It wouldn't be a great tactic for the dev to _not_ use reflection, this is actually one of the good use cases for reflection to be used.
I'd recommend against dex2jar and stick to baksmali (See any of my Blackhat/Defcon/Syscan presos on why, but I'm not 100% sure the answer about private APIs and dex2jar. Feel free to share the APK and it shouldn't take long at all to figure it out. -Tim Strazzere On Mon, Sep 9, 2013 at 10:10 AM, polish code <polishc...@gmail.com> wrote: > Well, I think there is also another option. > > For those specific Android builds, the platform producer (e.g. Samsung, > Sony Ericsson) can also provide to a given app producer specially prepared > android.jar containing those API's. Therefore, having such library, > reflection would not be required while writing such an application. > > I guess this is the case I am more interested in. > > If I am not wrong, dex2jar tool makes use of framework-res.apk. But the > latter contains only public APIs from official Android builds. Therefore, > while decompiling, the tool will not be able to reverse private APIs. I am > correct here? > > BR, > polishcode > > > On Mon, Sep 9, 2013 at 6:50 PM, Tim <str...@gmail.com> wrote: > >> If it's a private API, then it will should be accessing those >> methods/classes via reflection. >> >> >> -Tim Strazzere >> >> >> On Mon, Sep 9, 2013 at 1:48 AM, polishcode <polishc...@gmail.com> wrote: >> >>> Hi All, >>> I am trying to reverse engineer an apk file that I know uses non-public >>> system API accessible only on specific devices with specific roms. I guess >>> that API is accessed via reflection. >>> However, after applying apktool etc. I do not get references to that API >>> in the output sources (I know the methods' names). >>> Any suggestions how to proceed in such a case? >>> BR, >>> polishcode >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "Android Security Discussions" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to android-security-discuss+unsubscr...@googlegroups.com. >>> To post to this group, send email to >>> android-security-discuss@googlegroups.com. >>> Visit this group at >>> http://groups.google.com/group/android-security-discuss. >>> For more options, visit https://groups.google.com/groups/opt_out. >>> >> >> > > -- > You received this message because you are subscribed to the Google Groups > "Android Security Discussions" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to android-security-discuss+unsubscr...@googlegroups.com. > To post to this group, send email to > android-security-discuss@googlegroups.com. > Visit this group at > http://groups.google.com/group/android-security-discuss. > For more options, visit https://groups.google.com/groups/opt_out. > -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To unsubscribe from this group and stop receiving emails from it, send an email to android-security-discuss+unsubscr...@googlegroups.com. To post to this group, send email to android-security-discuss@googlegroups.com. Visit this group at http://groups.google.com/group/android-security-discuss. For more options, visit https://groups.google.com/groups/opt_out.
