Reverse Engineer Android Apps for API Keys
How to reverse engineer Android apps & find confidential API Keys
Reverse engineering Android applications to extract API keys is commonly used in security research, penetration testing, and understanding application behavior. Below is a comprehensive tutorial outlining the necessary tools, setup procedures, and steps to identify API keys within Android applications.
Tools Required
- Android Studio - For running and testing APKs.
- ADB - For interacting with Android devices or emulators.
- APKTool- For decompiling and recompiling APKs.
- JADX - For decompiling APKs to Java source code.
- HTTP Toolkit - For intercepting and analyzing HTTP/HTTPS traffic.
Setup Procedures
1. Configure Android Emulator or Device
- Emulator: Use Android Studio to create and run an emulator.
- Physical Device: Enable Developer Options and USB Debugging.
2. Install ADB
- Extract the Platform Tools and add the directory to your system's PATH.
3. Install APKTool and JADX
-
APKTool:
- Download the APKTool jar and wrapper script.
- Place them in the same directory and make the script executable.
-
JADX:
- Download and extract the JADX binaries.
- Run
jadx-gui
for a graphical interface.
4. Configure HTTP Toolkit
- Install and run the application.
- Follow prompts to set up the Android device for traffic interception.
Steps to Extract API Keys
Step 1: Obtain the APK
-
From Device:
-
Use ADB to pull the APK:
adb shell pm list packages adb shell pm path com.example.app adb pull /data/app/com.example.app/base.apk
-
-
From Play Store:
- Use third-party services or tools to download the APK like APKPure.
Step 2: Static Analysis with APKTool and JADX
-
Decompile APK:
-
Use APKTool:
apktool d base.apk -o decmpld_app
-
-
Inspect Code:
-
Open the APK with JADX:
jadx-gui base.apk
-
-
Search for API Keys:
- Look for hardcoded strings, especially in files like
BuildConfig.java
,Constants.java
, or any class that handles network requests.
- Look for hardcoded strings, especially in files like
Step 3: Modify Network Security Configuration
-
Edit
AndroidManifest.xml
:-
Add or modify the
android:networkSecurityConfig
attribute:<application android:networkSecurityConfig="@xml/network_security_config" ... > </application>
-
-
Create
network_security_config.xml
:-
Define a configuration that trusts user-added CAs:
<?xml version="1.0" encoding="utf-8"?> <network-security-config> <base-config> <trust-anchors> <certificates src="user" /> <certificates src="system" /> </trust-anchors> </base-config> </network-security-config>
-
-
Rebuild APK:
-
Use APKTool to rebuild:
apktool b decmpld_app -o modified_app.apk
-
-
Sign APK:
- Use
jarsigner
orapksigner
to sign the APK.
- Use
Step 5: Intercept Network Traffic
- Configure the Android device to route traffic through HTTP Toolkit.
- Run the application and monitor the intercepted requests for API keys or tokens.
We hope this tutorial help you learn something new. For more tutorials like this, please subscribe to pwn.guide+. Happy pwning😍