10

I am using React Native and integrated library react-native-obfuscating-transformer to obfuscate my code. Now after decompiling my APK, I believe my whole js code is under assets/index.android.bundle.

How can I debundle it and see my code whether obfuscation worked or not.

Improve this question
1

3 Answers 3

Reset to default
28
+50

For Macbook

brew install apktool

After installing apktool, unzip the APK file by running this command in the terminal like this:

apktool d /pathOfApkFile.apk

After that, you will get the index.android.bundle file at pathOfApkFile/assets/index.android.bundle.

Then you can use react-native-decompiler to decompile the index.android.bundle file.

Decompile index.android.bundle File

You can decompile index.android.bundle by running this command:

npx react-native-decompiler -i ./index.android.bundle -o ./output

After that, you will get the JS decompiled file in the ./output directory.

JS Code Decompile

React Native is already uglifying JS code.

And react-native-obfuscating-transformer also makes the code more complex by uglifying it.

It is something like MD5 and SHA256 encryption, and there is no tool available right now to use machine learning or brute force to give us the estimated code.

If you want to verify whether react-native-obfuscating-transformer is implemented or not, then you can edit index.android.bundle, save the code, implement react-native-obfuscating-transformer, and edit and compare both files.

You can make more uglified code by adding a flag in build.gradle called bundleInRelease: true and adding Hermes, which turns the JS bundle into bytecode for efficiency.

REF

Note: There is no way to fully decompile index.android.bundle because this file contains uglified code, which has many possible reverses for one line.

Java Code Decompile

You can use DEX2JAR to convert the APK to Java code, and you can view that code using JD-GUI.

You can see this VIDEO.

Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

Hi @Muhammad, thanks for your answer. I was able to do it. But my question is different. How can debundle assets/index.android.bundle file
@FaisalAhmed I have edited my answer for index.android.bundle
It seems github.com/nomi9995/react-native-decompiler has been taken down. Where to find it?
use this npmjs.com/package/react-native-decompiler/v/0.2.2 V0.2.2 is working fine, > 0.2.2 is not working
0

See https://android.jlelse.eu/getting-inside-apk-files-21dbd01529d4 :

If your app is written on React Native, using the same apktool you can find index.android.bundle file inside assets folder of decompiled APK folder. To open it using IntelliJ IDEA, right click on the file, Associate with File Type… and choose JavaScript. And it is usual minified .js file.

In other words, opening the .bundle file in an IDE such as Intellij will yield a minified .js file, which can then be formatted and compared with your source code. I hope this helps!

Improve this answer

Comments

0

There is a tool called APK Easy Tool download it from here, install it, and open it.

enter image description here

Select apk by choosing browse option and click on Extract apk, when it is extrcted click on decompiled apk directory, and open directory. you would see something like this

enter image description here

navigate inside Extracted APKs directory you would get the bundle.

enter image description here

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.