Made by 李文栋
2010-12-13 Monday 于北京
一、反编译流程图
二、工具使用方法(命令)
准备工作
假设我的工作目录为 $AndroidDecompile,首先要将system.img中(或者说从源码中编译好的)几个重要的odex文件拷贝到工作目录中,他们是:core.odex, ext.odex, framework.odex, android.policy.odex, services.odex(也可以放在别的目录,通过设置BOOTCLASSPATH指定,默认就是当前目录,关于BOOTCLASSPATH请参考baksmali的帮助信息)。
下载以下工具到 $AndroidDecompile中:
Baksmali :
https://code.google.com/p/smali/downloads/list
Smali :
https://code.google.com/p/smali/downloads/list
Dex2jar :
https://code.google.com/p/dex2jar/downloads/list
JD-GUI (Java Decompile GUI) :
https://java.decompiler.free.fr/?q=jdgui<!--[if !supportNestedAnchors]--><!--[endif]-->
Apktool
https://code.google.com/p/android-apktool/downloads/list
假设我们有一个应用,它的类文件编译后被单独拿了出来,即有两个文件app.apk和app.odex,把他们放在 $AndroidDecompile下。
1.
使用 baksmali.jar
将 odex
文件分解为 smali
文件
$ java –jar baksmali-1.2.5.jar –x app.odex
如果成功的话,会在 $AndroidDecompile下生成一个 out目录,里面是一些以“.smali”为后缀名的文件,在此不深究这些文件的作用。
2.
使用 smali.jar
将 out/
目录下的smali
文件转换为 classes.dex
$ java -Xmx512M –jar smali-1.2.5.jar out –o classes.dex
classes.dex便是Dalvik VM所使用的编译后的类文件格式,在正常的apk文件里都会有。
3.
使用 dex2jar
将classes.dex
反编译为jar
文件
将下载后的dex2jar压缩包解压后,里面会有dex2jar.sh(和dex2jar.bat)文件,假如classes.dex文件与dex2jar.sh在同一目录下,使用以下方式将classes.dex反编译为jar文件:
$dex2jar.sh classes.dex
如果执行成功,则会在当前目录下生成反编译后的文件classes.dex.dex2jar.jar。
dex2jar即可以操作dex文件,也可以直接操作apk文件,它的使用规则为:
dex2jar file1.dexORapk file2.dexORapk ...
4.
使用JD-GUI
查看反编译后的jar
文件
JD-GUI是一个可视化的Java反编译代码查看器,它可以实时的将class文件反编译成java文件进行查看。解压下载的jd-gui文件,执行目录中的jd-gui可执行文件启动,然后加载上一步中反编译好的classes.dex.dex2jar.jar文件即可。
5.
将从odex
反编译后的classes.dex
与其他资源文件重新打包成一个完整的apk
以上我们假设的情况是应用程序编译后的类文件从apk文件中被剥离出来,下面要做的是如何将上述步骤中得到的classes.dex与apk中的其他文件重新打包成一个可用的apk。
首先将反编译后的classes.dex和原先的app.apk(不含classes.dex)重新压缩成一个完整的app.apk(apk文件可用压缩工具打开),也就是说将classes.dex放进app.apk中。
将下载的AutoSign文件解压,可以看到有signapk.jar(还有个Sign.bat)文件,执行以下命令给app.apk文件签名,就可以生成一个可以运行的apk文件了。
$ java -jar signapk.jar testkey.x509.pem testkey.pk8 app.apk app_signed.apk
6. apktool
的使用
网上还有个工具是apktool,可以对apk进行解析,反编译资源文件,并将类文件解析成smali文件;同时还可以将解析后的文件重新打包成apk。功能和以上介绍的几个工具类似,它的使用方法如下:
apktool d app.apk and 反编译 app.apk到文件夹and
apktool b app 从文件夹app重建APK,输出到ABC\dist\out.apk
具体的使用方法在此不再赘述,请参考官方网站,或者:
https://www.geeka.net/2010/05/apktool-decode-android-google-code/
7. 我的 $AndroidDecompile目录下的文件的截图
三、一些工具的帮助信息
1. baksmali
的帮助信息
usage: java -jar baksmali.jar [options] <dex-file>
disassembles and/or dumps a dex file
-?,--help Prints the help message then exits.
