Android
Android applications are distributed as either APK (Android Package) or AAB (Android App Bundle) files. In CTF reverse engineering, analyzing these files can expose hardcoded keys, credential checks, or base64‑encoded secrets.
- Decompile APK:
jadx -d output/ sample.apk - Decode resources & smali:
apktool d sample.apk -o output/ - Build smali back to APK:
apktool b output/ -o rebuilt.apk - Extract APKs from AAB:
bundletool build-apks --bundle=app.aab --output=output.apks
unzip output.apks -d extracted/
| Tool | Purpose |
|---|---|
| JADX | Decompile APK/Dex files to Java source |
| APKTool | Decode resources, manifests, and rebuild APKs |
| bundletool | Unpack AAB bundles into individual APKs |
- Focus on code under
smali/com/.../MainActivity.smalior equivalent Java packages for flag logic. - Inspect
AndroidManifest.xmlfor exported components or permissions leakage. - Search compiled code (
grep) for known variable names like flag, api_key, or secret. - Use JADX and APKTool together, JADX for readable code, APKTool for precise resource mapping.