APK files can be reverse-engineered in different ways to get the original code. The following is one method that uses the dex2jar and JD-GUI tools to gain access to the application code. For our example, we will examine the com.twitter.android-1.apk file. The following are the steps to successfully reverse engineer the APK file:

1. Rename the APK extension to ZIP to see the contents of the file. Rename the com.twitter.android-1.apk file to twitter.android-1.zip and extract the contents of this file using any file archiver application. The following screenshot shows the files that were extracted from the original file, twitter.android-1.zip:

2. The classes.dex file that we discussed previously can be accessed after extracting the contents of the APK file. This dex file needs to be converted into a class file in Java. This can be done using the dex2jar tool.
3. Download the dex2jar tool from https://github.com/pxb1988/dex2jar, drop the classes.dex file into the dex2jar tools directory, and issue the following command:

C:UsersRohitDesktopTrainingAndroiddex2jar-0.0.9.15>d2j- dex2jar.bat classes.dex dex2jar classes.dex -> classes-dex2jar.jar

4. When the preceding command is successfully run, it creates a new classes -dex2jar.jar file in the same directory, as shown in the following screenshot:

5. To view the contents of this JAR file, you can use a tool such as JD-GUI. As shown in the following screenshot, the files present in an Android application and the corresponding code can be seen:

Once we get access to the code, it is easy to analyze how the application stores the values, permissions, and more information that may be helpful to bypass certain restrictions. When malware is found on a device, this method to decompile and analyze the application may prove useful, as it will show what is being accessed by the malware and provide clues to where the data is being sent. The following sections focus on Android malware in detail.