-b,--no-debug-info Specify twice for debug options
don't write out debug info (.local,
.param, .line, etc.)
-c,--bootclasspath <BOOTCLASSPATH> The bootclasspath jars to use, for
analysis. Defaults to
core.jar:ext.jar:framework.jar:andro
id.policy.jar:services.jar. If the
value begins with a :, it will be
appended to the default
bootclasspath instead of replacing it
-d,--bootclasspath-dir <DIR> The base folder to look for the
bootclasspath files in. Defaults to
the current directory
-f,--code-offsets Add comments to the disassembly
containing the code offset for each address
-l,--use-locals Output the .locals directive with
the number of non-parameter
registers, rather than the .register
-o,--output <DIR> Directive with the total number of register
the directory where the disassembled
files will be placed. The default is out
-p,--no-parameter-registers Use the v<n> syntax instead of the
p<n> syntax for registers mapped to
method parameters
-r,--register-info <REGISTER_INFO_TYPES> Print the specificed type(s) of
register information for each
instruction. "ARGS,DEST" is the
default if no types are specified.
Valid values are:
ALL: all pre- and post-instruction registers.
ALLPRE: all pre-instruction registers
ALLPOST: all post-instruction registers
ARGS: any pre-instruction registers
used as arguments to the instruction
DEST: the post-instruction
destination register, if any
MERGE: Any pre-instruction register
has been merged from more than 1
different post-instruction register
from its predecessors
FULLMERGE: For each register that
would be printed by MERGE, also show
the incoming register types that
were merged
-s,--sequential-labels Create label names using a
sequential numbering scheme per
label type, rather than using the
bytecode address
-v,--version Prints the version then exits
-x,--deodex Deodex the given odex file. This
option is ignored if the input file
is not an odex file
2. smali
的帮助信息
usage: java -jar smali.jar [options] [--] [<smali-file>folder]*
assembles a set of smali files into a dex file
-?,--help prints the help message then exits. Specify twice for
debug options
-o,--output <FILE> the name of the dex file that will be written. The default
is out.dex
-v,--version prints the version then exits
3. auto-sign
的帮助信息
SignApk.jar is a tool included with the Android platform source bundle.
testkey.pk8 is the private key that is compatible with the recovery image included in this zip file
testkey.x509.pem is the corresponding certificate/public key
Usage:
java -jar signapk.jar testkey.x509.pem testkey.pk8 update.zip update_signed.zip
4. apktool
的帮助信息
Apktool v1.3.2 - a tool for reengineering Android apk files
Copyright 2010 Ryszard Wi?niewski <[email protected]>
Apache License 2.0 (https://www.apache.org/licenses/LICENSE-2.0)
Usage: apktool [-v--verbose] COMMAND [...]
COMMANDs are:
d[ecode] [OPTS] <file.apk> [<dir>]
Decode <file.apk> to <dir>.
OPTS:
-s, --no-src
Do not decode sources.
-r, --no-res
Do not decode resources.
-d, --debug
Decode in debug mode. Check project page for more info.
-f, --force
Force delete destination directory.
-t <tag>, --frame-tag <tag>
Try to use framework files tagged by <tag>.
--keep-broken-res
Use if there was an error and some resources were dropped, e.g.:
"Invalid config flags detected. Dropping resources", but you
want to decode them anyway, even with errors. You will have to
fix them manually before building.
b[uild] [OPTS] [<app_path>] [<out_file>]
Build an apk from already decoded application located in <app_path>.
It will automatically detect, whether files was changed and perform
needed steps only.
If you omit <app_path> then current directory will be used.
If you omit <out_file> then <app_path>/dist/<name_of_original.apk>
will be used.
OPTS:
-f, --force-all
Skip changes detection and build all files.
-d, --debug
Build in debug mode. Check project page for more info.
ifinstall-framework <framework.apk> [<tag>]
Install framework file to your system.
For additional info, see:
https://code.google.com/p/android-apktool/
四、参考资料
1. Smali
https://code.google.com/p/smali/
https://www.geeka.net/2010/05/android-apk-odex-classes-dex/
2. ApkTool
https://code.google.com/p/android-apktool/
https://www.geeka.net/2010/05/apktool-decode-android-google-code/
标签:dex,反编译,文件,--,jar,apk,classes,整理,Android From: https://blog.51cto.com/u_15070324/6090640