APKAnalyzer Error

Caused by: java.lang.ClassNotFoundException: javax.xml.bind.annotation.XmlSchema

APKAnalyzer Error
Recently, I was tasked with using Google provided tools to decompile an APK in a CI/CD pipeline. This is great, because Google provides a tool called APK Analyzer, and provide tools both within the IDE itself and options to run it via the Command Line. I can talk more about the actual task later. For now, I want to discuss the issue that I first ran into when attempting to run apkanalyzer from the terminal. [Read More]

DABS

Download Android Binary with Search Term

DABS
Hey Android Enthusiasts, Security Researchers, EL33T H@CK3Rs, and people who followed this link! Ever need to download a binary file from your Android device/emulator, but don’t know the package name or the path? Well, you could use the following, which I have been doing for years… adb shell pm list packages | grep <search term for app> adb shell pm path <package from above> adb pull <path> Easy, right? But these days with App Bundles, binaries don’t come nicely packaged up like they use to in a single . [Read More]

ProGuard & R8: Part 2

Java to DEX Compilation & Reading Smali

ProGuard & R8: Part 2
This blog post is the second in a series to teach about the build tools ProGuard and R8, and the first in the hands-on portion of the series. In the first post I talked about the Android Build Pipeline. In this blog, I would like to actually reinforce those concepts with hands on exercises. If you haven’t read the first blog on this topic, this is part two in that series, so I highly suggest going back and understanding that material first. [Read More]

ProGuard & R8: Part 1

Understanding the Android Build Pipeline

ProGuard & R8: Part 1
Tools such as R8 and ProGuard are available for free, but to many they are a black box that code goes into and stuff comes out. My goal is to demystify the black box and teach developers how to properly diagnose the code going into and coming out of these build tools. It will also explain why you should care and why applying these tools should be a priority before shipping any code into the wild. [Read More]