Article Directory
Introduction to JADX
GitHub address: https://github.com/skylot/jadx
JADX supports decompiling dalvik bytecode in APK, dex, aar, zip to Java code, and also supports decompiling AndroidManifest.xml and resources.arsc resources.
JADX installation
First install JDK1.8 or above, Git , and the Android development environment.
Create the path of the JADX storage file to be downloaded, then switch to the directory on the command line and execute the following command:
git clone https://github.com/skylot/jadx.git
cd jadx
./gradlew dist This operation may take a while
If you run ./gradlew dist
into an error:
PKIX path building failed...省略
注意查看是连接哪个网址发生错误。
From which URL to connect here, it is found that it is a gradle error . The solution:
1. Enter the gradle URL in chrome: https://gradle.org/
2. Click the lock icon in the URL input field
3. Click the certificate to view the details
4. Then drag the certificate to the directory to be stored
5. Check the cacerts list, switch to the security path of JAVA (the local path is: /Library/Java/JavaVirtualMachines/jdk1.8.0_271.jdk/Contents/Home/jre/lib/security/
), execute the command line: keytool -list -keystore cacerts 路径
, and the local path is:
keytool -list -keystore /Library/Java/JavaVirtualMachines/jdk1.8.0_271.jdk/Contents/Home/jre/lib/security/cacerts
The default password is changeit
.
6. Import the certificate and execute the command (still in the path: /Library/Java/JavaVirtualMachines/jdk1.8.0_271.jdk/Contents/Home/jre/lib/security/
):
keytool -importcert -file 第4步存储的证书路径地址
The default password is changeit
.
If there is no permission here, under the Mac system, here is required: sudo keytool -importcert -file 第4步存储的证书路径地址
.
7. Then switch to the JADX storage file path, and execute the command line:
cd jadx
./gradlew dist This operation may take a while
JADX use
Enter the JADX storage file path, enter jadx/build/jadx/bin
the directory , and execute the command line:
cd jadx/build/jadx/bin
Double-click gadx-gui, as shown below:
Then click the menu file in the upper left corner and select the file to open: APK or dex or arr or zip.
Here is the Android APK of Himalaya downloaded from the Internet . After importing, the picture is as follows:
At this point, the brief introduction of the JADX tool is over. It can be said that this tool is easy to use, concise, powerful, and very suitable for decompilation.
Usually, the decompiled APK function:
- Whether the code meets expectations, that is, after compression (shrinker), optimization (optimizer), obfuscator (obfuscator), whether the Java code (data model class) meets expectations, whether the resource ID in R.java code meets expectations, AndroidManifest.xml Are there any errors in the referenced class of the file, whether the resource image is displayed abnormally, etc.
- When repairing heat, check the code diff between the repaired APK and the original APK to see if the repair meets expectations.
- Check whether the APK has security issues, whether the source code is easy to be interpreted, whether the key code or important private KEY (RSA, AES and other keys, user information, etc.) in the source code are easy to get, etc.
Replenish
To decompile Android APK, at least you need to understand the meaning of APK directory structure and APK packaging process, here is a brief introduction.
APK directory structure meaning
Here is still taking the Himalayan Android APK as an example, directly drag the APK into AndroidStudio:
- res: files with resources, such as drawable, anim, layout, etc.;
- lib: support CPU architecture corresponding to an ABI (armeabi, armeabi-v7a, x86, mips, arm64-v8a, mips64, x86_64) related so library;
- assets: resource files, but the files will not be compressed or compiled into binary;
- META-INF : signature file;
- AndroidManifest.xml: manifest list file, four major components, permissions, metadata and other configuration information;
- classes.dex: Java code written, R.java, dex file generated by aidl-related Java code compiled by virtual machine;
- resources.arsc: Establish the mapping relationship between the res file and the R.java file;
- Other: various configuration files.
APK packaging process
- The aapt tool packs resource files and generates R.java files;
- The aidl tool processes AIDL files and generates corresponding .java files;
- The javac tool compiles Java files and generates corresponding .class files;
- Convert .class files into .dex files supported by Davik VM;
- The apkbuilder tool packs and generates unsigned .apk files;
- jarsigner or apksigner to sign the unsigned .apk file;
- The zipalign tool aligns the signed .apk file;
The reason why the zipalign tool aligns signed .apk files: The purpose is to ensure that all uncompressed data starts with a specific alignment relative to the beginning of the file. Specifically, it causes all uncompressed data in the APK, such as images or raw files, to be aligned on 4-byte boundaries. After alignment, the system can call resources in the APP more quickly.