Apktool 安卓 APK 逆向工程工具：解包、资源提取与安全分析指南

apktool by brownfinesecurity/iothackbot

156 周安装量

720 GitHub Stars

GitHub

安装命令

npx skills add https://github.com/brownfinesecurity/iothackbot --skill apktool

逆向工程 Android 安全

🇨🇳中文介绍

Apktool - Android APK 解包与资源提取

您正在帮助用户使用 apktool 对 Android APK 文件进行逆向工程，以进行安全分析、漏洞发现和理解应用内部结构。

工具概述

Apktool 是一款用于对 Android APK 文件进行逆向工程的工具。它可以将资源解码为近乎原始的形式，并在修改后重新打包。这对于以下方面至关重要：

提取可读的 AndroidManifest.xml
解码资源（XML 布局、字符串、图片）
将 DEX 反汇编为 smali 代码
分析应用结构和权限
重新打包修改后的 APK

先决条件

系统上必须安装 apktool
需要 Java 运行时环境 (JRE)
足够的磁盘空间（解包后的 APK 通常比原始大小大 2-5 倍）
输出目录的写入权限

使用说明

1. 基本 APK 解包（最常用）

当用户要求解包、解码或分析 APK 时：

标准解码命令：

apktool d <apk-file> -o <output-directory>

示例：

apktool d app.apk -o app-unpacked

强制覆盖（如果目录已存在）：

apktool d app.apk -o app-unpacked -f

2. 理解输出结构

广告位招租

在这里展示您的产品或服务

触达数万 AI 开发者，精准高效

联系我们

3. 选择性解码（性能优化）

跳过资源（仅代码分析）：

apktool d app.apk -o app-code-only -r
# 或
apktool d app.apk -o app-code-only --no-res

处理速度更快
仅提取 smali 代码和清单文件
当您只需要分析代码逻辑时使用

跳过源代码（仅资源分析）：

apktool d app.apk -o app-resources-only -s
# 或
apktool d app.apk -o app-resources-only --no-src

处理速度更快
仅提取资源和清单文件
当您只需要资源、字符串、布局时使用

4. 常见分析任务

A. 检查 AndroidManifest.xml

清单文件揭示了关键的安全信息：

# 解包后
cat app-unpacked/AndroidManifest.xml

权限：应用访问的设备功能/数据
导出的组件 ：可从其他应用访问的活动、服务、接收器
Intent 过滤器 ：应用如何响应系统/应用意图
备份设置 ：android:allowBackup="true"（安全风险）
可调试标志 ：android:debuggable="true"（主要安全问题）
网络安全配置 ：自定义证书固定、明文流量
最低/目标 SDK 版本 ：过时的版本可能存在漏洞

示例分析命令：

# 查找所有权限
grep "uses-permission" app-unpacked/AndroidManifest.xml

# 查找导出的组件
grep "exported=\"true\"" app-unpacked/AndroidManifest.xml

# 检查是否可调试
grep "debuggable" app-unpacked/AndroidManifest.xml

# 查找所有活动
grep "android:name.*Activity" app-unpacked/AndroidManifest.xml

B. 提取字符串和资源

# 查看所有字符串资源
cat app-unpacked/res/values/strings.xml

# 搜索 API 密钥、URL、凭据
grep -r "api" app-unpacked/res/values/
grep -r "http" app-unpacked/res/values/
grep -r "password\|secret\|key\|token" app-unpacked/res/values/

# 在资源中查找硬编码的 URL
grep -rE "https?://" app-unpacked/res/

C. 分析 Smali 代码

Smali 是反汇编的 Dalvik 字节码格式：

# 查找特定类
find app-unpacked/smali -name "*Login*.smali"
find app-unpacked/smali -name "*Auth*.smali"

# 搜索与安全相关的代码
grep -r "crypto\|encrypt\|decrypt" app-unpacked/smali/
grep -r "http\|https\|url" app-unpacked/smali/
grep -r "password\|credential\|token" app-unpacked/smali/

