CODEBROWSER

KDAB|Training

Expertise

Trusted Software Excellence across Desktop and Embedded

Take a glance at the areas of expertise where KDAB excels ranging from swift troubleshooting, ongoing consulting and training to multi-year, large-scale software development projects.

Find out why customers from innovative industries rely on our extensive expertise, including Medical, Biotech, Science, Renewable Energy, Transportation, Mobility, Aviation, Automation, Electronics, Agriculture and Defense.

Embedded Devices Embedded Devices

High-quality Embedded Engineering across the Stack

To successfully develop an embedded device that meets your expectations regarding quality, budget and time to market, all parts of the project need to fit perfectly together.

Learn more about KDAB's expertise in embedded software development.

Read More

Cross-platform Desktop Cross-platform Desktop

Create complex Applications for the Desktop

Where the capabilities of modern mobile devices or web browsers fall short, KDAB engineers help you expertly architect and build high-functioning desktop and workstation applications.

Read More

Medical Medical

Extensible, Safety-compliant Software for the Medical Sector

Create intelligent, patient-focused medical software and devices and stay ahead with technology that adapts to your needs.

KDAB offers you expertise in developing a broad spectrum of clinical and home-healthcare devices, including but not limited to, internal imaging systems, robotic surgery devices, ventilators and non-invasive monitoring systems.

Read More

Vehicle Dashboards Vehicle Dashboards

Fluid animations and gesture-controlled UIs

Building digital dashboards and cockpits with fluid animations and gesture-controlled touchscreens is a big challenge.

In over two decades of developing intricate UI solutions for cars, trucks, tractors, scooters, ships, airplanes and more, the KDAB team has gained market leading expertise in this realm.

Read More

Custom Industrial HMI Custom Industrial HMI

Build on Advanced Expertise when creating Modern UIs

KDAB assists you in the creation of user-friendly interfaces designed specifically for industrial process control, manufacturing, and fabrication.

Our specialties encompass the custom design and development of HMIs, enabling product accessibility from embedded systems, remote desktops, and mobile devices on the move.

Read More

Modernizing Legacy Software Modernizing Legacy Software

Reduce Technical Debt

Legacy software is a growing but often ignored problem across all industries. KDAB helps you elevate your aging code base to meet the dynamic needs of the future.

Whether you want to migrate from an old to a modern GUI toolkit, update to a more recent version, or modernize your code base, you can rely on over 25 years of modernization experience.

Read More

Services

Software Consulting, Development and Training

KDAB offers a wide range of services to address your software needs including consulting, development, workshops and training tailored to your requirements.

Our expertise spans cross-platform desktop, embedded and 3D application development, using the proven technologies for the job.

Software Consulting Software Consulting

Guidance for your Software Project across the Stack

Get expert advice on any phase of your project's journey, from inception to execution, across multiple platforms and hardware.

KDAB provides guidance on architectural approach, UI strategy, development tooling, test infrastructure, deployment model, runtime execution and more.

Read More

Code Modernization

UI Modernization

CI/CD

Performance optimization

Software Architecture

Migration from legacy frameworks

Qt Services Qt Services

Expert Qt Solutions for Your Needs

When working with KDAB, the first-ever Qt consultancy, you benefit from a deep understanding of Qt internals, that allows us to provide effective solutions, irrespective of the depth or scale of your Qt project.

Qt Services include developing applications, building runtimes, mixing native and web technologies, solving performance issues, and porting problems.

Read More

Qt 5 to Qt 6 Migration Services

Embedded Development Embedded Development

Build rich embedded applications for your embedded UI

Turn your vision into reality and unleash the potential of your embedded development projects.

KDAB helps you navigate the complex landscape of embedded development, ensuring your software performs optimally on your chosen hardware.

Read More

Cross-platform Development Cross-platform Development

Get help with all Aspects of Desktop Applications

KDAB helps create commercial, scientific or industrial desktop applications from scratch, or update its code or framework to benefit from modern features.

Discover clean, efficient solutions that precisely meet your requirements.

Read More

3D Software 3D Software

Simplify the complexity of 3D

Creating 3D applications can be overwhelming due to terminology, visual concepts, and advanced math.

KDAB simplifies this task, providing you with the best solution for your 3D project, easing complexities and maximizing efficiency.

