apktool 官方文档:https://ibotpeaches.github.io/Apktool/documentation/
1 window系统安装
(1)cmd 执行java -version ,检查Java 1.8 安装环境是否可用,不可用需安装Java1.8
(2)下载apktool.jar https://bitbucket.org/iBotPeaches/apktool/downloads/?tab=downloads
(3)下载apktool.bat apktool.bat
(4)将apktool.jar和apktool.bat放在磁盘某个目录,将这个目录路径添加到系统变量中。
(5)cmd 执行apktool -v 查看安装成功。
2将apk 或者jar包解密成为folder文件夹。命令如下:
apktool d xxx.apk或apktool decode xxx.apk
对apk作用过程如下:
I: Loading resource table...
I: Decoding AndroidManifest.xml with resources... //解码AndroidManifest.xml
I: Loading resource table from file: C:\Users\vend_wsd_sbo_005\AppData\Local\apktool\framework\1.apk
I: Regular manifest package...
I: Decoding file-resources...//解码file-resources
I: Decoding values */* XMLs...//解码XML
I: Baksmaling classes.dex... //将dex文件decode成smali 文件包
I: Baksmaling classes2.dex...
I: Baksmaling classes3.dex...
I: Copying assets and libs...//拷贝assets and libs
I: Copying unknown files...//拷贝unknown files
I: Copying original files...
apktool d xxx.jar或apktool decode xxx.jar
对jar包作用过程如下:
I: Using Apktool 2.4.1 on framework.jar
I: Baksmaling classes.dex...//将dex文件decode成smali 文件包
I: Baksmaling classes2.dex...
I: Baksmaling classes3.dex...
I: Baksmaling classes4.dex...
I: Copying assets and libs...
I: Copying unknown files...
I: Copying original files...
debug可选参数如下:
usage: apktool [-q|--quiet OR -v|--verbose] d[ecode] [options] <file_apk>
-api,--api-level <API> The numeric api-level of the file to generate, e.g. 14 for ICS.
-b,--no-debug-info don't write out debug info (.local, .param, .line, etc.)//去除debug信息
-f,--force Force delete destination directory.//如果目标文件已存在强制删除
--force-manifest Decode the APK's compiled manifest, even if decoding of resources is set to "false".
-k,--keep-broken-res Use if there was an error and some resources were dropped, e.g.//如果res文件存在error将忽略,building
"Invalid config flags detected. Dropping resources", but you
want to decode them anyway, even with errors. You will have to
fix them manually before building.
-m,--match-original Keeps files to closest to original as possible. Prevents rebuild.//跳过assets文件
--no-assets Do not decode assets.
-o,--output <dir> The name of folder that gets written. Default is apk.out//定义输出文件夹名字,定义输出文件路径
--only-main-classes Only disassemble the main dex classes (classes[0-9]*.dex) in the root.//只反汇编主要的dex文件
-p,--frame-path <dir> Uses framework files located in <dir>.//定义framework files的路径
-r,--no-res Do not decode resources.//跳过资源文件
-s,--no-src Do not decode sources.//跳过src文件
-t,--frame-tag <tag> Uses framework files tagged by <tag>.//指定使用哪一个tag的framework 文件
3 if|install-framework 对于某些依赖framwork resource 的apk,需要先设置framework-res.apk .不然报如下错误:
framework-res.apk通常在设备/system/framework 目录下,对一些设备也可能在/data/system-framework、/system/app、/system/priv-app
目录下,framework-res.apk命名通常包含"resources", "res" or "framework"这些单词。
设置命令如下:
(1)从设备中pull出framework-res.apk,
adb pull /system/framework/framework-res.apk
(2)设置framework-res.apk
apktool install-framework framework-res.apk 或apktool if framework-res.apk
I: Framework installed to: C:\Users\vend_wsd_sbo_005\AppData\Local\apktool\framework\1.apk
install-framework可选参数如下:
usage: apktool [-q|--quiet OR -v|--verbose] if [options] <framework.apk>
-p,--frame-path <dir> Stores framework files into <dir>.//指定安装路径
-t,--tag <tag> Tag frameworks using <tag>.//指定安装tag,tag用于标记该framework来自与哪一个设备,不同设备framework是不一样的
4 回编,文件夹重新打包为apk,命令如下:
apktool b xxx/ -o xxx.apk
注意:参数必须是一个路径,且路径下有apktool.yml文件
过程如下:
I: Using Apktool 2.4.1
I: Checking whether sources has changed...
I: Smaling smali folder into classes.dex... //将smali文件包enclode成dex文件
I: Checking whether resources has changed...
I: Copying raw resources...
I: Copying libs... (/lib)
I: Building apk file...
I: Copying unknown files/dir...
I: Built apk...
//build可选参数如下
usage: apktool [-q|--quiet OR -v|--verbose] b[uild] [options] <app_path>
-a,--aapt <loc> Loads aapt from specified location.//从指定目录加载aapt
-api,--api-level <API> The numeric api-level of the file to generate, e.g. 14 for ICS.//指定生成apk文件的api级别
-c,--copy-original Copies original AndroidManifest.xml and META-INF. See project page for more info.//拷贝原始文件 AndroidManifest.xml and META-INF
-d,--debug Sets android:debuggable to "true" in the APK's compiled manifest //设置apk debug模式
-f,--force-all Skip changes detection and build all files.//强制覆盖目标文件
-nc,--no-crunch Disable crunching of resource files during the build step.//禁用对资源文件处理
-o,--output <dir> The name of apk that gets written. Default is dist/name.apk //指定apk路径和名字
-p,--frame-path <dir> Uses framework files located in <dir>. //使用 框架中文件
--use-aapt2 Upgrades apktool to use experimental aapt2 binary.
apktool 参数其他命令:
usage: apktool [-q|--quiet OR -v|--verbose]//查看帮助信息
-advance,--advanced prints advance information.//查看高级信息
-version,--version prints the version then exits //查看版本
usage: apktool [-q|--quiet OR -v|--verbose] publicize-resources <file_path>
usage: apktool [-q|--quiet OR -v|--verbose] empty-framework-dir [options] //清空framework 目录
-f,--force Force delete destination directory.
-p,--frame-path <dir> Stores framework files into <dir>.
FAQ
(1)apktool decode 时资源文件报错怎么办?
可以使用 apktool -r 跳过资源文件decode,或者有的apk依赖framework资源时,需要提前 apltool if framework-res.apk。
(2)apktool b 回编报错怎么办?例子
apktool d 时加-r 参数,注意路径下有apktool.yml文件。
(3)回编以后不能安装?还需要签名。
生成key.keystore:
chcp 936 //先执行,防止cmd 乱码
keytool -genkey -alias key.keystore -keyalg RSA -validity 30000 -keystore key.keystore
可用于没有签名和已经签名的apk,再次签名:
jarsigner -verbose -keystore [keystorePath] -signedjar [apkOut] [apkin] [alias]
参数意义:
-verbose // 输出签名过程的详细信息
-keystore [keystorePath] // 密钥的库的位置
-signedjar [apkOut] // 签名后的输出文件名
[apkin] // 待签名的文件名
[alias] //证书别名 jarsigner -verbose -keystore key.keystore -signedjar app-debug_signed.apk app-debug.apk key.keystore