Apktool VS lbry-sdk

App tampering and repackaging can be performed by using reverse engineering or tampering tools, such as Apktool, dex2jar, etc.

Apktool made by iBotPeaches, this uses v2.9.1

Can someone clarify what "PP tools" are, and provide a link to them? I came across this link (https://apktool.org/) but I'm not sure if it's the right tool.

Not sure. I started reverse engineering Java apps very early in my life — initially it was J2ME games. Decompilers of the time sucked but that didn't stop me from modding Gravity Defied :P

I honestly don't know what's a good way of getting started on reverse engineering. There's a bunch of everything about Windows executables in particular, including "crackmes", but native machine code is a level up from JVM bytecode. Java classes and Android dex files can be decompiled back to sensible source with a good chance that you get something that can be compiled again. No such luck for native code — C/C++ compilation is a lossy process by its nature, especially the optimizations. Ghidra does a decent job but still requires a non-zero amount of manual assistance. Flash games also were good to hone one's reverse engineering skills since ActionScript decompilers did a pretty darn good job.

Anyway. To decompile dex to Java source, there's jadx: https://github.com/skylot/jadx

Since decompilation is sometimes lossy, there's apktool for when you want to put the app back together after tinkering with it: https://github.com/iBotPeaches/Apktool

It goes without saying that you also need a JDK and the Android SDK. In particular, you need apksigner form the SDK to sign the unsigned apks generated by apktool. You can also automate things a bit and use adb to deploy them to your device.

What I usually do is get a high-level overview of the app in jadx, and then modify the smali (dalvik bytecode in text form, very assembly-like) files generated by apktool.

apktool: Decompile any app into smali, modify it and recompile it back. Here you do not need to edit smali, the JavaScript bundle is inside the assets folder.

apk.sh basically uses apktool to disassemble, decode and rebuild resources and some bash to automate the frida gadget injection process. It also supports app bundles/split APKs.

Apktool can unpack and repack an apk. https://ibotpeaches.github.io/Apktool/

Then decompile the apk. Use https://ibotpeaches.github.io/Apktool/ or similar. You have to decompile it with resources to smali. Smali is a programming language which looks like java binary code.

I wasn't aware of apkTool before today. Randomly google removed our app from the store because we included the android.permission.QUERY_ALL_PACKAGES permission. It wasn't anywhere in our code so i assumed it was in a dependency but wasn't sure. Searching in VsCode didn't turn up anything.

LBRY 📚 - Another blockchain-based platform, LBRY features uncensored video, audio, images, ebooks and more. The decentralized library is community-controlled. LBRY allows monetization via its LBC cryptocurrency and has a growing subscriber base.