Skip to main content
Apktool scripts automate the complete APK analysis workflow from decompilation to installation. These scripts handle local and remote execution, APK rebuilding, signing with certificates, and device installation.

Overview

ScriptPurposeEnvironment
apktool_decode_local.batDecode APK locallyWindows
apktool_decode_remote.batDecode APK on remote serverWindows (SSH)
apktool_build_local.batRebuild APK from sourceWindows
apk_sign_local.batSign APK with certificateWindows
apk_install_local.batInstall APK to Android deviceWindows

Tool Version

Apktool: v2.4.0 (from install scripts) Download: https://bitbucket.org/iBotPeaches/apktool/downloads/apktool_2.4.0.jar

APK Analysis Workflow

1

Decode APK

Decompile the APK to extract resources, manifest, and smali code.Choose local or remote execution based on your environment.
2

Analyze & Modify

Review the decompiled code, AndroidManifest.xml, and resources.Make necessary modifications for security testing or research.
3

Rebuild APK

Recompile the modified source back into an APK file.The build process creates a new APK in the dist/ subdirectory.
4

Sign APK

Sign the rebuilt APK with a certificate for installation.Uses uber-apk-signer for automatic signing and alignment.
5

Install APK

Install the signed APK to an Android device or emulator.Uses ADB to push and install the application.

apktool_decode_local.bat

Decodes an APK file locally using Apktool, extracting all resources and code.

Parameters

apktool_decode_local.bat <AppExe> <PathAPK> <FileApk> <Timestamp> <Documentacion>
ParameterDescriptionExample
AppExePath to apktool.jarC:\tools\apktool\apktool.jar
PathAPKFull path to APK fileC:\apps\sample.apk
FileApkAPK filename (no extension)sample
TimestampUnique timestamp identifier20230615_143022
DocumentacionOutput directory pathC:\reports

Script Implementation

@echo off
setlocal
set AppExe=%1
set PathAPK=%2
set FileApk=%~n3
set Timestamp=%4
set Documentacion=%5

set JAVA="java.exe"
set FileApk=%FileApk:"=%
set Documentacion=%Documentacion:"=%

@title=[Apktool - Local] - %FileApk%

copy %PathAPK% "%Documentacion%\%FileApk%_%Timestamp%.apk"
%JAVA% -jar %AppExe% d "%Documentacion%\%FileApk%_%Timestamp%.apk" -o "%Documentacion%\%FileApk%_%Timestamp%"
echo "%Documentacion%\%FileApk%_%Timestamp%"
pause

Output Structure

Documentacion/
├── sample_20230615_143022.apk          # Original APK copy
└── sample_20230615_143022/             # Decoded output
    ├── AndroidManifest.xml             # Decoded manifest
    ├── apktool.yml                     # Build metadata
    ├── res/                            # Resources
    ├── smali/                          # Dalvik bytecode
    └── original/                       # Original files

Usage Example

apktool_decode_local.bat ^
  "C:\tools\apktool\apktool.jar" ^
  "C:\samples\vulnerable_app.apk" ^
  "vulnerable_app" ^
  "20230615_143022" ^
  "C:\analysis\reports"

apktool_decode_remote.bat

Decodes an APK file on a remote Linux server via SSH, useful for distributed analysis.

Parameters

apktool_decode_remote.bat <PathAPK> <FileApk> <Timestamp> <Documentacion> <AppExe> <Server> <Username> <Password>
ParameterDescriptionExample
PathAPKLocal path to APK fileC:\samples\app.apk
FileApkAPK filename (no extension)app
TimestampUnique timestamp identifier20230615_143022
DocumentacionLocal output directoryC:\reports
AppExeRemote path to apktool.jar/root/apktool/apktool.jar
ServerSSH server hostname/IP192.168.1.100
UsernameSSH usernameroot
PasswordSSH passwordpassword123

Workflow

1

Upload APK

Transfers APK to /tmp/ on remote server using pscp.exe.
2

Execute Apktool

Runs Apktool on remote server with Java runtime.
3

Archive Results

Creates tar.gz archive of APK and decoded directory.
4

Download Report

Transfers archive back to local machine.
5

Cleanup

Removes temporary files from remote server.

