Android/Decompiling

This page details how to decompile an android application from the .apk or .apk and .odex pair to source code.

Requirements

You need the Android SDK installed  http://developer.android.com/sdk/index.html and you want the binaries from platform-tools and tools to be in your PATH, particularly adb. You need to download all the relevant components for the API version of the phone you have taken the app from using the SDK manager. You want to set the ANDROID_HOME environment variable to point to the location that the SDK is installed to.

Obtaining the app

First you need to obtain the app you want to decompile. On installation from the market you will likely find it in /system/app/. It could be in one of two forms, as a normal .apk containing a classes.dex or as a modified .apk and a separate .odex file with the same file stem. e.g LatinIme?.apk, LatinIME.odex. These can be obtained using adb pull /system/app/$NAME.apk etc.

Decompiling

De-odexing

If you have a plain .apk then you can skip this step but if you have a .apk, .odex pair then it is necessary. You need to get baksmali and smali from  http://code.google.com/p/smali/downloads/list you need both the .jar files and the wrapper scripts. Then there are some instructions on  http://code.google.com/p/smali/wiki/DeodexInstructions Essentially you need to run

baksmali --api-level $LEVEL -x $APP.odex -o $SMALI_OUTPUT_DIR

However you want to do this in a directory containing all the relevant framework odex files from the phone. This can be done by using adb pull /system/framework/$NAME.odex where useful names are: android.policy, apache-xml, bouncycastle, core-junit, core, ext, filterfw, framework, services but hopefully you will get a suitable error message about what it lacks. Then you can use smali to create a normal .dex file

smali --api-level $LEVEL -o classes.dex $SMALI_OUTPUT_DIR

Then you can use an archive manager to insert classes.dex into the apk file.

Decompiling the .apk

At this point you have an apk file containing a classes.dex along with the rest of the normal contents of an apk. You need ded from  http://siis.cse.psu.edu/ded/installation.html (there are papers to cite here). Be careful to work all the way through that page and construct the directory structure exactly. symlink in the android.jar from your android SDK using the one for the API level you are working with platforms/android-LEVEL/{android.jar,data/layoutlib.jar}, you might also want to symlink the jars from tools/lib as well and the . ded is very fragile and so you must run ded.sh in the directory you have installed it to with the apk you want to decompile in the same directory (alternatively you can work out how to patch it so that this is not necessary). Then run the following

ded.sh $NAME.apk -d $NAME -c | tee $NAME.log

Which should put the decompiled output in the folder $NAME and save a log to $NAME.log. If you get any warnings about phantom references then you need to fix up the classpath, try putting all the .odex files from before in the same directory as everything else.

TODO(drt24) Test that these instructions works and I haven't missed anything out.