Read More

OpenGL Expert Services

Vulkan

Developer Training Developer Training

Professional Developer Training Courses

Boost your team's programming skills with in-depth, constantly updated, hands-on training courses delivered by active software engineers who love to teach and share their knowledge.

Our courses cover Modern C++, Qt/QML, Rust, 3D programming, Debugging, Profiling and more.

Read More

Technologies

Make the right Technology Choices

The collective expertise of KDAB's engineering team is at your disposal to help you choose the software stack for your project or master domain-specific challenges.

Our particular focus is on software technologies you use for cross-platform applications or for embedded devices.

Qt / QML Qt / QML

Leading Qt Expertise

Since 1999, KDAB has been the largest independent Qt consultancy worldwide and today is a Qt Platinum partner. Our experts can help you with any aspect of software development with Qt and QML.

Read More

Modern C++ Modern C++

Deep understanding of Modern C++

KDAB specializes in Modern C++ development, with a focus on desktop applications, GUI, embedded software, and operating systems.

Our experts are industry-recognized contributors and trainers, leveraging C++'s power and relevance across these domains to deliver high-quality software solutions.

Read More

Rust Rust

Integrate Rust into your application

KDAB can guide you incorporating Rust into your project, from as overlapping element to your existing C++ codebase to a complete replacement of your legacy code.

Read More

How to build Hybrid Rust and C++ Applications

Memory-Safety Roadmap for Secure Programming

Platforms Platforms

Unique Expertise for Desktop and Embedded Platforms

Whether you are using Linux, Windows, MacOS, Android, iOS or real-time OS, KDAB helps you create performance optimized applications on your preferred platform.

Read More

Windows

MacOS/iOS

QNX

Unix / X11 (Motif)

Android

Web Engines

Linux

Embedded Linux

Slint Slint

A lightweight GUI toolkit

If you are planning to create projects with Slint, a lightweight alternative to standard GUI frameworks especially on low-end hardware, you can rely on the expertise of KDAB being one of the earliest adopters and official service partner of Slint.

Read More

Flutter Flutter

Flutter for Embedded and Desktop

KDAB has deep expertise in embedded systems, which coupled with Flutter proficiency, allows us to provide comprehensive support throughout the software development lifecycle.

Our engineers are constantly contributing to the Flutter ecosystem, for example by developing flutter-pi, one of the most used embedders.

Read More

3D / OpenGL / Vulkan 3D / OpenGL / Vulkan

Cutting-edge 3D / XR

Incorporating 3D into 2D UIs or creating compelling XR experiences can be challenging.

Create visually stunning, ultra-realistic 3D graphics, dynamic 2D user interfaces, or leveraging the power of hardware-accelerated computation.

The 3D experts at KDAB bring incisive know-how for your project.

Read More

Qt 3D

Vulkan – next generation graphics & compute

OpenGL expert services

Developer Tools Developer Tools

Developer Tools from KDAB

The right tools and libraries can skyrocket developers' productivity.

Take advantage of KDAB's popular open source tools for tasks including profiling, debugging and continuous integration (CI).

Read More

GammaRay

KD Reports

KD Chart

Hotspot

KD SOAP

KDDockWidgets

KDAB Labs KDAB Labs

Research & Development at KDAB

KDAB invests significant time in exploring new software technologies to maintain its position as software authority. Benefit from this research and incorporate it eventually into your own project.

Read More

KDGpu

Resources

Start here to browse information on the KDAB website(s) and take advantage of useful developer resources like blogs, publications and videos about Qt, C++, Rust, 3D technologies like OpenGL and Vulkan, the KDAB developer tools and more.

Blogs Blogs

KDAB engineers and designers constantly share cutting-edge technology insights with regard to Qt, QML, C++, Rust, Linux, Vulkan, OpenGL, Qt 3D, scalable UIs and more topics.

Stay up-to-date and be inspired with their blogs.

Read More

Events Events

Get a quick overview of events relevant to the software industry and with involvment of KDAB, be it as speakers, sponsors, exhibitors or organizer.

Take the opportunity to reach out to our experts directly. See you there!

Read More

Publications Publications

KDAB regularly publishes in-depth papers, brochures and other material on topics relevant to software developers and desicion makers.

Have a look at the list of KDAB publictions.

Read More

Videos Videos

The KDAB Youtube channel has become a go-to source for developers looking for high-quality tutorial and information material around software development with Qt/QML, C++, Rust and other technologies.

Click to navigate the all KDAB videos directly on this website.

