一、dex檔案轉為jar檔案
1.第一篇
Android 反編譯資料整理
Made by 李文棟 [email protected]
2010-12-13 Monday 于北京
一、反編譯流程圖
準備工作
假設我的工作目錄為 $AndroidDecompile,首先要将system.img中(或者說從源碼中編譯好的)幾個重要的odex檔案拷貝到工作目錄中,他們是:core.odex, ext.odex, framework.odex, android.policy.odex, services.odex(也可以放在别的目錄,通過設定BOOTCLASSPATH指定,預設就是目前目錄,關于BOOTCLASSPATH請參考baksmali的幫助資訊)。
下載下傳以下工具到 $AndroidDecompile中:
Baksmali :
<a href="http://code.google.com/p/smali/downloads/list">http://code.google.com/p/smali/downloads/list</a>
Smali :
Dex2jar :
<a href="http://code.google.com/p/dex2jar/downloads/list">http://code.google.com/p/dex2jar/downloads/list</a>
JD-GUI (Java Decompile GUI) :
AutoSign :
<a href="http://d.download.csdn.net/down/2768910/fjfdszj">http://d.download.csdn.net/down/2768910/fjfdszj</a>
Apktool
<a href="http://code.google.com/p/android-apktool/downloads/list">http://code.google.com/p/android-apktool/downloads/list</a>
假設我們有一個應用,它的類檔案編譯後被單獨拿了出來,即有兩個檔案app.apk和app.odex,把他們放在$AndroidDecompile下。
1. 使用 baksmali.jar 将 odex 檔案分解為 smali 檔案
$ java –jar baksmali-1.2.5.jar –x app.odex
如果成功的話,會在 $AndroidDecompile下生成一個 out目錄,裡面是一些以“.smali”為字尾名的檔案,在此不深究這些檔案的作用。
2. 使用 smali.jar将 out/目錄下的smali檔案轉換為 classes.dex
$ java -Xmx512M –jar smali-1.2.5.jar out –o classes.dex
classes.dex便是Dalvik VM所使用的編譯後的類檔案格式,在正常的apk檔案裡都會有。
3. 使用 dex2jar将classes.dex反編譯為jar檔案
将下載下傳後的dex2jar壓縮包解壓後,裡面會有dex2jar.sh(和dex2jar.bat)檔案,假如classes.dex檔案與dex2jar.sh在同一目錄下,使用以下方式将classes.dex反編譯為jar檔案:
$dex2jar.sh classes.dex
如果執行成功,則會在目前目錄下生成反編譯後的檔案classes.dex.dex2jar.jar。
dex2jar即可以操作dex檔案,也可以直接操作apk檔案,它的使用規則為:
dex2jar file1.dexORapk file2.dexORapk ...
4. 使用JD-GUI檢視反編譯後的jar檔案
JD-GUI是一個可視化的Java反編譯代碼檢視器,它可以實時的将class檔案反編譯成java檔案進行檢視。解壓下載下傳的jd-gui檔案,執行目錄中的jd-gui可執行檔案啟動,然後加載上一步中反編譯好的classes.dex.dex2jar.jar檔案即可。
5. 将從odex反編譯後的classes.dex與其他資源檔案重新打包成一個完整的apk
以上我們假設的情況是應用程式編譯後的類檔案從apk檔案中被剝離出來,下面要做的是如何将上述步驟中得到的classes.dex與apk中的其他檔案重新打包成一個可用的apk。
首先将反編譯後的classes.dex和原先的app.apk(不含classes.dex)重新壓縮成一個完整的app.apk(apk檔案可用壓縮工具打開),也就是說将classes.dex放進app.apk中。
将下載下傳的AutoSign檔案解壓,可以看到有signapk.jar(還有個Sign.bat)檔案,執行以下指令給app.apk檔案簽名,就可以生成一個可以運作的apk檔案了。
$ java -jar signapk.jar testkey.x509.pem testkey.pk8 app.apk app_signed.apk
6. apktool的使用
網上還有個工具是apktool,可以對apk進行解析,反編譯資源檔案,并将類檔案解析成smali檔案;同時還可以将解析後的檔案重新打包成apk。功能和以上介紹的幾個工具類似,它的使用方法如下:
apktool d app.apk and 反編譯 app.apk到檔案夾and
apktool b app 從檔案夾app重建APK,輸出到ABC\dist\out.apk
具體的使用方法在此不再贅述,請參考官方網站,或者:
<a href="http://www.geeka.net/2010/05/apktool-decode-android-google-code/">http://www.geeka.net/2010/05/apktool-decode-android-google-code/</a>
7. 我的 $AndroidDecompile目錄下的檔案的截圖
三、一些工具的幫助資訊
1. baksmali 的幫助資訊
usage: java -jar baksmali.jar [options] <dex-file>
disassembles and/or dumps a dex file
-?,--help Prints the help message then exits.
