Hi guys, I am currently in development of my program to analyse static code of apk files. However after using dex2jar to convert the dex file to a jar file, i noticed multiple .class files within it.
1.) I am wondering other than the use of JD-GUI or any other GUI programs, are there any cli programs (for linux) which can be used decompile classes file to java? JD-GUI allows me to save the file as a java, however it does not provide a CLI commands to do so.
2.) In addition to that, due to the large number of files in the jar file, are there any classes file which can be ignored for static analysis? For example classes which are know to be non-malicious in nature. But are often used in APKs.
Thanks for any help in advance
Related
and who met a real program to compress and decompress files on wp7 ( as pocket rar or 7-zip windows mobile)?
The phone supports the ZIP format by default, although it only offers a UI for unzipping files. RAR is proprietary crap with a restrictive license. Either one can technologically be implemented in an app just fine (legally, RAR is much trickier if you want to include compression, but decompressors for the format are available in source code form). I question the need for a compression utility on WP7, but if you want to write one, go right ahead; the source code exists and you can either do it entirely in managed code or use a native library and access it through COM.
[Introduction]
So i wanted to poke around some android app and while at it get some idea about android/java reversing.
I've never dealt with java or android to any significant degree, all the more interesting stuff to discover.
I think what i discovered over past couple of day could be usefull to your community so i decided to share it.
Seems like it's a generally accepted fact on android scene that it's impossible to modify .class files at high level, as in by modifying their decompiled .java sources and everyone goes about it through disassembly to dalvik instructions(or perhaps smali is a bit higher level representation) and whatnot and then reassembling, using decompiled code just for reference...
When talking about programming languages/systems that compile to pseudo-code that's later jitted or translated into native code, i've dealt with something similar before
once before when i poked around flash/actionscript 3 reversing, while there were decompilers for actionscript 3 available and particular swf wasn't even obfuscated it wasn't really possible to use decompiled output to make some small changes to significally large project cause of decompiler errors, as in flash you have to compile it all at once or not at all.
There also existed tools that enabled disassembling to as3 AAVM opcodes level, making changes if you can wrap your head around that bytecode language and reassembling back.
But who is fluent in as3 or java or dalvik VM bytecode language except their creators and why would they be? Sure small changes are possible but a pain even at that...
When by some chance i ended up prodding some java i remembered hearing that people are making that Minecraft mods and they don't have original full sources, they just replace/add classfiles to minecraft.jar.
I though "hey that should be possible for android apps" and driven mostly with reverse-engineering curiousity set out to check my hypothesis.
Turns out there's no such thing as "android compiler", since android build process uses javac standard java sdk compiler and java allows compiling single class files and linking against .jar file containing compiled .class files as a library.
Requirements:
1. Dex2jar
2. Android adt bundle
3. Java jdk 1.7
4. Optional : apktool
The guide itself
1. Run dex2jar yourapp.apk
2. Use jd-gui or whatever to get source code of .class file you're interested in inside that apk.
Take note that decompilers don't always produce outright recompilable code
Simplest example jd-gui produces outputs that imports R.strings etc, while javac want it to be a single R import
You can try different java decompilers or fix up the code yourself. Some .class files most decomilers will fail to tackle but those are a minority.
If app is not proguarded it's mostly at your mercy.
3. Modify .java source code of class as you see fit.
4. (optional) You can also do some layout, drawable etc editing(obtained from apktool or whatnot) in a comfortable way if you re-import res folder contents into Eclipse project res.
5. Download android sdk stuff for android api version your app was made for with adt sdk manager tool You're interested particularly in android.jar library, perhaps andorid-support.jar. Maybe you can link against newer library versions, dunno. For my app developer stated minimum required android version so i linked against that jars, but as to how to find out what android version app requires, you can look at android folder in your undexed jar, android\support\v4
v4 = android api 4, android 1.6 version
6. javac -target 1.6(this is not android 1.6, it's java bytecode and source compliance, by default current jdk 1.7 produces "invalid magic cafebabe" error later from dx) -source 1.6 -classpath path_to\classes.jar(obtained from dex2jar);path_to_android_adt\sdk\platforms\android-(required version)\android.jar;(maybe include android-support classpath, worked for me without) path_to\your_modified_class(but named same as originally).java
Like
C:\Program Files\Java\jdk1.7.0_25\bin\javac -target 1.6 -source 1.6 -classpath C:\Users\User\Desktop\testapp\classes.jar;E:\adt-bundle-windows-x86-20130717\sdk\platforms\android-4\android.jar C:\Users\User\Desktop\testapp\someclass.java
If you fed javac valid java code it'll spit out valid .class file, otherwise read it's error output and perform steps to fix that errors.