Read More

Why KDAB

A software supplier you can rely on

In over 25 years KDAB has served hundreds of customers from various industries, many of them having become long-term customers who value our unique expertise and dedication.

Learn more about KDAB as a company, understand why we are considered a trusted partner by many and explore project examples in which we have proven to be the right supplier.

About KDAB About KDAB

Committed, compassionate, trustworthy

The KDAB Group is a globally recognized provider for software consulting, development and training, specializing in embedded devices and complex cross-platform desktop applications.

Read more about the history, the values, the team and the founder of the company.

Read More

Proven Excellence Proven Excellence

Customer Success Stories

When working with KDAB you can expect quality software and the desired business outcomes thanks to decades of experience gathered in hundreds of projects of different sizes in various industries.

Have a look at selected examples where KDAB has helped customers to succeed with their projects.

Read More

Trusted Partner Trusted Partner

Benefit from a strong partner network

Lasting relationships reduce frictions in software development projects and help to guarantee success.

Benefit from the established relationships KDAB has with well-selected hardware suppliers and specialized domain experts.

Read More

Software Excellence for Texas Instruments

Better Software Better Software

Constantly improving Software Quality

KDAB is committed to developing high-quality and high-performance software, and helping other developers deliver to the same high standards.

We create software with pride to improve your engineering and your business, making your products more resilient and maintainable with better performance.

Read More

ISO 9001 ISO 9001

ISO 9001 certified software services

KDAB has been the first certified Qt consulting and software development company in the world, and continues to deliver quality processes that meet or exceed the highest expectations.

Read More

Working at KDAB Working at KDAB

Looking for a new challenge?

In KDAB we value practical software development experience and skills higher than academic degrees. We strive to ensure equal treatment of all our employees regardless of age, ethnicity, gender, sexual orientation, nationality.

Interested? Read more about working at KDAB and how to apply for a job in software engineering or business administration.

Read More

Contact

Search

Better_Software_Header_Mobile Better_Software_Header_Web

Find what you need - explore our website and developer resources

Reverse Engineering Android Apps

Join the dark side :)

2 comments

Bogdan Vatra

20 July 2023

Advanced Search

Tags

androidc++performance

Reverse engineering in general is a tricky business and sometimes not very orthodox.
So, why bother to write this article?

Well, sometimes reverse engineering is also for something good. It started when my wife dusted off her watch.
We had a huge unpleasant surprise when we found that the companion app is not available anymore on Google Play!
The watch is completely useless without the companion app, as you can't even set the time on it...
Because I hate to throw away a perfectly working watch I decided to create an app for it myself.

My first instinct was to find an older phone with the app still alive and to use a BLE sniffer to reverse engineer the BLE protocol.
But I didn't find the application installed on any old phones. I found the application online but the application cannot be used anymore as it was using some online services which are offline now...

Next obvious step was to decompile the application to get the communication protocol and also the algorithms behind the sleep & activities.
This is how our story begins ;-).

Long story short

Decompiling Android apps is not that complicated. It takes time (a LOT of time), but it's fun and rewarding.

Just don't believe all those movies where someone decompiles an app and understands all the logic behind it in seconds :).

Tools I used to decompile:

  • tintinweb.vscode-decompiler, a VSCode extension (https://marketplace.visualstudio.com/items?itemName=tintinweb.vscode-decompiler).
    Using this extension is quite easy to decompile an apk, just right click on it and the magic will happen in a few seconds. The only problem I found is that it doesn't do any de-obfuscation (or at least I didn't setup it correctly).
  • Dex to Java decompiler (https://github.com/skylot/jadx). I found it better than vscode-decompiler as it has semi de-obfuscation. You'll never get the original namings, but you get unique names instead of a, b, c, etc.
  • NSA's ghidra (https://github.com/NationalSecurityAgency/ghidra). Apart from a lot of java code, this application has all the logic into native C++. I used ghidra for decompiling the native (C++) stuff. It has java decompiler as well, but is not as good as jadx.

Short story long

I chose an older version as the last one had support for too many watches which I didn't care about (at least not now).
Android APKs supports (partial) obfuscation, which makes the decompilation not that straight forward, in some cases it's actually pretty complicated.
What does obfuscation do? It renames all packages to: a, b, c, etc. then all classes from each packages to: a, b, c, etc., then all members of each class to: a, b, c, etc., then all fields to (yes, you guessed right): a, b, c, etc.
This means you'll end up with loads of a classes, member functions and fields.