# 查找原生库使用情况
grep -r "System.loadLibrary" app-unpacked/smali/

# 查找文件操作
grep -r "openFileOutput\|openFileInput" app-unpacked/smali/

注意：Smali 比 Java 源代码更难阅读。考虑使用 jadx 进行 Java 反编译以便于分析。

# 列出原生库
ls -lah app-unpacked/lib/

# 检查支持的架构
ls app-unpacked/lib/

# 识别库类型
file app-unpacked/lib/arm64-v8a/*.so

# 在库中搜索感兴趣的字符串
strings app-unpacked/lib/arm64-v8a/libnative.so | grep -i "http\|key\|password"

5. 重新打包 APK（构建）

修改资源或 smali 代码后：

apktool b app-unpacked -o app-modified.apk

重要：重新构建的 APK 在安装前必须签名：

# 生成密钥库（一次性设置）
keytool -genkey -v -keystore my-release-key.jks -keyalg RSA -keysize 2048 -validity 10000 -alias my-key-alias

# 签名 APK
jarsigner -verbose -keystore my-release-key.jks app-modified.apk my-key-alias

# 验证签名
jarsigner -verify app-modified.apk

# Zipalign（优化）
zipalign -v 4 app-modified.apk app-modified-aligned.apk

对于系统应用或依赖于设备制造商框架的应用：

# 安装框架
apktool if framework-res.apk

# 列出已安装的框架
apktool list-frameworks

# 使用特定框架解码
apktool d -t <tag> app.apk

工作流程 1：安全分析

# 1. 解包 APK
apktool d target.apk -o target-unpacked

# 2. 检查清单文件中的安全问题
cat target-unpacked/AndroidManifest.xml

# 3. 搜索硬编码的凭据
grep -r "password\|api_key\|secret\|token" target-unpacked/res/

# 4. 检查可调试标志
grep "debuggable" target-unpacked/AndroidManifest.xml

# 5. 查找导出的组件
grep "exported=\"true\"" target-unpacked/AndroidManifest.xml

# 6. 检查网络安全配置
cat target-unpacked/res/xml/network_security_config.xml 2>/dev/null

工作流程 2：物联网应用分析

对于物联网配套应用，查找设备通信详情：

# 1. 解包 APK
apktool d iot-app.apk -o iot-app-unpacked

# 2. 搜索设备端点
grep -rE "https?://[^\"']+" iot-app-unpacked/res/ | grep -v "google\|android"

# 3. 查找 API 密钥
grep -r "api\|key" iot-app-unpacked/res/values/strings.xml

# 4. 定位设备通信代码
find iot-app-unpacked/smali -name "*Device*.smali"
find iot-app-unpacked/smali -name "*Network*.smali"
find iot-app-unpacked/smali -name "*Api*.smali"

# 5. 检查证书固定
grep -r "certificatePinner\|TrustManager" iot-app-unpacked/smali/

工作流程 3：仅资源提取

# 快速仅资源提取
apktool d app.apk -o app-resources -s

# 提取应用图标
cp app-resources/res/mipmap-xxxhdpi/ic_launcher.png ./

# 提取字符串用于本地化
cat app-resources/res/values*/strings.xml

# 提取布局用于 UI 分析
ls app-resources/res/layout/

工作流程 4：快速代码检查（无资源）

# 快速仅代码提取
apktool d app.apk -o app-code -r

# 快速分析 smali
grep -r "http" app-code/smali/ | head -20
grep -r "password" app-code/smali/

Apktool 没有内置的输出格式选项，但您可以构建您的分析：

用于人类可读的报告：

# 生成分析报告
{
  echo "=== APK 分析报告 ==="
  echo "APK: app.apk"
  echo "日期: $(date)"
  echo ""
  echo "=== 权限 ==="
  grep "uses-permission" app-unpacked/AndroidManifest.xml
  echo ""
  echo "=== 导出的组件 ==="
  grep "exported=\"true\"" app-unpacked/AndroidManifest.xml
  echo ""
  echo "=== 包信息 ==="
  grep "package=" app-unpacked/AndroidManifest.xml
} > apk-analysis-report.txt

