1. Overview
Decompilation can be said to be a skill that is often used in the IT industry. On the one hand, it is to learn and research other products, and on the other hand, it is also to improve the security of your own products. Today, the editor recommends two decompilation artifacts for you.
2. JD-GUI
JD-GUI Java decompilation tool is pure green, completely free, very suitable for developers, and its interface is also simple and elegant. There are two ways to install JD-GUI under mac.
1. Go to the official website to download the corresponding installation package http://jd.benow.ca , download the .dmg file and install it.
2. Command line installation, install homebrew, enter the command line: ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install )", then execute brew cask install jd-gui to complete the installation.
Note: At present, there is a problem, JD-GUI will flash back when opened under mac Sierra, the reason is that if you have installed jdk-9.xx or above, the avoidance method is to uninstall jdk-9.xx and install jdk-9.xx below Version.
Steps to uninstall the jdk version: first check the jdk version,
ls /Library/Java/JavaVirtualMachines/, and then execute
sudo rm -rf /Library/Java/JavaVirtualMachines/jdkxxx.jdk, where jdkxxx is the found jdk version number.
The use of JD-GUI is relatively simple, drag the jar file directly, then view the .class, and save the generated java file.
The interface is as follows:
3. In the development process of Android applications, IDA
sometimes uses the functions implemented by c/c++, and also uses the development skills related to JNI and NDK.
The full name of JNI is Java Native Interface, a Java localization interface, which can call the API provided by the system through JNI. The operating system, whether it is Linux, Windows or Mac OS, or some underlying hardware drivers written in assembly language are written in C/C++.
Unlike C/C++, Java is not directly compiled into platform machine code, but is compiled into a .class file of Java bytecode that can be run by a virtual machine, and is instantly compiled into local machine code through JIT technology, so it is more efficient than Without C/C++ code, JNI technology solves this pain point. JNI can be said to be an adapter and middleware for communication between C language and Java language.
NDK is a set of development and compilation tools developed by Google, which can generate dynamic link libraries, mainly used for JNI development of Android.
Since the code of the java layer is easy to be decompiled, and it is more difficult to decompile the c/c++ program, the core part of the android application can usually be developed using the NDK. The general process is to use the NDK to develop and compile the c/c++ program, finally generate the so file, and then load the so in the android project to realize the corresponding functions.
If we want to refer to the implementation details of an android application, but it happens that the core functions use the so file, then IDA comes in handy.
IDA can disassemble the so file, so as to convert the binary code into assembly language, and at the same time use IDA's F5 function to decompile the assembly language into c/c++ programs for our study and study.
The following is the interface of IDA, you can directly drag the so file into it.
After importing the so file, the following window opens automatically:
Select the function below the Functions window and press F5 to directly convert the assembly to c/c++. Of course, it will not be 100% restored. We need to understand the assembly syntax to better view the code.