# Debugging via Decompilation: Reverse Engineering an APK

Recently, while looking at integrating Braze into an application, I came across a field in `BrazeFileUtils` called `REMOTE_SCHEMES` and I was curious to see what the values were that Braze considered for `REMOTE_SCHEMES`.

Looking at the [docs](https://appboy.github.io/appboy-android-sdk/javadocs/com/braze/support/BrazeFileUtils.html#REMOTE_SCHEMES), there was no reference to what the schemes were, so I thought I'd do a little digging myself to see if I could infer what the value was for this field.

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1680637863466/f5a39052-66e8-4b5b-aeb5-0963ba6fef6b.png align="center")

## Setup

The first step of the process was to create a new Android application that include the dependency I wanted to look at, namely `BrazeFileUtils`. This can be accomplished by bringing the Braze SDK into our application via

```kotlin
    implementation 'com.appboy:android-sdk-ui:24.3.0'
    implementation 'com.appboy:android-sdk-location:24.3.0'
```

After that, I generated a debuggable apk via `./gradlew :app:assembleDebug`. Once I had a debug APK in hand, the next tool I brought in to help was [Apktool](https://ibotpeaches.github.io/Apktool/), a tool for reverse engineering Android apk files.

## Decompiling

1. By following the instructions on the site, and downloading the latest Apktool JAR file, we are ready to decompile the debug APK we generated earlier. I decompiled the apk via `java -jar apktool.jar d app-debug.apk` where `apktool.jar` is the jar downloaded from the Apktool website and `app-debug.apk` is the debug APK generated from the previous step.
    
2. After decompilng via Apktool, we are ultimately left with .smali files, the assembly language used by the Android Dalvik Virtual Machine; usually created by decompiling. We are getting close though! If we open up the new `app-debug` folder created from Apktool, we can look inside `/smali/com/braze/support/BrazeFileUtils.smali` and see the field we want! Unfortunately, we don't see the values for it yet.
    

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1680638657929/3d557cc6-1457-4ce4-8503-ac12df9156e5.png align="center")

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1680638806854/d26719b7-aa03-4b80-9fc2-d6c612f09527.png align="center")

1. The next step is to use a Dex (Smali) to Java decompiler to get the code in a format a little more digestible by a human. For this, we will use [jadx](https://github.com/skylot/jadx). Following the instructions in the readme, and installing jadx via brew (`brew install jadx`), we are ready for the next step.
    
2. After installing jadx, we can finally get the Java code from the .smali files generated earlier via `jadx -d out app-debug/smali/com/braze/support/BrazeFileUtils.smali.` Usage is from the docs on the site as follows:
    
    ```kotlin
    jadx[-gui] [options] <input files> (.apk, .dex, .jar, .class, .smali, .zip, .aar, .arsc, .aab)
    options:
      -d, --output-dir                    - output directory
    ```
    

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1680639302607/77420d4f-fdca-41b3-ad87-a529c2dc9743.png align="center")

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1680639371951/7b707933-b7f3-4e28-a013-d234d2c12a03.png align="center")

After opening up the Java file, we can finally see what the remote schemes are!

In conclusion, we utilized `Apktool` and `jadx` to reverse engineer source from a debug apk. This can be useful when a 3rd party tool that you have to utilize doesn't expose certain things about their SDK.
