Sometimes it is interesting to modify the application code to access hidden information for you \(maybe well obfuscated passwords or flags\). Then, it could be interesting to decompile the apk, modify the code and recompile it.
Using **Visual Code** and the extension [https://github.com/Surendrajat/APKLab](https://github.com/Surendrajat/APKLab) you can **automatically decompile**, modify and **recompile** the application without executing any command.
Using APKTool you can access to the **smali code and resources**:
```text
apktool d APP.apk
```
If **apktool** gives you any error, try[ installing the **latest version**](https://ibotpeaches.github.io/Apktool/install/)
Some **interesting files you should look are**:
* _res/values/strings.xml_ \(and all xmls inside res/values/\*\)
* _AndroidManifest.xml_
* Any file with extension _.sqlite_ or _.db_
If `apktool` has **problems decoding the application** take a look to [https://ibotpeaches.github.io/Apktool/documentation/\#framework-files](https://ibotpeaches.github.io/Apktool/documentation/#framework-files) or try using the argument **`-r`** \(Do not decode resources\). Then, if the problem was in a resource and not in the source code, you won't have the problem \(you won't also decompile the resources\).
## Change smali code
You can **change****instructions**, change the **value** of some variables or **add** new instructions. I change the Smali code using [**VisualCode**](https://code.visualstudio.com/), you then download the plugin for the **smali extension** and the editor will tell you if any **instruction is incorrect**.
Some **examples** can be found here:
* [Smali changes examples](smali-changes.md)
* [Google CTF 2018 - Shall We Play a Game?](google-ctf-2018-shall-we-play-a-game.md)
Or you can [**check below some Smali changes explained**](smali-changes.md#modifying-smali).
## Recompile the APK
After modifying the code you can **recompile** the code using:
```bash
apktool b . #In the folder generated when you decompiled the application
```
It will **compile** the new APK **inside** the _**dist**_ folder.
If **apktool** throws an **error**, try[ installing the **latest version**](https://ibotpeaches.github.io/Apktool/install/)\*\*\*\*
### **Sing the new APK**
Then, you need to **generate a key** \(you will be asked for a password and for some information that you can fill randomly\):
**zipalign** is an archive alignment tool that provides important optimisation to Android application \(APK\) files. [More information here](https://developer.android.com/studio/command-line/zipalign).
If you **prefer** to use ****[**apksigner**](https://developer.android.com/studio/command-line/apksigner) **instead of jarsigner,** you should sing the apk **after applying** the optimization with **zipaling**. BUT NOTICE THAT **YOU ONLY HAVE TO SIGN THE APPLCIATION ONCE** WITH jarsigner \(before zipalign\) OR WITH aspsigner\(after zipaling\).
* If you are going to use declared variables inside the function \(declared v0,v1,v2...\) put these lines between the _.local <number>_ and the declarations of the variables \(_const v0, 0x1_\)
* If you want to put the logging code in the middle of the code of a function:
* Add 2 to the number of declared variables: Ex: from _.locals 10_ to _.locals 12_
* The new variables should be the next numbers of the already declared variables \(in this example should be _v10_ and _v11_, remember that it starts in v0\).
* Change the code of the logging function and use _v10_ and _v11_ instead of _v5_ and _v1_.
### Toasting
Remember to add 3 to the number of _.locals_ at the begging of the function.
This code is prepared to be inserted in the **middle of a function** \(**change** the number of the **variables** as necessary\). It will take the **value of this.o**, **transform** it to **String** and them **make** a **toast** with its value.
