Android - Unpack, edit and repack an apk

Question

I saw that a few SDK companies (TestFairy for instance) managed to add their SDK automatically to any APK.

So assuming that you have the dex file out of the APK and convert it to jar (via dex2jar). How did they manage to edit the jar (class files), compile it to dex and then to repack it back to jar?

I know that you can just edit a single class file as it won't compile without the other dependencies. What have i missed?

Answer 1

The simplest and most likely way that it's being done is the SDK code is built by the original developers into an Android application or directly into a DEX file. Then, it is disassembled into smali.

To add into another application, disassemble the target application's dex file into smali. Then, add the smali code of the SDK and make any other changes that are needed to start the SDK. This is key. Modifying smali is easy, and adding classes is a matter of copying a file into a directory.

This may require changing the AndroidManifest.xml to wire up any receivers, add services or activities, meta-data, etc. If so, then apktool can be used to dump resources and smali.

After everything has been modified, rebuild the apk using smali or apktool and resign the apk. This means that after the SDK has been added, the signature should have been changed. If it hasn't been changed they either can crack very strong encryption very quickly (not likely) or they have access to the original source code and private key of the application (also not likely).

There's also a tool called dexmerge that comes with the Android SDK that can combine two dex files without having to disassemble into smali. I believe it's used for "incremental" compilation in IntelliJ.

You could also write your own parser and modification library to do this, but why reinvent the wheel when you can use smali / baksmali.

Amazon, and a few others, use a similar process to modify applications.