Android APK decompilation tool JADX

Mobile 2023-06-12 12:20:54 views: null

Article Directory

Introduction to JADX

GitHub address: https://github.com/skylot/jadx

JADX supports decompiling dalvik bytecode in APK, dex, aar, zip to Java code, and also supports decompiling AndroidManifest.xml and resources.arsc resources.

JADX installation

First install JDK1.8 or above, Git , and the Android development environment.

Create the path of the JADX storage file to be downloaded, then switch to the directory on the command line and execute the following command:

git clone https://github.com/skylot/jadx.git
cd jadx
./gradlew dist This operation may take a while

If you run ./gradlew distinto an error:

PKIX path building failed...省略
注意查看是连接哪个网址发生错误。

From which URL to connect here, it is found that it is a gradle error . The solution:

1. Enter the gradle URL in chrome: https://gradle.org/

2. Click the lock icon in the URL input field

3. Click the certificate to view the details

4. Then drag the certificate to the directory to be stored

5. Check the cacerts list, switch to the security path of JAVA (the local path is: /Library/Java/JavaVirtualMachines/jdk1.8.0_271.jdk/Contents/Home/jre/lib/security/), execute the command line: keytool -list -keystore cacerts 路径, and the local path is:

keytool -list -keystore  /Library/Java/JavaVirtualMachines/jdk1.8.0_271.jdk/Contents/Home/jre/lib/security/cacerts

The default password is changeit.

6. Import the certificate and execute the command (still in the path: /Library/Java/JavaVirtualMachines/jdk1.8.0_271.jdk/Contents/Home/jre/lib/security/):

keytool  -importcert  -file 第4步存储的证书路径地址

The default password is changeit.

If there is no permission here, under the Mac system, here is required: sudo keytool -importcert -file 第4步存储的证书路径地址.

7. Then switch to the JADX storage file path, and execute the command line:

cd jadx
./gradlew dist This operation may take a while

JADX use

Enter the JADX storage file path, enter jadx/build/jadx/binthe directory , and execute the command line:

cd jadx/build/jadx/bin

Double-click gadx-gui, as shown below:

Then click the menu file in the upper left corner and select the file to open: APK or dex or arr or zip.

Here is the Android APK of Himalaya downloaded from the Internet . After importing, the picture is as follows:

At this point, the brief introduction of the JADX tool is over. It can be said that this tool is easy to use, concise, powerful, and very suitable for decompilation.

Usually, the decompiled APK function:

  1. Whether the code meets expectations, that is, after compression (shrinker), optimization (optimizer), obfuscator (obfuscator), whether the Java code (data model class) meets expectations, whether the resource ID in R.java code meets expectations, AndroidManifest.xml Are there any errors in the referenced class of the file, whether the resource image is displayed abnormally, etc.
  2. When repairing heat, check the code diff between the repaired APK and the original APK to see if the repair meets expectations.
  3. Check whether the APK has security issues, whether the source code is easy to be interpreted, whether the key code or important private KEY (RSA, AES and other keys, user information, etc.) in the source code are easy to get, etc.

Replenish

To decompile Android APK, at least you need to understand the meaning of APK directory structure and APK packaging process, here is a brief introduction.

APK directory structure meaning

Here is still taking the Himalayan Android APK as an example, directly drag the APK into AndroidStudio:

  1. res: files with resources, such as drawable, anim, layout, etc.;
  2. lib: support CPU architecture corresponding to an ABI (armeabi, armeabi-v7a, x86, mips, arm64-v8a, mips64, x86_64) related so library;
  3. assets: resource files, but the files will not be compressed or compiled into binary;
  4. META-INF : signature file;
  5. AndroidManifest.xml: manifest list file, four major components, permissions, metadata and other configuration information;
  6. classes.dex: Java code written, R.java, dex file generated by aidl-related Java code compiled by virtual machine;
  7. resources.arsc: Establish the mapping relationship between the res file and the R.java file;
  8. Other: various configuration files.

APK packaging process

  1. The aapt tool packs resource files and generates R.java files;
  2. The aidl tool processes AIDL files and generates corresponding .java files;
  3. The javac tool compiles Java files and generates corresponding .class files;
  4. Convert .class files into .dex files supported by Davik VM;
  5. The apkbuilder tool packs and generates unsigned .apk files;
  6. jarsigner or apksigner to sign the unsigned .apk file;
  7. The zipalign tool aligns the signed .apk file;

The reason why the zipalign tool aligns signed .apk files: The purpose is to ensure that all uncompressed data starts with a specific alignment relative to the beginning of the file. Specifically, it causes all uncompressed data in the APK, such as images or raw files, to be aligned on 4-byte boundaries. After alignment, the system can call resources in the APP more quickly.

Guess you like

Origin blog.csdn.net/wangjiang_qianmo/article/details/110938916
Recommended
TIOBE May list: Fortran “resurrected” into Top 10
GCC 14.1 released
Ranking
B. Little Girl and Game【1300 / 回文字符串 博弈论】
CIKERS Shane 20190613
"Javascript advanced programming" study notes - the constructor and prototype
beeline hiveserver2 start
springboot - Automatically backup mysql data every day
Data Storage Full Solution--Detailed Persistence Technology
Detailed Explanation of Spring Web MVC DispatcherServlet—Official Original
TCP / IP protocol layers structure and function
Command type literal pos: unknown; Fallback type literal pos: unknown] with root cause
Design of multifunctional curtain controller with indoor anti-theft alarm
Daily
More
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)

Code World

© 2018 codetd.com