1 Tools
2 Android Application Fundamentals
2.1 APK Framwork
APK Contents (Not exhaustive)
- AndroidManifest.xml
- META-INF/
- Certificate lives here!
- classes.dex
- Dalvik bytecode for application in the DEX file format. This is the Java (or Kotlin) code that the application will run by default.
- lib/
- Native libraries for the application, by default, live here! Under the lib/ directory, there are the cpu-specific directories. Ex: armeabi, mips,
- assets/
- Any other files that may be needed by the app.
- Additional native libraries or DEX files may be included here. This can happen especially when malware authors want to try and “hide” additional code, native or Dalvik, by not including it in the default locations.
2.2 Dalvik & Smali
Reverse: Dalvik byte code -> SMALI -> Decompiled Java
2.3 Entry Points
(1)Launch Activity
The launcher activity is what most people think of as the entry point to an Android application. The launcher activity is the activity that is started when a user clicks on the icon for an application. You can determine the launcher activity by looking at the application’s manifest. The launcher activity will have the following MAIN and LAUNCHER intents listed.
Keep in mind that not every application will have a launcher activity, especially apps without a UI. Examples of applications without a UI (and thus a launcher activity) are pre-installed applications that perform services in the background, such as voicemail.
<activity android:name=".LauncherActivity">
<intent-filter>
<action android:name="android.intent.action.MAIN" />
<category android:name="android.intent.category.LAUNCHER" />
</intent-filter>
</activity>(2)Services
Running background
The default way that a service can be started as an entry point to an application is through Intents.
When the startService API is called to start a Service, the onStart method in the Service is executed.
(3)Broadcast Receivers
want to receive the signal when a call and thats when I begin to execute
(4)Info providers
database()
(5)Application subclass
every Android app is from the app class ,and they can also declare an app subclass
If the attachBaseContext method is defined in the Application subclass, it is called first, before the onCreate method.
(6)Exported components
Services and Activities can also be “exported”, which allows other processes on the device to start the service or launch the activity. The components are exported by setting an element in the manifest like below. By default, android:exported="false" unless this element is set to true in the manifest or intent-filters are defined for the Activity or Service.
<service android:name=".ExampleExportedService" android:exported="true"/>
<activity android:name=".ExampleExportedActivity" android:exported="true"/>
Looks great!