๋ฉ๋‹ˆ๋‹ค.

Jadx

Jadx๋Š” Android ์• ํ”Œ๋ฆฌ์ผ€์ด์…˜์˜ Java ์ฝ”๋“œ๋ฅผ ๋””์ปดํŒŒ์ผํ•˜๊ธฐ ์œ„ํ•œ ์‚ฌ์šฉ์ž ์นœํ™”์ ์ธ ์ธํ„ฐํŽ˜์ด์Šค๋ฅผ ์ œ๊ณตํ•ฉ๋‹ˆ๋‹ค. ๋‹ค์–‘ํ•œ ํ”Œ๋žซํผ์—์„œ ์‚ฌ์šฉํ•˜๊ธฐ ์‰ฌ์›Œ ์ถ”์ฒœ๋ฉ๋‹ˆ๋‹ค.

  • GUI๋ฅผ ์‹คํ–‰ํ•˜๋ ค๋ฉด bin ๋””๋ ‰ํ† ๋ฆฌ๋กœ ์ด๋™ํ•˜์—ฌ ๋‹ค์Œ์„ ์‹คํ–‰ํ•ฉ๋‹ˆ๋‹ค: jadx-gui
  • ๋ช…๋ น์ค„ ์‚ฌ์šฉ์„ ์œ„ํ•ด APK๋ฅผ ๋””์ปดํŒŒ์ผํ•˜๋ ค๋ฉด: jadx app.apk
  • ์ถœ๋ ฅ ๋””๋ ‰ํ† ๋ฆฌ๋ฅผ ์ง€์ •ํ•˜๊ฑฐ๋‚˜ ๋””์ปดํŒŒ์ผ ์˜ต์…˜์„ ์กฐ์ •ํ•˜๋ ค๋ฉด: jadx app.apk -d <path to output dir> --no-res --no-src --no-imports

GDA-android-reversing-Tool

GDA๋Š” Windows ์ „์šฉ ๋„๊ตฌ๋กœ, Android ์•ฑ์˜ ๋ฆฌ๋ฒ„์Šค ์—”์ง€๋‹ˆ์–ด๋ง์„ ์œ„ํ•œ ๊ด‘๋ฒ”์œ„ํ•œ ๊ธฐ๋Šฅ์„ ์ œ๊ณตํ•ฉ๋‹ˆ๋‹ค. Windows ์‹œ์Šคํ…œ์— GDA๋ฅผ ์„ค์น˜ํ•˜๊ณ  ์‹คํ–‰ํ•œ ํ›„ APK ํŒŒ์ผ์„ ๋กœ๋“œํ•˜์—ฌ ๋ถ„์„ํ•ฉ๋‹ˆ๋‹ค.

Bytecode-Viewer

Bytecode-Viewer๋ฅผ ์‚ฌ์šฉํ•˜๋ฉด ์—ฌ๋Ÿฌ ๋””์ปดํŒŒ์ผ๋Ÿฌ๋ฅผ ํ†ตํ•ด APK ํŒŒ์ผ์„ ๋ถ„์„ํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค. ๋‹ค์šด๋กœ๋“œ ํ›„ Bytecode-Viewer๋ฅผ ์‹คํ–‰ํ•˜๊ณ  APK๋ฅผ ๋กœ๋“œํ•œ ๋‹ค์Œ ๋™์‹œ์— ์‚ฌ์šฉํ•  ๋””์ปดํŒŒ์ผ๋Ÿฌ๋ฅผ ์„ ํƒํ•ฉ๋‹ˆ๋‹ค.

Enjarify

Enjarify๋Š” Dalvik ๋ฐ”์ดํŠธ์ฝ”๋“œ๋ฅผ Java ๋ฐ”์ดํŠธ์ฝ”๋“œ๋กœ ๋ณ€ํ™˜ํ•˜์—ฌ Java ๋ถ„์„ ๋„๊ตฌ๊ฐ€ Android ์• ํ”Œ๋ฆฌ์ผ€์ด์…˜์„ ๋” ํšจ๊ณผ์ ์œผ๋กœ ๋ถ„์„ํ•  ์ˆ˜ ์žˆ๊ฒŒ ํ•ฉ๋‹ˆ๋‹ค.

  • Enjarify๋ฅผ ์‚ฌ์šฉํ•˜๋ ค๋ฉด ๋‹ค์Œ์„ ์‹คํ–‰ํ•ฉ๋‹ˆ๋‹ค: enjarify app.apk ์ด๋Š” ์ œ๊ณต๋œ APK์˜ Java ๋ฐ”์ดํŠธ์ฝ”๋“œ ๋™๋“ฑ๋ฌผ์„ ์ƒ์„ฑํ•ฉ๋‹ˆ๋‹ค.