与 IoTHackBot 工具集成

Apktool 与其他分析工作流程配合良好：

APK → 网络分析 ：
- 从资源中提取 API 端点
- 使用提取的 URL 配合 curl/wget 进行测试
- 将端点提供给网络测试工具
APK → 凭据发现 ：
- 在资源中查找硬编码的凭据
- 针对物联网设备测试凭据
- 与 onvifscan 或其他设备测试工具配合使用
APK → 代码分析 ：
- 使用 apktool 提取 smali 代码
- 使用 jadx 反编译为 Java 以便于阅读
- 在两个工具之间交叉引用发现

1. 始终首先检查清单文件

apktool d app.apk -o app-unpacked
cat app-unpacked/AndroidManifest.xml | less

清单文件为进一步分析提供了路线图。

2. 使用选择性解码以提高速度

仅代码：-r 标志
仅资源：-s 标志
完全解码：无标志（默认）

3. 系统性地搜索

# 创建分析脚本
cat > analyze.sh << 'EOF'
#!/bin/bash
APK_DIR="$1"
echo "[+] 搜索 URL..."
grep -rE "https?://" "$APK_DIR/res/" | grep -v "schema\|google\|android"
echo "[+] 搜索 API 密钥..."
grep -ri "api.*key\|apikey" "$APK_DIR/res/"
echo "[+] 搜索密钥..."
grep -ri "secret\|password\|credential" "$APK_DIR/res/"
EOF
chmod +x analyze.sh
./analyze.sh app-unpacked

4. 记录您的发现

记录以下内容：

APK 包名和版本
感兴趣的权限
硬编码的凭据/URL
导出的组件
安全配置错误

5. 与 Jadx 结合使用

同时使用两个工具：

Apktool ：用于资源、清单文件和详细的 smali
Jadx ：用于可读的 Java 源代码

问题："brut.directory.DirectoryException: Framework"

解决方案 ：安装框架资源：

apktool if <framework-res.apk>

问题：解码因资源错误而失败

解决方案 ：使用 --keep-broken-res 标志：

apktool d app.apk -o output --keep-broken-res

问题："Input file was not found or was not readable"

解决方案 ：检查文件路径和权限：

ls -l app.apk
file app.apk  # 应显示 "Zip archive data"

问题：内存不足错误

解决方案 ：增加 Java 堆大小：

export _JAVA_OPTIONS="-Xmx2048m"
apktool d large-app.apk

问题：修改后构建失败

解决方案 ：验证您的 smali/XML 语法：

# 检查语法错误
apktool b app-unpacked -o test.apk --use-aapt2

问题：重新打包后 APK 无法安装

解决方案 ：签名 APK：

jarsigner -verbose -keystore debug.keystore rebuilt.apk androiddebugkey

Apktool 需要 Java 运行时环境 (JRE)
解码后的 APK 通常比原始大小大 2-5 倍
Smali 代码比 Java 源代码更冗长（使用 jadx 获取 Java 代码）
始终处理 APK 文件的副本，而非原始文件
重新打包需要在安装前签名
某些混淆应用可能具有不可读的类/方法名
系统应用可能需要安装框架