7. Plug your newly created classfile back into it's jar, use winrar, windows explorer(by renaming it to zip) or whatever.
Javac can produce a differently fragmented classfile than one originally in jar so you may want to delete yourclassname.class
yourclassname$1.class yourclassname$2.class yourclassname$3$1.class ... from jar first.
8. Now it time for our java bytecode to go Dalvik
Dx your updated jar
E:\adt-bundle-windows-x86-20130717\sdk\build-tools\17.0.0\dx.bat --dex --no-optimize --output classes.dex classes.jar
9. Plug your updated classes.dex back into original apk
Delete META-INF folder from apk to "unsign" it while you're at it.
10. Re-sign apk with
C:\Program Files\Java\jdk1.7.0_25\bin\keytool -genkey -v -keystore my-release-key.keystore -alias alias_name -keyalg RSA -keysize 2048 -validity 10000
C:\Program Files\Java\jdk1.7.0_25\bin\jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore my-release-key.keystore my_application.apk alias_name
11. Zipalign
E:\adt-bundle-windows-x86-20130717\sdk\tools\zipalign\zipalign -v 4 your_project_name-unaligned.apk your_project_name.apk
12. Install modified apk
This whole thing relies on the fact that while fully recompilable autmatic decompilation of java project of any complexity isn't feasible like always, decompilers are capable of producing large portion of mostly correct code, and java allows you to recompile exclusively that parts you're interested in which could very well end up being correctly decompiled outright or require just minor fixups and you don't have to deal with the fact that your decompiler produced thousands of errors in OTHER classfiles that your class depends on.
I guess even in case target app is obfuscated/proguarded having ability to deal with it on .java level and not disassemly level could still be of great benefit.
thankfull for your efforts dude ...!!!
You did great job...
I have one problem i know how to convert .dex to .smali
but dont get that how to convert .smali to .java source code
i have read ur post after 4th point i dont get ur post can u please explain it deeply
I m new at xda as well in android I want to modify online game for that i want to convert that apk into java source code and then modify it please help
thankyou....!!!
:good::good::good::good::good::good::good:
---------- Post added at 09:28 PM ---------- Previous post was at 09:24 PM ----------
can u make a video tutorial for this project????
i m pressing thank button for your efforts...!!!!
:laugh::laugh::laugh:
Thanks man! That's what i have been looking for
@aashishb4u It's a bit late to answer this question maybe, but anyways...
I don't think there is a smali to java convertor out there, but anyways, you would not need it.
You can get the .jar with "dex2jar" (and then get the .java file after decompiling it with "jd-gui", for example) directly from the classes.dex file, as for the smali code. Which means converting this outputed .smali to .java would not give you more information than the converting .dex to .java (as we usually do), if not less, since it would just add 1 more intermediate than needed.
By the way, thanks for this post @Wrongusername, it was really what I was looking for.
Hello
I am new to this , how do you extract classes.cdex from zip files of stock rom
Hello Everyone,
I was wondering, in this day and age what tools do I need for decompiling APK Files? I am also assuming that these tools would also serve me well if I just wanted to edit a file in an APK. If not, then what tools do I need for that as well?
I have scoured the net and found pages that gives many different answers. However those pages are from 2012 on back. So it could be old out dated information.
For now I am assuming the minimum Java JDK, Eclipse (or the new program that was highlighted a month back here on XDA but I forget the name of it), Android SDK, and a Java Decompiler (But which one is best??)
Guidance...Anyone...Anyone...Bueller?
After 52 Views no one has any suggestions? If you all think I answered my own question, that's fine but at least if someone has a suggestion on what a good JAVA Decompiler is to use, that would be helpful?
Thanks all.
Neither Eclipse nor the SDK would help you decompile apps.
To get the resources, use Apktool.
To get the Java, use Dex2jar and JDGUI.
Or use a simplified tool like VTS.
Bytecode Viewer is an Advanced Lightweight Java Bytecode Viewer, GUI APK Decompiler, GUI DEX Decompiler, GUI Procyon Java Decompiler, GUI CFR Java Decompiler, GUI FernFlower Java Decompiler, GUI Jar-Jar, Hex Viewer, Code Searcher, Debugger and more.
It's written completely in Java, and it's open sourced. It's currently being maintained and developed by Konloch.
There is also a plugin system that will allow you to interact with the loaded classfiles, for example you can write a String deobfuscator, a malicious code searcher, or something else you can think of.
You can either use one of the pre-written plugins, or write your own. It supports groovy, python and ruby scripting. Once a plugin is activated, it will execute the plugin with a ClassNode ArrayList of every single class loaded in BCV, this allows the user to handle it completely using ASM 3.3.
