understanding android application package
this process involved some tools to build it, reverse it and debug it on runtime:
- some of the tools used for manual build without build system: aapt2, javac, d8, zip, zipalign, apksigner, keytool
- reverse apk: apktool
- android runtime debugger: jdb, frida
- check number of classes and methods: javap for .class file, baksmali for .dex file or examine it at runtime with your choosed debugger
you'll find one or more classes.dex on the disassembled version from apktool, if there's more than one dex file, it means the java methods stored in the application is large enough that it must be separated into different dex file, it's called multidex apk
some of android library is arch specific, such as lifecycle-runtime, kotlinx-coroutines-core, collection, etc (reference)
reference:
- https://github.com/iBotPeaches/Apktool/issues/2253 aar file
- https://github.com/iBotPeaches/Apktool/issues/985 multidex
- https://dzone.com/articles/the-dex-file-format the android dex file format and its method size limit
- https://stackoverflow.com/questions/22060894/what-are-sugar-desugar-terms-in-context-of-java-8 what is sugar and desugar in java
- https://stackoverflow.com/questions/27159005/listing-available-classes-in-current-classpath-using-a-command-line-tool javap