Are you an app developer looking for a powerful app analysis tool? Do you want to get a good view of the architecture and dependencies in your app? Ever tried to disassemble bytecodes in Android™ apps? You can do all this and much more with ApkAnalyser, our new virtual analysis tool that we’re also making available as open source. Learn more after the jump.
ApkAnalyser is a static, virtual analysis tool for examining and validating the development work of your Android™ app. It’s a complete tool chain which supports modification of the binary application with more printouts. You are then able to repack, install, run and verify the result from logcat. ApkAnalyser also supports resource analysis, and you can decode XML, look up resource references and detect potential issues in your app. This tool is completely written in Java and requires JRE 1.6 or above. It works on Windows, Linux and Mac OS X. To download and install it, please check out the instructions below.
ApkAnalyser actually includes a number of useful features in several different areas, such as when you’re exploring code and XML, digging deeper in the architecture and dependencies, working with injection and deodexing, or when you’re making a resource analysis. Other features include:
- Explore packages, classes, methods and fields, and look up packages, classes, methods, references and read/write accesses.
- Disassemble Dalvik bytecode methods with syntaxes highlighted.
- Decode Android XML files with syntaxes highlighted.
- Display UML packages and class diagrams, and highlight package and class dependencies.
- Modify the APK file with predefined Dalvik bytecode injections.
- View the logcat with debug level filters.
- Support odex applications and libraries.
- List resource IDs and its contents.
- Find unused resources by resource ID or files.
- Find system resource (@android) references.
For more information about the different features, check out the APKAnalyser wiki page.
Download ApkAnalyser and get started
So if you’re an Android™ app developer, ApkAnalyser might speed up your analysis work and give you a lot more insights. Here’s how to download and install it:
- Download the ApkAnalyser jar file from the Developer World GitHub.
- Copy the jar file to your local disk and execute the following command in the command prompt to start ApkAnalyser: java -Xmx1024m -jar ApkAnalyser.jar
- Before you start to analyse your apps, you need to configure the ApkAnalyser. Go to File > Set paths. In the Classpath tab, you can select several jar files or odex files to be loaded as reference libraries. Or you can simply pick a platform folder in the Android SDK tab, for example C:android-sdk-windowsplatformsandroid-15. ApkAnalyser will then import all the jar files in that folder. After that, add the APK file on the right side.
- Go to File > Settings. Change adb executable path to point out the location of adb, for example C:android-sdk-windowsplatform-toolsadb.exe.
- Start analysing your app by clicking File> Analyse.
The main view of ApkAnalyser
Now if you’ve downloaded and installed ApkAnalyser, you might want to take a quick look around the UI (to learn more, check out the Developer World GitHub APKAanalyser wiki). The main window of ApkAnalyser consists of three areas. In the upper left, the tree lists reference libraries with a numerical reference counter. In the upper right, the tree shows the classes and resources of the targeted APK file.
When the fields, methods or resource IDs are expanded in the tree, the method invocations, field accesses or resource references for each item will be listed.
The area at the bottom of the main view is a preview window. It shows different types of information according to what you select in the right and left trees. In general, there are four kinds of output in the preview window:
- UML diagrams for packages and classes.
- A Dalvik disassembler for methods.
- A resource detail view for resource IDs.
- An XML decoder for XML resources.
Verifying resources with ApkAnalyser
Another good use of ApkAnalyser is to make it help you verify resources. Maybe you’re tired of seeing Resources$NotFoundException when your apps are crashing? Or maybe you have some text strings missing translation? Here are some scenarios where ApkAnalyser can help you:
- When there’s missing resources in the package. The resource is registered but the content is missing while Android Asset Packaging Tool (aapt) packs it.
- When there’s no DPI specific resource. The DPI specific resource is missing, and there is no default value on that resource.
- When there’s no default value of the resource.
- When there’s missing translations. ApkAnalyer will then collect all the language information from the resource file (resources.arsc), and use it to verify the resources one by one. A report will then be generated, showing all the resources that are missing some language configurations.
All of this will help you verify all the resources, and list potential problems.
To verify your resources, click Resource > Verify xml resources. All you need to do is to provide the screen pixel density (dpi) of your targeting device. “ldpi”, “mdpi”, “hdpi” or “xhdpi” can be selected in the sub menu, and if the application is not a specific DPI build, “nodpi” could be selected.
ApkAnalyser also makes it possible to create a set of bytecode modifications, which could be applied to the APK file in a batch. This automatically adds printouts of suspicious pieces of code, to support you in investigating the execution flow of the application.
You can do this by using any of the two quick samples below. You can choose to apply them on some packages, classes or even the whole APK. The first sample will print all the input parameters of a method in the ApiDemo application from Android SDK. The second sample shows how to get the return value of a method.
How to print all the input parameters of a method:
- In the targeted APK’s tree, navigate to “com.example.android.apis.graphics”.
- Select “FingerPaint$MyView.”
- Right click “touch_move(float x, float y).”
- Apply “Print method entry(with params)”.
This will append the following output to the logcat when the method is being invoked:
com.example.android.apis.graphics.FingerPaint$MyView:touch_move(float x, float y)void(0,102)
parameter: float x = 155.0
parameter: float y = 290.0
How to get the return value of a method:
- In the targeted APK’s tree, navigate to “com.example.android.apis.graphics.”
- Select “FingerPaint$MyView.”
- Right click “onTouchEvent(android.view.MotionEvent event) boolean.“
- Apply “Print method exit(with return value)”.
This will append the following output to the logcat when the method returns:
< com.example.android.apis.graphics.FingerPaint$MyView:onTouchEvent(android.view.MotionEvent event)boolean(10,137)
return: boolean = true
More than twenty types of modifications to create different sets of bytecode are supported. To find out more about these, a complete tutorial is available on the Developer World GitHub APKAnalyser tutorial wiki page.
Use and improve ApkAnalyser
We hope many of you will have great use of ApkAnalyser – feel free to start downloading it today! Since ApkAnalyser is open source, we would be really happy if you would work together with us to improve this tool. If you have any ideas, feel free to contact us, either through the comments of this blogpost, or by checking out the ApkAnalyser forum thread on XDA forum.
So what do you think? Will this tool be useful for you?
- Download the ApkAnalyser jar-file to start using the tool.
- Download the ApkAnalyser source code from the Developer World GitHub.
- Read more on the ApkAnalyser wiki pages.
- Check out the ApkAnalyser analysis and injection tutorials.
- Learn more in the ApkAnalyser troubleshooting section.
- Check out other Sony analysis tools for developers.