Some times it is easy to guess what the fields are, e.g.:

jSONObject.put("result", (int) this.c.a);
jSONObject.put("fileHandle", this.c.c);
jSONObject.put("newSizeWritten", this.c.d);

But in some cases you need to do lot of detective work.

As I mentioned in the beginning, I used 3 tools: vscode-decompiler extenstion, jadx and ghidra:

I started with vscode-decompiler, hoping that githubs copilot will help me in the process. It turned out to be completely useless for such tasks.
When I imported the decompiled stuff into AndriodStudio, due to obfuscation, 90% of the classes had problems.
Because there are dozens of classes with the same name (i.e. "a", "b"), imagine how many conflicts you get.

Next was to use jadx to decompile the application, which supported semi de-obfuscation. I could import the project into AndroidStudio. Now, all the obfuscated classes have unique names (e.g. C1189f), which makes the AndroidStudio happier.

Just to be crystal clear, you cannot recompile the application and run it, unless the application is simple enough!
After a few hours of guessing the name of the classes and their fields, I finally found what I was looking for: the BLE protocol!
To my surprise, it has so many commands. I quickly cleaned out a few BLE commands that I was interested in:

  • start/stop the sync animation on the watch
  • set/get the time

I used bluetoothctl to quickly try the start/stopAnimation BLE commands, it worked perfectly.

The application has all the sleep & activities logic written in C++, so I had also to decompile the native part as well.
For this job, I used ghidra with https://github.com/extremecoders-re/ghidra-jni extension. Ghidra is a fantastic tool. I tried a few more tools: radare2/rizin, binary ninja (the free online version), but, personally, I found ghidra the one most rich in features.
The C++ compiled code is obfuscated "by design" due to various optimizations done by C/C++ compilers and it's far, FAR harder to decompile than java.
A long time ago I did a lot of binary decompilation and most of the time when I was trying to generate any C/C++ code from a binary, it resulted in pure garbage.
I was amazed at how good ghidra's C/C++ decompilation is.

Just to be clear, it requires a *LOT* of time to clean the code, to define all the structures, to do all the connections between them and to un-flatten all the STL stuff (here, some STL internals knowledge is needed), but the experience was better than I ever dreamt.
Even if we can guess what it does from the function name, let's take a very simple example to see what the C++ decompilation looks like and how verbose STL can be:

undefined Java_package_class_name_ActivityVect_1add
                    (JNIEnv *env,jclass thiz,jlong a0,jobject a1,jlong a2,jobject a3)
{
  undefined uVar1;
  undefined8 *puVar2;
  undefined8 uVar3;
  undefined8 *puVar4;

  if (a2 == 0) {
    uVar1 = FUN_0015d3ac((long *)env,7,
                         "std::vector< Activity >::value_type const & reference is null");
    return uVar1;
  }
  puVar4 = *(undefined8 **)(a0 + 8);
  puVar2 = *(undefined8 **)(a0 + 0x10);
  if (puVar4 != puVar2) {
    if (puVar4 != (undefined8 *)0x0) {
      uVar3 = *(undefined8 *)(a2 + 8);
      *puVar4 = *(undefined8 *)a2;
      puVar4[1] = uVar3;
      uVar3 = *(undefined8 *)(a2 + 0x18);
      puVar4[2] = *(undefined8 *)(a2 + 0x10);
      puVar4[3] = uVar3;
      uVar3 = *(undefined8 *)(a2 + 0x28);
      puVar4[4] = *(undefined8 *)(a2 + 0x20);
      puVar4[5] = uVar3;
      uVar3 = *(undefined8 *)(a2 + 0x38);
      puVar4[6] = *(undefined8 *)(a2 + 0x30);
      puVar4[7] = uVar3;
      puVar2 = *(undefined8 **)(a2 + 0x40);
      puVar4[8] = puVar2;
    }
    *(undefined8 **)(a0 + 8) = puVar4 + 9;
    return (char)puVar2;
  }
  std::vector<>::_M_emplace_back_aux<>((vector<> *)a0,(Activity *)a2);
  return (char)a0;
}

All right, the decompiled code is pretty cryptic and it doesn't tell us too much.
Now, let's see if we can make it better:

  • first we need to define the Activity structure. I was lucky as I knew all the structure fields because they were set by the Java code via JNI in other places ;-).
  • next is to define the std::vector structure, every single std::vector defines 3 fields:
T *__begin_;
T *__end_;
T *__enc_cap_;

Yes, that's all a std::vector needs to do all the magic: iterate, insert, push, pop, erase, etc.