Script Implementation

set JAVA=/usr/bin/java

"%~dp0pscp.exe" -P 22 -l %Username% -pw %Password% -C "%PathAPK%" %Server%:"/tmp/%FileApk%_%Timestamp%.apk"

"%~dp0plink.exe" -no-antispoof -ssh -P 22 -l %Username% -pw %Password% -C %Server% ^
  "cd /tmp ; %JAVA% -jar '%AppExe%' d '/tmp/%FileApk%_%Timestamp%.apk'"

"%~dp0plink.exe" -no-antispoof -ssh -P 22 -l %Username% -pw %Password% -C %Server% ^
  "cd /tmp ; tar -cvzf 'ApktoolReport - %FileApk%_%Timestamp%.tar.gz' '%FileApk%_%Timestamp%.apk' '%FileApk%_%Timestamp%'"

"%~dp0pscp.exe" -P 22 -l %Username% -pw %Password% -C ^
  %Server%:"/tmp/ApktoolReport - %FileApk%_%Timestamp%.tar.gz" %Documentacion%

Usage Example

apktool_decode_remote.bat ^
  "C:\samples\app.apk" ^
  "app" ^
  "20230615_143022" ^
  "C:\reports" ^
  "/root/apktool/apktool.jar" ^
  "192.168.1.100" ^
  "root" ^
  "password123"

apktool_build_local.bat

Rebuilds an APK from decoded source code, with optional signing step.

Parameters

apktool_build_local.bat <AppExe> <PathDirAPK> <AppExeSign>
ParameterDescriptionExample
AppExePath to apktool.jarC:\tools\apktool\apktool.jar
PathDirAPKDecoded APK directoryC:\reports\app_20230615_143022
AppExeSignPath to uber-apk-signer.jarC:\tools\uber-apk-signer.jar

Build Process

The script:
  1. Extracts the directory name from the path
  2. Builds the APK using Apktool
  3. Creates output in dist/ subdirectory
  4. Prompts for optional signing
  5. Calls apk_sign_local.bat if user confirms

Script Implementation

set JAVA="java.exe"
set PathDirAPK=%PathDirAPK:"=%
if %PathDirAPK:~-1% == \ set PathDirAPK=%PathDirAPK:~0,-1%
for %%i in (%PathDirAPK%) do set LastDirAPK=%%~nxi

%JAVA% -jar %AppExe% b "%PathDirAPK%"

echo "%PathDirAPK%\dist\%LastDirAPK%.apk"

:retry
echo Want to sign the apk?
set /p respuesta="Yes/No(y/n)"
if %respuesta% == y (
  call apk_sign_local.bat %AppExeSign% "%PathDirAPK%\dist\%LastDirAPK%.apk"
) else (
  if %respuesta% == n (
    goto :fin
  ) else (
    goto :retry
  )
)

Output Location

Built APK is created at: 
<PathDirAPK>\dist\<directory_name>.apk
Example: 
C:\reports\app_20230615_143022\dist\app_20230615_143022.apk

Usage Example

apktool_build_local.bat ^
  "C:\tools\apktool\apktool.jar" ^
  "C:\reports\app_20230615_143022" ^
  "C:\tools\uber-apk-signer\uber-apk-signer.jar"

apk_sign_local.bat

Signs an APK file using uber-apk-signer for installation compatibility.

