1 Tools


2 Android Application Fundamentals

2.1 APK Framwork

APK Contents (Not exhaustive)

  • AndroidManifest.xml
    • Certificate lives here!
  • classes.dex
    • Dalvik bytecode for application in the DEX file format. This is the Java (or Kotlin) code that the application will run by default.
  • lib/
    • Native libraries for the application, by default, live here! Under the lib/ directory, there are the cpu-specific directories. Ex: armeabi, mips,
  • assets/
    • Any other files that may be needed by the app.
    • Additional native libraries or DEX files may be included here. This can happen especially when malware authors want to try and “hide” additional code, native or Dalvik, by not including it in the default locations.

2.2 Dalvik & Smali

Flowchart of Developer's process. Java to DEX bytecode

Reverse: Dalvik byte code -> SMALI -> Decompiled Java


2.3 Entry Points

(1)Launch Activity

The launcher activity is what most people think of as the entry point to an Android application. The launcher activity is the activity that is started when a user clicks on the icon for an application. You can determine the launcher activity by looking at the application’s manifest. The launcher activity will have the following MAIN and LAUNCHER intents listed.

Keep in mind that not every application will have a launcher activity, especially apps without a UI. Examples of applications without a UI (and thus a launcher activity) are pre-installed applications that perform services in the background, such as voicemail.

<activity android:name=".LauncherActivity">
  <action android:name="android.intent.action.MAIN" />
      <category android:name="android.intent.category.LAUNCHER" />


Running background

The default way that a service can be started as an entry point to an application is through Intents.

When the startService API is called to start a Service, the onStart method in the Service is executed.

(3)Broadcast Receivers

want to receive the signal when a call and thats when I begin to execute

(4)Info providers


(5)Application subclass

every Android app is from the app class ,and they can also declare an app subclass

If the attachBaseContext method is defined in the Application subclass, it is called first, before the onCreate method.

(6)Exported components

Services and Activities can also be “exported”, which allows other processes on the device to start the service or launch the activity. The components are exported by setting an element in the manifest like below. By default, android:exported="false" unless this element is set to true in the manifest or intent-filters are defined for the Activity or Service.

<service android:name=".ExampleExportedService" android:exported="true"/>
<activity android:name=".ExampleExportedActivity" android:exported="true"/>



您的电子邮箱地址不会被公开。 必填项已用*标注