反编译流程
这里仅关注java代码的反编译
步骤 | 工具 |
---|---|
apk(zip) -> dex代码 | 更改后缀名为.zip后用图形功能解析或直接命令行下unzip命 |
dex代码 -> jar代码(class文件 | 可选工具 dex2jar |
jar代码 -> java代码 | 可选工具 jd-gui |
工具安装
* 前提java运行环境要配置好呀! *
apktool
* apktool主要是用来还原Apk中所包含的resources.arsc,classes.dex(smali格式), 9.png 和 xml 等文件, 我常用来看AndroidManifest.xml文件的内容 *
参考官方指引 Install Instructions
【个人实践】
1.直接下载apktool.jar 下载地址
2.设置相关的环境变量使其能在终端访问即可
如代码是常用的配置(.base_profile文件的代码)
# for reverse engineering, java, android tools
alias apktool='java -jar ${HOME}/dev_tool/apktool_2.3.3.jar'
alias jdgui='java -jar ${HOME}/dev_tool/jd-gui-1.4.0.jar'
alias dex2jar='${HOME}/dev_tool/dex2jar-2.0/d2j-dex2jar.sh'
如下示例是decode bilibili app的效果
luogw@luogw-MacBook-Pro temp$ apktool d iBiliPlayer-bili.apk
I: Using Apktool 2.3.3 on iBiliPlayer-bili.apk
I: Loading resource table...
I: Decoding AndroidManifest.xml with resources...
S: WARNING: Could not write to (/Users/luogw/Library/apktool/framework), using /var/folders/s3/lg1rl_fn51ggy89fkxx8t7gc0000gn/T/ instead...
S: Please be aware this is a volatile directory and frameworks could go missing, please utilize --frame-path if the default storage directory is unavailable
I: Loading resource table from file: /var/folders/s3/lg1rl_fn51ggy89fkxx8t7gc0000gn/T/1.apk
I: Regular manifest package...
I: Decoding file-resources...
I: Decoding values */* XMLs...
I: Baksmaling classes.dex...
I: Baksmaling classes2.dex...
I: Baksmaling classes3.dex...
I: Baksmaling classes4.dex...
I: Copying assets and libs...
I: Copying unknown files...
I: Copying original files...
dex2jar
下载相应的zip包下载地址并解压到本地目录,配置好访问方式即可
解析后的所有文档需要加上可执行权限
即cd到dex2jar解析后的目标
chmod -R +x .
jd-gu
下载相应的jar包下载地址,配置好访问方式即可
实践示例
反编译Bili APP
步骤1(zip 2 dex)
unzip iBiliPlayer-bili.apk -d unzip-dis
解压后增加的文件如下
luogw@luogw-MacBook-Pro temp$ tree -L 2
.
├── iBiliPlayer-bili.apk
└── unzip-dis
├── AndroidManifest.xml
├── META-INF
├── assets
├── classes.dex
├── classes2.dex
├── classes3.dex
├── classes4.dex
├── isoparser-default.properties
├── lib
├── main
├── okhttp3
├── res
└── resources.arsc
7 directories, 8 files
步骤2(dex 2 class)
dex2jar的基本用法如下
d2j-dex2jar -- convert dex to jar
usage: d2j-dex2jar [options] <file0> [file1 ... fileN]
options:
-d,--debug-info translate debug info
-e,--exception-file <file> detail exception file, default is $current_dir/[fi
le-name]-error.zip
-f,--force force overwrite
-h,--help Print this help message
-n,--not-handle-exception not handle any exception throwed by dex2jar
-nc,--no-code
-o,--output <out-jar-file> output .jar file, default is $current_dir/[file-na
me]-dex2jar.jar
-os,--optmize-synchronized optmize-synchronized
-p,--print-ir print ir to Syste.out
-r,--reuse-reg reuse regiter while generate java .class file
-s same with --topological-sort/-ts
-ts,--topological-sort sort block by topological, that will generate more
readable code, default enabled
version: reader-2.0, translator-2.0, ir-2.0
接来把第一步骤的*.dex转成.class文件
luogw@luogw-MacBook-Pro unzip-dis$ dex2jar classes.dex classes2.dex classes3.dex classes4.dex
dex2jar classes.dex -> ./classes-dex2jar.jar
dex2jar classes2.dex -> ./classes2-dex2jar.jar
Detail Error Information in File ./classes2-error.zip
Please report this file to http://code.google.com/p/dex2jar/issues/entry if possible.
dex2jar classes3.dex -> ./classes3-dex2jar.jar
dex2jar classes4.dex -> ./classes4-dex2jar.jar
Detail Error Information in File ./classes4-error.zip
Please report this file to http://code.google.com/p/dex2jar/issues/entry if possible
步骤3(class 2 java)
使用jd-gui打开jar包,查看Java源码文件
luogw@luogw-MacBook-Pro unzip-dis$ jdgui classes-dex2jar.jar
注:使用jd-gui的另存功能,保存Java源码文件
TIPS
【推荐】如果只关注java代码,步骤1与步骤2可以直接使用dex2jar来完成,另外的好处是可以一次性处理多个dex文件,一般现在的APP代码量都很大,即使用了MultiDex,直接unzip会出来多个dex文件。
luogw@luogw-MacBook-Pro temp$ dex2jar iBiliPlayer-bili.apk
dex2jar iBiliPlayer-bili.apk -> ./iBiliPlayer-bili-dex2jar.jar