CFR

CFR์€ ํ˜„๋Œ€ Java ๊ธฐ๋Šฅ์„ ๋””์ปดํŒŒ์ผํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค. ๋‹ค์Œ๊ณผ ๊ฐ™์ด ์‚ฌ์šฉํ•ฉ๋‹ˆ๋‹ค:

  • ํ‘œ์ค€ ๋””์ปดํŒŒ์ผ์„ ์œ„ํ•ด: java -jar ./cfr.jar "app.jar" --outputdir "output_directory"
  • ํฐ JAR ํŒŒ์ผ์˜ ๊ฒฝ์šฐ, JVM ๋ฉ”๋ชจ๋ฆฌ ํ• ๋‹น์„ ์กฐ์ •ํ•ฉ๋‹ˆ๋‹ค: java -Xmx4G -jar ./cfr.jar "app.jar" --outputdir "output_directory"

Fernflower

Fernflower๋Š” ๋ถ„์„ ๋””์ปดํŒŒ์ผ๋Ÿฌ๋กœ, ์†Œ์Šค์—์„œ ๋นŒ๋“œํ•ด์•ผ ํ•ฉ๋‹ˆ๋‹ค. ๋นŒ๋“œ ํ›„:

  • JAR ํŒŒ์ผ์„ ๋””์ปดํŒŒ์ผํ•ฉ๋‹ˆ๋‹ค: java -jar ./fernflower.jar "app.jar" "output_directory" ๊ทธ๋Ÿฐ ๋‹ค์Œ, ์ƒ์„ฑ๋œ JAR์—์„œ .java ํŒŒ์ผ์„ ์ถ”์ถœํ•˜๋ ค๋ฉด unzip์„ ์‚ฌ์šฉํ•ฉ๋‹ˆ๋‹ค.

Krakatau

Krakatau๋Š” ์™ธ๋ถ€ ๋ผ์ด๋ธŒ๋Ÿฌ๋ฆฌ๋ฅผ ์ฒ˜๋ฆฌํ•˜๋Š” ๋ฐ ํŠนํžˆ ๋””์ปดํŒŒ์ผ์— ๋Œ€ํ•œ ์„ธ๋ถ€์ ์ธ ์ œ์–ด๋ฅผ ์ œ๊ณตํ•ฉ๋‹ˆ๋‹ค.

  • Krakatau๋ฅผ ์‚ฌ์šฉํ•˜๋ ค๋ฉด ํ‘œ์ค€ ๋ผ์ด๋ธŒ๋Ÿฌ๋ฆฌ ๊ฒฝ๋กœ์™€ ๋””์ปดํŒŒ์ผํ•  JAR ํŒŒ์ผ์„ ์ง€์ •ํ•ฉ๋‹ˆ๋‹ค: ./Krakatau/decompile.py -out "output_directory" -skip -nauto -path "./jrt-extractor/rt.jar" "app.jar"

procyon

procyon์„ ์‚ฌ์šฉํ•˜์—ฌ ๊ฐ„๋‹จํ•œ ๋””์ปดํŒŒ์ผ์„ ์ˆ˜ํ–‰ํ•ฉ๋‹ˆ๋‹ค:

  • JAR ํŒŒ์ผ์„ ์ง€์ •๋œ ๋””๋ ‰ํ† ๋ฆฌ๋กœ ๋””์ปดํŒŒ์ผํ•ฉ๋‹ˆ๋‹ค: procyon -jar "app.jar" -o "output_directory"

frida-DEXdump

์ด ๋„๊ตฌ๋Š” ๋ฉ”๋ชจ๋ฆฌ์—์„œ ์‹คํ–‰ ์ค‘์ธ APK์˜ DEX๋ฅผ ๋คํ”„ํ•˜๋Š” ๋ฐ ์‚ฌ์šฉ๋  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค. ์ด๋Š” ์• ํ”Œ๋ฆฌ์ผ€์ด์…˜์ด ๋ฉ”๋ชจ๋ฆฌ์—์„œ ์‹คํ–‰๋˜๋Š” ๋™์•ˆ ์ œ๊ฑฐ๋˜๋Š” ์ •์  ๋‚œ๋…ํ™”๋ฅผ ์šฐํšŒํ•˜๋Š” ๋ฐ ๋„์›€์ด ๋ฉ๋‹ˆ๋‹ค.

Tip

AWS ํ•ดํ‚น ๋ฐฐ์šฐ๊ธฐ ๋ฐ ์—ฐ์Šตํ•˜๊ธฐ:HackTricks Training AWS Red Team Expert (ARTE)
GCP ํ•ดํ‚น ๋ฐฐ์šฐ๊ธฐ ๋ฐ ์—ฐ์Šตํ•˜๊ธฐ: HackTricks Training GCP Red Team Expert (GRTE) Azure ํ•ดํ‚น ๋ฐฐ์šฐ๊ธฐ ๋ฐ ์—ฐ์Šตํ•˜๊ธฐ: HackTricks Training Azure Red Team Expert (AzRTE)

HackTricks ์ง€์›ํ•˜๊ธฐ