Our example will be on DIVA (Damn insecure and vulnerable App) APK file. You can download the file from here.
Note: Some methods may not return the expected output because the missing information in the apk, e.g. the suggested apk doesn't have icon and signs but you can download some known apk like twitter apk or so and test it, it works.
We'll use ruby_apk gem to do that
Install ruby_apk gem
gem install ruby_apk
Now, lets start parsing
require'ruby_apk'apk =Android::Apk.new('diva-beta.apk')# listing files in apkapk.each_file do|name, data|puts"#{name}: #{data.size}bytes"# puts file name and data sizeend# Extract icon data in Apkicons = apk.iconicons.each do|name, data|File.open(File.basename(name),'wb') {|f| f.write data } # save to file.end# Extract signature and certificate information from Apksigns = apk.signs # retrun Hash(key: signature file path, value: OpenSSL::PKCS7)signs.each do|path, sign|puts pathputs signend# Manifest## Get readable xmlmanifest = apk.manifestputs manifest.to_xml## Listing components and permissionsmanifest.components.each do|c|# 'c' is Android::Manifest::Component objectputs"#{c.type}: #{c.name}" c.intent_filters.each do|filter|puts"\t#{filter.type}"endend## Extract application label stringputs apk.manifest.label# Resource## Extract resource strings from apkrsc = apk.resourcersc.strings.each do|str|puts strend## Parse resource file directlyrsc_data =File.open('resources.arsc','rb').read{|f| f.read }rsc =Android::Resource.new(rsc_data)# Resolve resource idrsc = apk.resource## assigns readable resource idputs rsc.find('@string/app_name') # => 'application name'## assigns hex resource idputs rsc.find('@0x7f040000') # => 'application name'## you can set lang attribute.puts rsc.find('@0x7f040000', :lang =>'ja')# Dex## Extract dex informationdex = apk.dex### listing string table in dexdex.strings.each do|str|puts strend### listing all class namesdex.classes.each do|cls|# cls is Android::Dex::ClassInfoputs"class: #{cls.name}" cls.virtual_methods.each do|m|# Android::Dex::MethodInfoputs"\t#{m.definition}"# puts method definitionendend## Parse dex file directlydex_data =File.open('classes.dex','rb').read{|f| f.read }dex =Android::Dex.new(dex_data)