pwn.guide
Forensics

Reverse Engineer Android Apps for API Keys

How to reverse engineer Android apps & find confidential API Keys

Reverse engineering Android applications to extract API keys is commonly used in security research, penetration testing, and understanding application behavior. Below is a comprehensive tutorial outlining the necessary tools, setup procedures, and steps to identify API keys within Android applications.

Tools Required

  1. Android Studio - For running and testing APKs.
  2. ADB - For interacting with Android devices or emulators.
  3. APKTool- For decompiling and recompiling APKs.
  4. JADX - For decompiling APKs to Java source code.
  5. HTTP Toolkit - For intercepting and analyzing HTTP/HTTPS traffic.

Setup Procedures

1. Configure Android Emulator or Device

  • Emulator: Use Android Studio to create and run an emulator.
  • Physical Device: Enable Developer Options and USB Debugging.

2. Install ADB

  • Extract the Platform Tools and add the directory to your system's PATH.

3. Install APKTool and JADX

  • APKTool:

    • Download the APKTool jar and wrapper script.
    • Place them in the same directory and make the script executable.

  • JADX:

    • Download and extract the JADX binaries.
    • Run jadx-gui for a graphical interface.

4. Configure HTTP Toolkit

  • Install and run the application.
  • Follow prompts to set up the Android device for traffic interception.

Steps to Extract API Keys

Step 1: Obtain the APK

  • From Device:

    • Use ADB to pull the APK:

      adb shell pm list packages
adb shell pm path com.example.app
adb pull /data/app/com.example.app/base.apk

  • From Play Store:

    • Use third-party services or tools to download the APK like APKPure.

Step 2: Static Analysis with APKTool and JADX

  • Decompile APK:

    • Use APKTool:

      apktool d base.apk -o decmpld_app

  • Inspect Code:

    • Open the APK with JADX:

      jadx-gui base.apk

  • Search for API Keys:

    • Look for hardcoded strings, especially in files like BuildConfig.java, Constants.java, or any class that handles network requests.

Step 3: Modify Network Security Configuration

  • Edit AndroidManifest.xml:

    • Add or modify the android:networkSecurityConfig attribute:

      <application
    android:networkSecurityConfig="@xml/network_security_config"
    ... >
</application>

  • Create network_security_config.xml:

    • Define a configuration that trusts user-added CAs:

      <?xml version="1.0" encoding="utf-8"?>
<network-security-config>
    <base-config>
        <trust-anchors>
            <certificates src="user" />
            <certificates src="system" />
        </trust-anchors>
    </base-config>
</network-security-config>

  • Rebuild APK:

    • Use APKTool to rebuild:

      apktool b decmpld_app -o modified_app.apk

  • Sign APK:

    • Use jarsigner or apksigner to sign the APK.

Step 5: Intercept Network Traffic

  • Configure the Android device to route traffic through HTTP Toolkit.
  • Run the application and monitor the intercepted requests for API keys or tokens.

We hope this tutorial help you learn something new. For more tutorials like this, please subscribe to pwn.guide+. Happy pwning😍

Recommended Tutorials

Continue your learning journey with these related guides

Dump Machine's Memory For Forensic Analysis

Learn how to dump a memory of a computer to analyze it.

pwn.guide+

Extract Data From Firmwares Dumped With a CH341A

Learn how to extract data like pictures, videos... from the firmware, dumped with a CH341A.

pwn.guide+

Memory Forensics using Volatility

How to analyze memory dumps using a tool called Volatility.

pwn.guide+