Key Features:
APK/DEX Support - Using Dex2Jar and Jar2Dex it's able to load and save APKs with ease!
Java Decompiler - It utilizes FernFlower, Procyon and CFR for decompilation.
Bytecode Decompiler - A modified version of CFIDE's.
Hex Viewer - Powered by JHexPane.
Each Decompiler/Viewer is toggleable, you can also select what will display on each pane.
Fully Featured Search System - Search through strings, functions, variables and more!
A Plugin System With Built In Plugins - (Show All Strings, Malicious Code Scanner, String Decrypters, etc)
Fully Featured Scripting System That Supports Groovy, Python And Ruby.
EZ-Inject - Graphically insert hooks and debugging code, invoke main and start the program.
Recent Files & Recent Plugins.
And more! Give it a try for yourself!
Code from various projects has been used, including but not limited to:
J-RET by WaterWolf
JHexPane by Sam Koivu
RSynaxPane by Robert Futrell
Commons IO by Apache
ASM by OW2
FernFlower by Stiver
Procyon by Mstrobel
CFR by Lee Benfield
CFIDE by Bibl
Contributors:
Konloch
Bibl
Fluke
Righteous
sahitya-pavurala
priav03
Afffsdd
Website: https://bytecodeviewer.com
Source Code: https://github.com/konloch/bytecode-viewer
Bin/Archive: https://github.com/konloch/bytecode-viewer/releases
Java Docs: https://the.bytecode.club/docs/bytecode-viewer/
License (Copyleft): https://raw.githubusercontent.com/Konloch/bytecode-viewer/master/LICENSE
Report Bugs (or below): https://github.com/Konloch/bytecode-viewer/issues
__________________________________________________________________________
Thanks for the hardwork, Will try it out...
Congrats!!
A "must-have" tool for sure... Thanks for your hard work!!!
Thanks! If any of you have any questions, or have a suggestion just reply here and I'll answer asap.
2.6.0 is out now! The biggest feature is smali editing. You can download it here https://github.com/Konloch/bytecode-viewer/releases/tag/v2.6.0
2.9.0 is released, contains LOTS of improvements for android APKs! If you've tried BCV in the past I urge you to try it again, you'll love the updates.
Konloch said:
2.9.0 is released, contains LOTS of improvements for android APKs! If you've tried BCV in the past I urge you to try it again, you'll love the updates.
Click to expand...
Click to collapse
I tried the v2.9.2 today, but was unable to make it work properly.
Used OpenJDK/JRE 7, 8, 9 on a ubuntu 14.04 with no success.
I get a blank window - I can open a file with control + o, but each time the app gives a message about not finding the temporary file which is supposed to be created (but isn't) in /home/user/.Bytecode-Viewer/bcv_temp/
I don't have any spaces in my path.
I see dex2jar running on the apk, but nothing gets created in the bcv_temp
I tried with different apks with no success.
I can decompile my apk just fine with jadx & apktool.
adwinp said:
I tried the v2.9.2 today, but was unable to make it work properly.
Used OpenJDK/JRE 7, 8, 9 on a ubuntu 14.04 with no success.
I get a blank window - I can open a file with control + o, but each time the app gives a message about not finding the temporary file which is supposed to be created (but isn't) in /home/user/.Bytecode-Viewer/bcv_temp/
I don't have any spaces in my path.
I see dex2jar running on the apk, but nothing gets created in the bcv_temp
I tried with different apks with no success.
I can decompile my apk just fine with jadx & apktool.
Click to expand...
Click to collapse
would you be able to add kalenkinloch on Skype to help me debug this issue more?
Bytecode Viewer on Android?!
Looks like an amazing tool!
Any chance it could be released as an Apk to run directly on Android devices?
Not having a PC and so using Show Java (com.njlabs.showjava) and AIDE (com.aide.ui).
Would be most interested to add Bytecode Viewer to my tool case!
Thank you!
Is there a quick start guide of sorts for this? Recompiling .java files seems promising as I am trying to disinfect a custom lockscreen APK to no avail.
And would it be possible for this to interface with the Android Studio/SDK, especially in case you're more comfortable with editing .java sources instead of having to decipher lines upon lines of bytecode?
I need to supply my jar file for customer's Android project.
What way I should assemble this jar?
Now I have 'apply java' in my build and I can run all tasks supplied by java plugin.
But if I want create jar for Android application so I have to run build with
plugin: 'com.android.application' instead 'java' plugin, correct?
So I should remove from build all tasks supplied by java plugin and assemble jar based on android tasks, correct?
Advise please how correctly to deal with this?
Thanks in advance.