反编译 apk
apk 就是普通的 zip 文件 unzip a.apk -d a
就能解压缩,但是xml等资源文件都是二进制的,不能直接查看,因此需要反编译
反编译的大致流程就是
- apktool 反编译出资源文件
- dex2jar 将 apk 中 dex 文件转为 jar 文件
- jd-gui 查看 jar 文件
apktool
- Disassembling resources to nearly original form (including resources.arsc, classes.dex, 9.png. and XMLs)
- Rebuilding decoded resources back to binary APK/JAR
- Organizing and handling APKs that depend on framework resources
- Smali Debugging
- Helping with repetitive tasks
反编译
参数 d 或者 decode 即可反编译apk,-o
可指定目标文件夹
$ apktool d foo.jar
// decodes foo.jar to foo.jar.out folder
$ apktool decode foo.jar
// decodes foo.jar to foo.jar.out folder
$ apktool d bar.apk
// decodes bar.apk to bar folder
$ apktool decode bar.apk
// decodes bar.apk to bar folder
$ apktool d bar.apk -o baz
// decodes bar.apk to baz folder
重新构建
修改完成后可以使用 b
或者 build
参数重新打包成 apk
$ apktool b foo.jar.out
// builds foo.jar.out folder into foo.jar.out/dist/foo.jar file
$ apktool build foo.jar.out
// builds foo.jar.out folder into foo.jar.out/dist/foo.jar file
$ apktool b bar
// builds bar folder into bar/dist/bar.apk file
$ apktool b .
// builds current directory into ./dist
$ apktool b bar -o new_bar.apk
// builds bar folder into new_bar.apk
$ apktool b bar.apk
// WRONG: brut.androlib.AndrolibException: brut.directory.PathNotExist: apktool.yml
// Must use folder, not apk/jar file
framework
部分 apk 以来系统,需要将系统的 framework 先加入 apktool 之后再反编译,具体可参考官方文档
$ apktool if framework-res.apk
dex2jar
d2j-dex2jar.sh classes.dex
-o 可指定输出文件位置
jd-gui
直接打开 jar 或可执行文件即可
Procyon / Java Decompiler
见有人推荐这个 Decompiler,没用过的朋友可以试试
// 显示帮助
$ java -jar decompiler.jar
$ java -jar decompiler.jar -?
// 反编译单文件
$ java -jar decompiler.jar java.lang.String
$ java -DAnsi=true -jar decompiler.jar java.util.Collections
// 反编译 jar 到目录
$ java -jar decompiler.jar -jar myJar.jar -o out
另有 3 个 gui 版本
SecureTeam Java Decompiler
A JavaFX-based decompiler front-end with fast and convenient code navigation. Download it, or launch it directly from your browser.
Luyten
An open source front-end by deathmarine.
Bytecode Viewer is an open source Java decompilation, disassembly, and debugging suite by @Konloch. It can produce decompiled sources from several modern Java decompilers, including Procyon, CFR, and FernFlower.