Is there a way to get the source code from an APK file?

Question

The hard drive on my laptop just crashed and I lost all the source code for an app that I have been working on for the past two months. All I have is the APK file that is st

Answer 1

There are lots of applications and methods in the market to decompile the apk file into java class but if the app is compiled with ProGuard rule then you are in a big trouble because this rule will shrink all the dex files into a small character name and then you can not trace back the implementation. see https://developer.android.com/studio/build/shrink-code for mode clarification.

Happy Coding...

Answer 2

based on your condition, if your android apk:

Condition1: NOT harden (by Tencent Legu/Qihoo 360/...)

Choice1: using online service

such as:

using www.javadecompilers.com

goto:

• http://www.javadecompilers.com/apk
  • Note: internally using Jadx

to auto decode from apk to java sourcecode

steps:

upload apk file + click Run + wait some time + click Download to get zip + unzip ->

sources/com/{yourCompanyName}/{yourProjectName}

is your expected java source code

Choice2: decompile/crack by yourself

use related tool to decompile/crack by yourself:

use jadx/jadx-gui convert apk to java sourcecode

download jadx-0.9.0.zip then unzip to got bin/jadx, then:

• command line mode:
  • in terminal run: jadx-0.9.0/bin/jadx -o output_folder /path_to_your_apk/your_apk_file.apk
  • output_folder will show decoded sources and resources
    • sources/com/{yourCompanyName}/{yourProjectName} is your expected java sourcecode
• GUI mode
  • double click to run jadx-0.9.0/bin/jadx-gui (Linux's jadx-gui.sh / Windows's jadx-gui.bat)
  • open apk file
  • it will auto decoding -> see your expected java sourcecode
  • save all or save as Gradle project

eg:

Condition2: harden (by Tencent Legu/Qihoo 360/...)

the main method of 3 steps:

1. apk/app to dex
2. dex to jar
3. jar to java src

detailed explanation:

Step1: apk/app to dex

use tool (FDex2/DumpDex) dump/hook out (one or multiple) dex file from running app

steps:

prepare environment

• a rooted android
  • real phone
  • or emulator
    • here using Chinese Nox App Player夜神安卓模拟器
      • 
• install your android apk
  • to the phone or emulator
• installed Xposed Installer
  • 
• install FDex2/DumpDex into XPosed and enable it
  • 
  • Note: need restart Xposed to make FDex2 work
  • FDex2 download address, Chinese:
    • 脱壳工具 FDex2-CSDN下载
    • 链接: https://pan.baidu.com/s/1lTF8CN96bxWpFwv7J174lg 提取码: 3e3t
• install your android apk to phone/emulator

dump out dex from running app

• run FDex2 then click your apk name to enable later to capture/hook out dex

  • 
• (in phone/emulator) run your app
• find and copy out the dump out whole apk resources in /data/data/com/yourCompanyName/yourProjectName
  • in its root folder normally will find several dex file
  • 

Step2: dex to jar

use tool (dex2jar) convert (the specific, containing app logic) dex file to jar file

download dex2jar got dex-tools-2.1-SNAPSHOT.zip, unzip got dex-tools-2.1-SNAPSHOT/d2j-dex2jar.sh, then

sh dex-tools-2.1-SNAPSHOT/d2j-dex2jar.sh -f your_dex_name.dex

eg:

dex-tools-2.1-SNAPSHOT/d2j-dex2jar.sh -f com.xxx.yyy8825612.dex
dex2jar com.xxx.yyy8825612.dex -> ./com.xxx.yyy8825612-dex2jar.jar

Step3: jar to java src

use one of tools:

• Jadx
• Procyon
  • GUI tool based on procyon:
    • Luyten
    • Bytecode Viewer
• CRF
• JD-GUI
• some others:
  • Krakatau
  • Fernflower
  • Cavaj

convert jar to java src

for from jar to java src converting effect:

Jadx > Procyon > CRF >> JD-GUI

so recommend use: Jadx/jadx-gui

steps:

• double click to run jadx-gui
• open dex file
• File -> save all

eg:

exported java src:

---

More detailed explanation can see my online ebook Chinese tutorial:

• 安卓应用的安全和破解
  • tutorial's source code on github: crifan/android_app_security_crack: 安卓应用的安全和破解

Answer 3

apktool will work. You don't even need to know the keystore to extract the source code (which is a bit scary). The main downside is that the source is presented in Smali format instead of Java. Other files such as the icon and main.xml come through perfectly fine though and it may be worth your time to at least recover those. Ultimately, you will most likely need to re-write your Java code from scratch.

You can find apktool here. Simply just download apktool and the appropriate helper (for Windows, Linux, or Mac OS). I recommend using a tool such as 7-zip to unpack them.