-b,--no-debug-info Specify twice for debug options
don't write out debug info (.local,
.param, .line, etc.)
-c,--bootclasspath <BOOTCLASSPATH> The bootclasspath jars to use, for
analysis. Defaults to
core.jar:ext.jar:framework.jar:andro
id.policy.jar:services.jar. If the
value begins with a :, it will be
appended to the default
bootclasspath instead of replacing it
-d,--bootclasspath-dir <DIR> The base folder to look for the
bootclasspath files in. Defaults to
the current directory
-f,--code-offsets Add comments to the disassembly
containing the code offset for each address
-l,--use-locals Output the .locals directive with
the number of non-parameter
registers, rather than the .register
-o,--output <DIR> Directive with the total number of register
the directory where the disassembled
files will be placed. The default is out
-p,--no-parameter-registers Use the v<n> syntax instead of the
p<n> syntax for registers mapped to
method parameters
-r,--register-info <REGISTER_INFO_TYPES> Print the specificed type(s) of
register information for each
instruction. "ARGS,DEST" is the
default if no types are specified.
Valid values are:
ALL: all pre- and post-instruction registers.
ALLPRE: all pre-instruction registers
ALLPOST: all post-instruction registers
ARGS: any pre-instruction registers
used as arguments to the instruction
DEST: the post-instruction
destination register, if any
MERGE: Any pre-instruction register
has been merged from more than 1
different post-instruction register
from its predecessors
FULLMERGE: For each register that
would be printed by MERGE, also show
the incoming register types that
were merged
-s,--sequential-labels Create label names using a
sequential numbering scheme per
label type, rather than using the
bytecode address
-v,--version Prints the version then exits
-x,--deodex Deodex the given odex file. This
option is ignored if the input file
is not an odex file
2. smali 的幫助資訊
usage: java -jar smali.jar [options] [--] [<smali-file>|folder]*
assembles a set of smali files into a dex file
-?,--help prints the help message then exits. Specify twice for
debug options
-o,--output <FILE> the name of the dex file that will be written. The default
is out.dex
-v,--version prints the version then exits
3. auto-sign 的幫助資訊
SignApk.jar is a tool included with the Android platform source bundle.
testkey.pk8 is the private key that is compatible with the recovery image included in this zip file
testkey.x509.pem is the corresponding certificate/public key
Usage:
java -jar signapk.jar testkey.x509.pem testkey.pk8 update.zip update_signed.zip
4. apktool 的幫助資訊
Apktool v1.3.2 - a tool for reengineering Android apk files
Copyright 2010 Ryszard Wi?niewski <[email protected]>
Apache License 2.0 (http://www.apache.org/licenses/LICENSE-2.0)
Usage: apktool [-v|--verbose] COMMAND [...]
COMMANDs are:
d[ecode] [OPTS] <file.apk> [<dir>]
Decode <file.apk> to <dir>.
OPTS:
-s, --no-src
Do not decode sources.
-r, --no-res
Do not decode resources.
-d, --debug
Decode in debug mode. Check project page for more info.
-f, --force
Force delete destination directory.
-t <tag>, --frame-tag <tag>
Try to use framework files tagged by <tag>.
--keep-broken-res
Use if there was an error and some resources were dropped, e.g.:
"Invalid config flags detected. Dropping resources", but you
want to decode them anyway, even with errors. You will have to
fix them manually before building.
b[uild] [OPTS] [<app_path>] [<out_file>]
Build an apk from already decoded application located in <app_path>.
It will automatically detect, whether files was changed and perform
needed steps only.
If you omit <app_path> then current directory will be used.
If you omit <out_file> then <app_path>/dist/<name_of_original.apk>
will be used.
-f, --force-all
Skip changes detection and build all files.
Build in debug mode. Check project page for more info.
if|install-framework <framework.apk> [<tag>]
Install framework file to your system.
四、參考資料
1. Smali
<a href="http://code.google.com/p/smali/">http://code.google.com/p/smali/</a>
<a href="http://www.geeka.net/2010/05/android-apk-odex-classes-dex/">http://www.geeka.net/2010/05/android-apk-odex-classes-dex/</a>
2. ApkTool
<a href="http://code.google.com/p/android-apktool/">http://code.google.com/p/android-apktool/</a>
二、jar檔案轉為dex檔案
可以通過dx工具将jar包中所有的類打包編譯為一個名為classes.dex的檔案,然後通過aapt工具将classes.dex檔案重新添加到你的jar包中。指令格式為dx --dex --output=classes.dex destination.jar
aapt add destionation.jar classes.dex。這兩個工具都在android sdk目錄中的platform/tools目錄中,可提前将目錄加到環境變量中,友善執行。另外這兩個指令其實是個腳本檔案,在linux下執行的時候别忘了加上路徑,如:./dx or ./aapt,否則提示無法找到指令,或者将tools加入環境變量,就可以不用加路徑辨別了。具體的dx工具使用參數可在linux的指令行終端下輸入dx查詢。