apktool 官方文檔:https://ibotpeaches.github.io/Apktool/documentation/
1 window系統安裝
(1)cmd 執行java -version ,檢查Java 1.8 安裝環境是否可用,不可用需安裝Java1.8
(2)下載下傳apktool.jar https://bitbucket.org/iBotPeaches/apktool/downloads/?tab=downloads
(3)下載下傳apktool.bat apktool.bat
(4)将apktool.jar和apktool.bat放在磁盤某個目錄,将這個目錄路徑添加到系統變量中。
(5)cmd 執行apktool -v 檢視安裝成功。
2将apk 或者jar包解密成為folder檔案夾。指令如下:
apktool d xxx.apk或apktool decode xxx.apk
對apk作用過程如下:
I: Loading resource table...
I: Decoding AndroidManifest.xml with resources... //解碼AndroidManifest.xml
I: Loading resource table from file: C:\Users\vend_wsd_sbo_005\AppData\Local\apktool\framework\1.apk
I: Regular manifest package...
I: Decoding file-resources...//解碼file-resources
I: Decoding values */* XMLs...//解碼XML
I: Baksmaling classes.dex... //将dex檔案decode成smali 檔案包
I: Baksmaling classes2.dex...
I: Baksmaling classes3.dex...
I: Copying assets and libs...//拷貝assets and libs
I: Copying unknown files...//拷貝unknown files
I: Copying original files...
apktool d xxx.jar或apktool decode xxx.jar
對jar包作用過程如下:
I: Using Apktool 2.4.1 on framework.jar
I: Baksmaling classes.dex...//将dex檔案decode成smali 檔案包
I: Baksmaling classes2.dex...
I: Baksmaling classes3.dex...
I: Baksmaling classes4.dex...
I: Copying assets and libs...
I: Copying unknown files...
I: Copying original files...
debug可選參數如下:
usage: apktool [-q|--quiet OR -v|--verbose] d[ecode] [options] <file_apk>
-api,--api-level <API> The numeric api-level of the file to generate, e.g. 14 for ICS.
-b,--no-debug-info don't write out debug info (.local, .param, .line, etc.)//去除debug資訊
-f,--force Force delete destination directory.//如果目标檔案已存在強制删除
--force-manifest Decode the APK's compiled manifest, even if decoding of resources is set to "false".
-k,--keep-broken-res Use if there was an error and some resources were dropped, e.g.//如果res檔案存在error将忽略,building
"Invalid config flags detected. Dropping resources", but you
want to decode them anyway, even with errors. You will have to
fix them manually before building.
-m,--match-original Keeps files to closest to original as possible. Prevents rebuild.//跳過assets檔案
--no-assets Do not decode assets.
-o,--output <dir> The name of folder that gets written. Default is apk.out//定義輸出檔案夾名字,定義輸出檔案路徑
--only-main-classes Only disassemble the main dex classes (classes[0-9]*.dex) in the root.//隻反彙編主要的dex檔案
-p,--frame-path <dir> Uses framework files located in <dir>.//定義framework files的路徑
-r,--no-res Do not decode resources.//跳過資源檔案
-s,--no-src Do not decode sources.//跳過src檔案
-t,--frame-tag <tag> Uses framework files tagged by <tag>.//指定使用哪一個tag的framework 檔案
3 if|install-framework 對于某些依賴framwork resource 的apk,需要先設定framework-res.apk .不然報如下錯誤:
framework-res.apk通常在裝置/system/framework 目錄下,對一些裝置也可能在/data/system-framework、/system/app、/system/priv-app
目錄下,framework-res.apk命名通常包含"resources", "res" or "framework"這些單詞。
設定指令如下:
(1)從裝置中pull出framework-res.apk,
adb pull /system/framework/framework-res.apk
(2)設定framework-res.apk
apktool install-framework framework-res.apk 或apktool if framework-res.apk
I: Framework installed to: C:\Users\vend_wsd_sbo_005\AppData\Local\apktool\framework\1.apk
install-framework可選參數如下:
usage: apktool [-q|--quiet OR -v|--verbose] if [options] <framework.apk>
-p,--frame-path <dir> Stores framework files into <dir>.//指定安裝路徑
-t,--tag <tag> Tag frameworks using <tag>.//指定安裝tag,tag用于标記該framework來自與哪一個裝置,不同裝置framework是不一樣的
4 回編,檔案夾重新打包為apk,指令如下:
apktool b xxx/ -o xxx.apk
注意:參數必須是一個路徑,且路徑下有apktool.yml檔案
過程如下:
I: Using Apktool 2.4.1
I: Checking whether sources has changed...
I: Smaling smali folder into classes.dex... //将smali檔案包enclode成dex檔案
I: Checking whether resources has changed...
I: Copying raw resources...
I: Copying libs... (/lib)
I: Building apk file...
I: Copying unknown files/dir...
I: Built apk...
//build可選參數如下
usage: apktool [-q|--quiet OR -v|--verbose] b[uild] [options] <app_path>
-a,--aapt <loc> Loads aapt from specified location.//從指定目錄加載aapt
-api,--api-level <API> The numeric api-level of the file to generate, e.g. 14 for ICS.//指定生成apk檔案的api級别
-c,--copy-original Copies original AndroidManifest.xml and META-INF. See project page for more info.//拷貝原始檔案 AndroidManifest.xml and META-INF
-d,--debug Sets android:debuggable to "true" in the APK's compiled manifest //設定apk debug模式
-f,--force-all Skip changes detection and build all files.//強制覆寫目标檔案
-nc,--no-crunch Disable crunching of resource files during the build step.//禁用對資源檔案處理
-o,--output <dir> The name of apk that gets written. Default is dist/name.apk //指定apk路徑和名字
-p,--frame-path <dir> Uses framework files located in <dir>. //使用 架構中檔案
--use-aapt2 Upgrades apktool to use experimental aapt2 binary.
apktool 參數其他指令:
usage: apktool [-q|--quiet OR -v|--verbose]//檢視幫助資訊
-advance,--advanced prints advance information.//檢視進階資訊
-version,--version prints the version then exits //檢視版本
usage: apktool [-q|--quiet OR -v|--verbose] publicize-resources <file_path>
usage: apktool [-q|--quiet OR -v|--verbose] empty-framework-dir [options] //清空framework 目錄
-f,--force Force delete destination directory.
-p,--frame-path <dir> Stores framework files into <dir>.
FAQ
(1)apktool decode 時資源檔案報錯怎麼辦?
可以使用 apktool -r 跳過資源檔案decode,或者有的apk依賴framework資源時,需要提前 apltool if framework-res.apk。
(2)apktool b 回編報錯怎麼辦?例子
apktool d 時加-r 參數,注意路徑下有apktool.yml檔案。
(3)回編以後不能安裝?還需要簽名。
生成key.keystore:
chcp 936 //先執行,防止cmd 亂碼
keytool -genkey -alias key.keystore -keyalg RSA -validity 30000 -keystore key.keystore
可用于沒有簽名和已經簽名的apk,再次簽名:
jarsigner -verbose -keystore [keystorePath] -signedjar [apkOut] [apkin] [alias]
參數意義:
-verbose // 輸出簽名過程的詳細資訊
-keystore [keystorePath] // 密鑰的庫的位置
-signedjar [apkOut] // 簽名後的輸出檔案名
[apkin] // 待簽名的檔案名
[alias] //證書别名
jarsigner -verbose -keystore key.keystore -signedjar app-debug_signed.apk app-debug.apk key.keystore