Parameters

apk_sign_local.bat <AppExe> <PathAPK>
ParameterDescriptionExample
AppExePath to uber-apk-signer.jarC:\tools\uber-apk-signer.jar
PathAPKPath to APK file to signC:\apps\modified.apk

Signing Tool

Uber APK Signer: v1.0.0 Download: https://github.com/patrickfav/uber-apk-signer/releases/download/v1.0.0/uber-apk-signer-1.0.0.jar The tool automatically:
  • Creates debug keystore if needed
  • Signs the APK
  • Aligns the APK with zipalign
  • Overwrites the original file

Script Implementation

java.exe -jar %AppExe% -a %PathAPK% --overwrite
echo %PathAPK%
pause

Manual Signing (Alternative)

The script includes commented examples for manual signing: 
# Generate keystore
keytool -genkey -keystore keystore.ks -alias android -keyalg RSA -keysize 2048 ^
  -validity 365 -dname "C=US, O=Android, CN=Android Debug"

# Sign APK
jarsigner -verbose -sigalg MD5withRSA -digestalg SHA1 -keystore keystore.ks ^
  app.apk android

# Verify alignment
zipalign -c -v 4 app.apk

Usage Example

apk_sign_local.bat ^
  "C:\tools\uber-apk-signer\uber-apk-signer.jar" ^
  "C:\reports\app_20230615_143022\dist\app_20230615_143022.apk"

apk_install_local.bat

Installs a signed APK to an Android device or emulator using ADB.

Parameters

apk_install_local.bat <PathAPK> <FileAPK> <Timestamp> <Documentacion>
ParameterDescriptionExample
PathAPKPath to signed APK fileC:\apps\signed.apk
FileAPKAPK filenamesigned.apk
TimestampUnique timestamp identifier20230615_143022
DocumentacionLog output directoryC:\reports

Installation Process

1

Kill ADB Server

Stops any running ADB server instances.
adb.exe kill-server
2

Start ADB Server

Starts fresh ADB server and detects connected devices.
adb.exe start-server
3

Install APK

Pushes and installs APK to connected Android device.
adb.exe install <PathAPK>

Script Implementation

@echo off
setlocal
set PathAPK=%1
set FileAPK=%2
set Timestamp=%3
set Documentacion=%4

set Documentacion=%Documentacion:"=%
set Documentacion="%Documentacion%\apk_install - %Timestamp%.txt"

@title=[ADB]

echo Kill-server
"%~dp0adb\windows\adb.exe" kill-server

echo Start-server
"%~dp0adb\windows\adb.exe" start-server

echo Installing...
"%~dp0adb\windows\adb.exe" install %PathAPK%

echo Done
pause

Prerequisites

  • Android device connected via USB with USB debugging enabled
  • ADB drivers installed on Windows
  • Device authorized for debugging (accept RSA key fingerprint)

Usage Example

apk_install_local.bat ^
  "C:\reports\app_20230615_143022\dist\app_20230615_143022.apk" ^
  "app_20230615_143022.apk" ^
  "20230615_143022" ^
  "C:\reports"

Troubleshooting

Device not found: 
# Check connected devices
adb.exe devices

# Verify USB debugging is enabled on device
# Accept RSA key fingerprint when prompted
Installation failed: 
# Uninstall existing app first
adb.exe uninstall com.example.package

# Try install again
adb.exe install -r app.apk  # -r flag for reinstall

Complete Workflow Example

Here’s a complete example of analyzing and modifying an APK: 
# 1. Decode APK locally
apktool_decode_local.bat ^
  "C:\tools\apktool\apktool.jar" ^
  "C:\samples\vulnerable_app.apk" ^
  "vulnerable_app" ^
  "20230615_143022" ^
  "C:\reports"

# 2. Modify the decoded files as needed
# Edit files in C:\reports\vulnerable_app_20230615_143022\

# 3. Rebuild the APK
apktool_build_local.bat ^
  "C:\tools\apktool\apktool.jar" ^
  "C:\reports\vulnerable_app_20230615_143022" ^
  "C:\tools\uber-apk-signer\uber-apk-signer.jar"
# Answer 'y' when prompted to sign

# 4. Install to device
apk_install_local.bat ^
  "C:\reports\vulnerable_app_20230615_143022\dist\vulnerable_app_20230615_143022.apk" ^
  "vulnerable_app_20230615_143022.apk" ^
  "20230615_143022" ^
  "C:\reports"
  • ADB (Android Debug Bridge): Platform tools for device communication
  • JD-GUI: Java decompiler for viewing DEX bytecode
  • Enjarify: Convert Dalvik bytecode to Java bytecode