重要：仅分析您拥有或获得分析权限的 APK。

尊重知识产权和许可
遵循负责任的漏洞披露
未经授权不得分发修改后的 APK
注意服务条款和最终用户许可协议
仅用于授权的安全测试和研究

# 完整分析工作流程
TARGET="myapp.apk"
OUTPUT="myapp-analysis"

# 1. 解包
echo "[+] 解包 APK..."
apktool d "$TARGET" -o "$OUTPUT"

# 2. 基本信息
echo "[+] 包信息:"
grep "package=" "$OUTPUT/AndroidManifest.xml"

# 3. 权限
echo "[+] 权限:"
grep "uses-permission" "$OUTPUT/AndroidManifest.xml"

# 4. 导出的组件
echo "[+] 导出的组件:"
grep "exported=\"true\"" "$OUTPUT/AndroidManifest.xml"

# 5. 搜索密钥
echo "[+] 搜索硬编码的密钥..."
grep -r "api.*key\|password\|secret" "$OUTPUT/res/" | grep -v "^Binary"

# 6. 查找 URL
echo "[+] 查找 URL..."
grep -rE "https?://[^\"']+" "$OUTPUT/res/" | grep -v "schema\|xmlns"

# 7. 检查可调试状态
echo "[+] 调试状态:"
grep "debuggable" "$OUTPUT/AndroidManifest.xml" || echo "不可调试（良好）"

# 8. 总结
echo "[+] 分析完成。输出位于: $OUTPUT/"

成功的 apktool 分析包括：

APK 成功解码，无错误
AndroidManifest.xml 可读并已分析
资源已提取并可搜索
Smali 代码可用于检查
安全相关发现已记录
输出组织在清晰的目录结构中
如有需要，任何修改都可以重新打包

# 解码（解包）
apktool d <apk> -o <output-dir>

# 强制覆盖解码
apktool d <apk> -o <output-dir> -f

# 无资源解码（更快）
apktool d <apk> -o <output-dir> -r

# 无源代码解码（更快）
apktool d <apk> -o <output-dir> -s

# 构建（重新打包）
apktool b <unpacked-dir> -o <output-apk>

# 安装框架
apktool if <framework.apk>

# 清空框架缓存
apktool empty-framework-dir

2026 年 1 月 26 日

🇺🇸English

Apktool - Android APK Unpacking and Resource Extraction

You are helping the user reverse engineer Android APK files using apktool for security analysis, vulnerability discovery, and understanding app internals.

Tool Overview

Apktool is a tool for reverse engineering Android APK files. It can decode resources to nearly original form and rebuild them after modifications. It's essential for:

Extracting readable AndroidManifest.xml
Decoding resources (XML layouts, strings, images)
Disassembling DEX to smali code
Analyzing app structure and permissions
Repackaging modified APKs

Prerequisites

apktool must be installed on the system
Java Runtime Environment (JRE) required
Sufficient disk space (unpacked APK is typically 2-5x original size)
Write permissions in output directory

Instructions

1. Basic APK Unpacking (Most Common)

When the user asks to unpack, decode, or analyze an APK:

Standard decode command:

apktool d <apk-file> -o <output-directory>

Example:

apktool d app.apk -o app-unpacked

With force overwrite (if directory exists):

apktool d app.apk -o app-unpacked -f

2. Understanding Output Structure

After unpacking, the output directory contains:

app-unpacked/
├── AndroidManifest.xml          # Readable manifest (permissions, components)
├── apktool.yml                  # Apktool metadata (version info, SDK levels)
├── original/                    # Original META-INF certificates
│   └── META-INF/
├── res/                         # Decoded resources
│   ├── layout/                  # XML layouts
│   ├── values/                  # Strings, colors, dimensions
│   ├── drawable/                # Images and drawables
│   └── ...
├── smali/                       # Disassembled DEX code (smali format)
│   └── com/company/app/        # Package structure
├── assets/                      # App assets (if present)
├── lib/                         # Native libraries (if present)
│   ├── arm64-v8a/
│   ├── armeabi-v7a/
│   └── ...
└── unknown/                     # Files apktool couldn't classify

3. Selective Decoding (Performance Optimization)

Skip resources (code analysis only):

apktool d app.apk -o app-code-only -r
# or
apktool d app.apk -o app-code-only --no-res

Faster processing
Only extracts smali code and manifest
Use when you only need to analyze code logic