  • last but not least use them in our function:
undefined Java_package_class_name_ActivityVect_1add
                    (JNIEnv *env,jclass thiz,vector<> *vec_ptr,jobject a1,Activity *value,jobject a3)
{
  undefined uVar1;
  Activity *end_cap;
  uint64_t uVar2;
  Activity *end;

  if (value == (Activity *)0x0) {
    uVar1 = FUN_0015d3ac((long *)env,7,
                         "std::vector< Activity >::value_type const & reference is null");
    return uVar1;
  }
  end = vec_ptr->__end_;
  end_cap = vec_ptr->__end_cap_;
  if (end != end_cap) {
    if (end != (Activity *)0x0) {
      uVar2 = value->endTime;
      end->startTime = value->startTime;
      end->endTime = uVar2;
      uVar2 = value->bipedalCount;
      end->point = value->point;
      end->bipedalCount = uVar2;
      uVar2 = value->maxVariance;
      end->variance = value->variance;
      end->maxVariance = uVar2;
      uVar2 = value->doubleTapCount;
      end->trippleTapCount = value->trippleTapCount;
      end->doubleTapCount = uVar2;
      end_cap = *(Activity **)&value->tag;
      *(Activity **)&end->tag = end_cap;
    }
    vec_ptr->__end_ = end + 1;
    return (char)end_cap;
  }
  std::vector<>::_M_emplace_back_aux<>(vec_ptr,value);
  return (char)vec_ptr;
}

Okay, so now the code is much cleaner and we figure out exactly what this function does. This means we can write it in a single line of code:

vec.push_back(val);

Of course, you'll find more, MUCH more complicated cases where you'll spend a lot of time to figure out what's going on.

I really hope some day the AI will be intelligent enough to do this job for us. Yes, I'm one of these people that is not afraid to embrace the new technologies :).

Side note, even though ghidra has an excellent C/C++ decompilation, good ASM knowledge will help a lot where ghidra fails to decompile to C/C++.

After I had enough info about BLE protocol, I began to write a Qt application to use it.
I found the BLE support in Qt 6.5.1 quite good (at least on android & linux desktop) as I could use quite a few BLE commands painlessly.

The application is still at the beginning and it will require more time, pain and sorrow to get it at the same level of the original application, but it's a start ;-).

Thank you for your time.

Tags:

androidc++performancetools

About KDAB

The KDAB Group is a globally recognized provider for software consulting, development and training, specializing in embedded devices and complex cross-platform desktop applications. In addition to being leading experts in Qt, C++ and 3D technologies for over two decades, KDAB provides deep expertise across the stack, including Linux, Rust and modern UI frameworks. With 100+ employees from 20 countries and offices in Sweden, Germany, USA, France and UK, we serve clients around the world.

2 Comments

21 - Jul - 2023

Sys

Interesting!

Keep us informed :-)

25 - Oct - 2024

dsfsdfsdf

Can you write xposed modules?

I have read and agree to the privacy policy.

KDAB is committed to ensuring that your privacy is protected.

  • Only the above data is collected about you when you fill out this form.
  • The data will be stored securely.
  • If you wish for us to erase it, email us at info@kdab.com.

For more information about our Privacy Policy, please read our privacy policy.
BogdanVatra

Bogdan Vatra

Senior Software Engineer

Bogdan Vatra is a Senior Software Engineer at KDAB

Related Content

Qt World Summit 2019 talk videos are online

10 Tips to Make Your QML Code Faster and More Maintainable

Modernize your code for fun and profit

Mastering Cross-platform Desktop Apps

Join KDAB Training Day 2025 in Munich

Choose between learning advanced QML programming, Modern C++, integrating Rust and Qt or 3d rendering with Vulkan. The KDAB Training Day 2025 will take place in Munich on the 8th of May, right after the Qt World Summit on 6th to 7th of May.

Learn more

Sign up for the KDAB Newsletter

Stay on top of the latest news, publications, events and more.

Go to Sign-up

Learn Modern C++

Our hands-on Modern C++ training courses are designed to quickly familiarize newcomers with the language. They also update professional C++ developers on the latest changes in the language and standard library introduced in recent C++ editions.

Learn more