Skip source code (resource analysis only):

apktool d app.apk -o app-resources-only -s
# or
apktool d app.apk -o app-resources-only --no-src

Faster processing
Only extracts resources and manifest
Use when you only need resources, strings, layouts

4. Common Analysis Tasks

A. Examining AndroidManifest.xml

The manifest reveals critical security information:

# After unpacking
cat app-unpacked/AndroidManifest.xml

Look for:

Permissions : What device features/data the app accesses
Exported components : Activities, services, receivers accessible from other apps
Intent filters : How the app responds to system/app intents
Backup settings : android:allowBackup="true" (security risk)
Debuggable flag : android:debuggable="true" (major security issue)
Network security config : Custom certificate pinning, cleartext traffic
Min/Target SDK versions : Outdated versions may have vulnerabilities

Example analysis commands:

# Find all permissions
grep "uses-permission" app-unpacked/AndroidManifest.xml

# Find exported components
grep "exported=\"true\"" app-unpacked/AndroidManifest.xml

# Check if debuggable
grep "debuggable" app-unpacked/AndroidManifest.xml

# Find all activities
grep "android:name.*Activity" app-unpacked/AndroidManifest.xml

B. Extracting Strings and Resources

# View all string resources
cat app-unpacked/res/values/strings.xml

# Search for API keys, URLs, credentials
grep -r "api" app-unpacked/res/values/
grep -r "http" app-unpacked/res/values/
grep -r "password\|secret\|key\|token" app-unpacked/res/values/

# Find hardcoded URLs in resources
grep -rE "https?://" app-unpacked/res/

C. Analyzing Smali Code

Smali is the disassembled Dalvik bytecode format:

# Find specific class
find app-unpacked/smali -name "*Login*.smali"
find app-unpacked/smali -name "*Auth*.smali"

# Search for security-relevant code
grep -r "crypto\|encrypt\|decrypt" app-unpacked/smali/
grep -r "http\|https\|url" app-unpacked/smali/
grep -r "password\|credential\|token" app-unpacked/smali/

# Find native library usage
grep -r "System.loadLibrary" app-unpacked/smali/

# Find file operations
grep -r "openFileOutput\|openFileInput" app-unpacked/smali/

Note : Smali is harder to read than Java source. Consider using jadx for Java decompilation for easier analysis.

D. Examining Native Libraries

# List native libraries
ls -lah app-unpacked/lib/

# Check architectures supported
ls app-unpacked/lib/

# Identify library types
file app-unpacked/lib/arm64-v8a/*.so

# Search for interesting strings in libraries
strings app-unpacked/lib/arm64-v8a/libnative.so | grep -i "http\|key\|password"

5. Repackaging APK (Build)

After modifying resources or smali code:

apktool b app-unpacked -o app-modified.apk

Important : Rebuilt APKs must be signed before installation:

# Generate keystore (one-time setup)
keytool -genkey -v -keystore my-release-key.jks -keyalg RSA -keysize 2048 -validity 10000 -alias my-key-alias

# Sign APK
jarsigner -verbose -keystore my-release-key.jks app-modified.apk my-key-alias

# Verify signature
jarsigner -verify app-modified.apk

# Zipalign (optimization)
zipalign -v 4 app-modified.apk app-modified-aligned.apk

6. Framework Management

For system apps or apps dependent on device manufacturer frameworks:

# Install framework
apktool if framework-res.apk

# List installed frameworks
apktool list-frameworks

# Decode with specific framework
apktool d -t <tag> app.apk

Common Workflows

Workflow 1: Security Analysis

# 1. Unpack APK
apktool d target.apk -o target-unpacked

# 2. Examine manifest for security issues
cat target-unpacked/AndroidManifest.xml

# 3. Search for hardcoded credentials
grep -r "password\|api_key\|secret\|token" target-unpacked/res/

# 4. Check for debuggable flag
grep "debuggable" target-unpacked/AndroidManifest.xml

# 5. Find exported components
grep "exported=\"true\"" target-unpacked/AndroidManifest.xml

# 6. Examine network security config
cat target-unpacked/res/xml/network_security_config.xml 2>/dev/null

Workflow 2: IoT App Analysis

For IoT companion apps, find device communication details:

# 1. Unpack APK
apktool d iot-app.apk -o iot-app-unpacked

# 2. Search for device endpoints
grep -rE "https?://[^\"']+" iot-app-unpacked/res/ | grep -v "google\|android"

# 3. Find API keys
grep -r "api\|key" iot-app-unpacked/res/values/strings.xml

# 4. Locate device communication code
find iot-app-unpacked/smali -name "*Device*.smali"
find iot-app-unpacked/smali -name "*Network*.smali"
find iot-app-unpacked/smali -name "*Api*.smali"

# 5. Check for certificate pinning
grep -r "certificatePinner\|TrustManager" iot-app-unpacked/smali/

Workflow 3: Resource Extraction Only

# Fast resource-only extraction
apktool d app.apk -o app-resources -s

# Extract app icon
cp app-resources/res/mipmap-xxxhdpi/ic_launcher.png ./

# Extract strings for localization
cat app-resources/res/values*/strings.xml

# Extract layouts for UI analysis
ls app-resources/res/layout/

Workflow 4: Quick Code Check (No Resources)

# Fast code-only extraction
apktool d app.apk -o app-code -r

# Analyze smali quickly
grep -r "http" app-code/smali/ | head -20
grep -r "password" app-code/smali/

Output Formats

Apktool doesn't have built-in output format options, but you can structure your analysis:

For human-readable reports:

# Generate analysis report
{
  echo "=== APK Analysis Report ==="
  echo "APK: app.apk"
  echo "Date: $(date)"
  echo ""
  echo "=== Permissions ==="
  grep "uses-permission" app-unpacked/AndroidManifest.xml
  echo ""
  echo "=== Exported Components ==="
  grep "exported=\"true\"" app-unpacked/AndroidManifest.xml
  echo ""
  echo "=== Package Info ==="
  grep "package=" app-unpacked/AndroidManifest.xml
} > apk-analysis-report.txt

Integration with IoTHackBot Tools

Apktool works well with other analysis workflows:

APK → Network Analysis :
- Extract API endpoints from resources
- Use extracted URLs with curl/wget for testing
- Feed endpoints to network testing tools
APK → Credential Discovery :
- Find hardcoded credentials in resources
- Test credentials against IoT devices
- Use with onvifscan or other device testing tools
APK → Code Analysis :
- Extract smali code with apktool
- Decompile to Java with jadx for easier reading
- Cross-reference findings between both tools

Best Practices

1. Always Examine the Manifest First

apktool d app.apk -o app-unpacked
cat app-unpacked/AndroidManifest.xml | less

The manifest provides the roadmap for further analysis.

2. Use Selective Decoding for Speed

Code only: -r flag
Resources only: -s flag
Full decode: No flags (default)

3. Search Systematically

# Create analysis script
cat > analyze.sh << 'EOF'
#!/bin/bash
APK_DIR="$1"
echo "[+] Searching for URLs..."
grep -rE "https?://" "$APK_DIR/res/" | grep -v "schema\|google\|android"
echo "[+] Searching for API keys..."
grep -ri "api.*key\|apikey" "$APK_DIR/res/"
echo "[+] Searching for secrets..."
grep -ri "secret\|password\|credential" "$APK_DIR/res/"
EOF
chmod +x analyze.sh
./analyze.sh app-unpacked

4. Document Your Findings

Keep notes on:

APK package name and version
Interesting permissions
Hardcoded credentials/URLs
Exported components
Security misconfigurations

5. Combine with Jadx

Use both tools together:

Apktool : For resources, manifest, and detailed smali
Jadx : For readable Java source code

Troubleshooting

Problem: "brut.directory.DirectoryException: Framework"

Solution : Install framework resources:

apktool if <framework-res.apk>

Problem: Decoding fails with resource errors

Solution : Use --keep-broken-res flag:

apktool d app.apk -o output --keep-broken-res

Problem: "Input file was not found or was not readable"

Solution : Check file path and permissions:

ls -l app.apk
file app.apk  # Should show "Zip archive data"

Problem: Out of memory error

Solution : Increase Java heap size:

export _JAVA_OPTIONS="-Xmx2048m"
apktool d large-app.apk

Problem: Build fails after modifications

Solution : Validate your smali/XML syntax:

# Check for syntax errors
apktool b app-unpacked -o test.apk --use-aapt2

Problem: APK won't install after repackaging

Solution : Sign the APK:

jarsigner -verbose -keystore debug.keystore rebuilt.apk androiddebugkey

Important Notes

Apktool requires Java Runtime Environment (JRE)
Decoded APKs are typically 2-5x larger than original
Smali code is more verbose than Java source (use jadx for Java)
Always work on copies of APK files, never originals
Repackaging requires signing before installation
Some obfuscated apps may have unreadable class/method names
System apps may require framework installation

Security and Ethics

IMPORTANT : Only analyze APKs you own or have permission to analyze.

Respect intellectual property and licensing
Follow responsible disclosure for vulnerabilities
Don't distribute modified APKs without authorization
Be aware of terms of service and EULAs
Use for authorized security testing and research only

Example Analysis Session

# Complete analysis workflow
TARGET="myapp.apk"
OUTPUT="myapp-analysis"

# 1. Unpack
echo "[+] Unpacking APK..."
apktool d "$TARGET" -o "$OUTPUT"

# 2. Basic info
echo "[+] Package info:"
grep "package=" "$OUTPUT/AndroidManifest.xml"

# 3. Permissions
echo "[+] Permissions:"
grep "uses-permission" "$OUTPUT/AndroidManifest.xml"

# 4. Exported components
echo "[+] Exported components:"
grep "exported=\"true\"" "$OUTPUT/AndroidManifest.xml"

# 5. Search for secrets
echo "[+] Searching for hardcoded secrets..."
grep -r "api.*key\|password\|secret" "$OUTPUT/res/" | grep -v "^Binary"

# 6. Find URLs
echo "[+] Finding URLs..."
grep -rE "https?://[^\"']+" "$OUTPUT/res/" | grep -v "schema\|xmlns"

# 7. Check debuggable
echo "[+] Debug status:"
grep "debuggable" "$OUTPUT/AndroidManifest.xml" || echo "Not debuggable (good)"

# 8. Summary
echo "[+] Analysis complete. Output in: $OUTPUT/"

Success Criteria

A successful apktool analysis includes:

APK successfully decoded without errors
AndroidManifest.xml is readable and analyzed
Resources extracted and searchable
Smali code available for inspection
Security-relevant findings documented
Output organized in clear directory structure
Any modifications can be repackaged if needed

Quick Reference

# Decode (unpack)
apktool d <apk> -o <output-dir>

# Decode with force overwrite
apktool d <apk> -o <output-dir> -f

# Decode without resources (faster)
apktool d <apk> -o <output-dir> -r

# Decode without source (faster)
apktool d <apk> -o <output-dir> -s

# Build (repack)
apktool b <unpacked-dir> -o <output-apk>

# Install framework
apktool if <framework.apk>

# Empty framework cache
apktool empty-framework-dir

Weekly Installs

Repository

brownfinesecuri…thackbot

GitHub Stars

681

First Seen

Jan 26, 2026

Security Audits

Gen Agent Trust HubPass SocketPass SnykWarn

Installed on

gemini-cli66

opencode66

codex63

github-copilot61

cursor58

claude-code49

Azure PostgreSQL 无密码身份验证配置指南：Entra ID 迁移与访问管理

34,800 周安装