一、反编译流程图
?? ? ? ? ? ? ? ??
二、工具使用方法(命令)
准备工作
假设我的工作目录为 $AndroidDecompile,首先要将system.img中(或者说从源码中编译好的)几个重要的odex文件拷贝到工作目录中,他们是:core.odex, ext.odex,framework.odex, android.policy.odex, services.odex(也可以放在别的目录,通过设置BOOTCLASSPATH指定,默认就是当前目录,关于BOOTCLASSPATH请参考baksmali的帮助信息)。
?
下载以下工具到 $AndroidDecompile中:
Baksmali :
http://code.google.com/p/smali/downloads/list
?
Smali :
http://code.google.com/p/smali/downloads/list
?
Dex2jar :
http://code.google.com/p/dex2jar/downloads/list
?
JD-GUI (Java Decompile GUI) :
http://java.decompiler.free.fr/?q=jdgui<!--[if !supportNestedAnchors]--><!--[endif]-->
?
AutoSign :
http://d.download.csdn.net/down/2768910/fjfdszj
?
Apktool
http://code.google.com/p/android-apktool/downloads/list
?
假设我们有一个应用,它的类文件编译后被单独拿了出来,即有两个文件app.apk和app.odex,把他们放在 $AndroidDecompile下。
?
1. 使用 baksmali.jar 将 odex 文件分解为 smali 文件
$ java –jar baksmali-1.2.5.jar–x app.odex
如果成功的话,会在 $AndroidDecompile下生成一个 out目录,里面是一些以“.smali”为后缀名的文件,在此不深究这些文件的作用。
?
2. 使用 smali.jar将 out/目录下的smali文件转换为 classes.dex
$ java -Xmx512M –jarsmali-1.2.5.jar out –o classes.dex
classes.dex便是Dalvik VM所使用的编译后的类文件格式,在正常的apk文件里都会有。
?
3. 使用 dex2jar将classes.dex反编译为jar文件
将下载后的dex2jar压缩包解压后,里面会有dex2jar.sh(和dex2jar.bat)文件,假如classes.dex文件与dex2jar.sh在同一目录下,使用以下方式将classes.dex反编译为jar文件:
$dex2jar.bat classes.dex
如果执行成功,则会在当前目录下生成反编译后的文件classes.dex.dex2jar.jar。
dex2jar即可以操作dex文件,也可以直接操作apk文件,它的使用规则为:
dex2jar file1.dexORapk file2.dexORapk ...
?
4. 使用JD-GUI查看反编译后的jar文件
JD-GUI是一个可视化的Java反编译代码查看器,它可以实时的将class文件反编译成java文件进行查看。解压下载的jd-gui文件,执行目录中的jd-gui可执行文件启动,然后加载上一步中反编译好的classes.dex.dex2jar.jar文件即可。
?
5. 将从odex反编译后的classes.dex与其他资源文件重新打包成一个完整的apk
以上我们假设的情况是应用程序编译后的类文件从apk文件中被剥离出来,下面要做的是如何将上述步骤中得到的classes.dex与apk中的其他文件重新打包成一个可用的apk。
首先将反编译后的classes.dex和原先的app.apk(不含classes.dex)重新压缩成一个完整的app.apk(apk文件可用压缩工具打开),也就是说将classes.dex放进app.apk中。
将下载的AutoSign文件解压,可以看到有signapk.jar(还有个Sign.bat)文件,执行以下命令给app.apk文件签名,就可以生成一个可以运行的apk文件了。
$ java -jar signapk.jar testkey.x509.pem testkey.pk8 app.apkapp_signed.apk
?
6.apktool的使用
网上还有个工具是apktool,可以对apk进行解析,反编译资源文件,并将类文件解析成smali文件;同时还可以将解析后的文件重新打包成apk。功能和以上介绍的几个工具类似,它的使用方法如下:
apktool d app.apk and????反编译 app.apk到文件夹and
apktool b?app ???????????????从文件夹app重建APK,输出到ABC\dist\out.apk
具体的使用方法在此不再赘述,请参考官方网站,或者:
http://www.geeka.net/2010/05/apktool-decode-android-google-code/
?
7. 我的 $AndroidDecompile目录下的文件的截图
?
?
三、一些工具的帮助信息
1.baksmali 的帮助信息
usage: java -jar baksmali.jar [options]<dex-file>
disassembles and/or dumps a dex file
?-?,--help???????????????????????????????? Prints thehelp message then exits.
?-b,--no-debug-info ????????????????????????Specify twice for debugoptions
???????????????????????? ??don't write out debug info (.local,
????????????????????????????????????????? ?.param, .line, etc.)
?-c,--bootclasspath <BOOTCLASSPATH>????? The bootclasspath jars to use, for
?????????????????????????????????????????? analysis.Defaults to
??????????????????????????????????????????core.jar:ext.jar:framework.jar:andro
??????????????????????????????????????????id.policy.jar:services.jar. If the
??????????????????????????????????????????value begins with a :, it will be
??????????????????????????????????????????appended to the default
??????????????????????????????????????????bootclasspath instead of replacing it
?-d,--bootclasspath-dir <DIR>?????????????? ?The base folder to look for the
?????????????????????????????? ????????????bootclasspath files in. Defaults to
?????????????????????????????????????????? thecurrent directory
?-f,--code-offsets????????????????????????? ?Add comments to the disassembly
??????????????????????????????????????????containing the code offset for each address
?-l,--use-locals??????????????????????????? ?Output the .locals directive with
?????????????????????????????????????????? thenumber of non-parameter
??????????????????????????????????????????registers, rather than the .register
?-o,--output<DIR>?????????????????????? ??Directivewith the total number of? register
?????????????????????????? ????????????????the directory where thedisassembled
?????????????????????????????????????? ????files will be placed. The default is out
?-p,--no-parameter-registers??????????????? ??Use the v<n> syntax instead of the
??????????????????????????????????????????p<n> syntax for registers mapped to
??????????????????????????????????????????method parameters
?-r,--register-info <REGISTER_INFO_TYPES>?Print the specificed type(s) of
??????????????????????????????????????????register information for each
??????????????????????????????????????????instruction. "ARGS,DEST" is the
??????????????????????????????????????????default if no types are specified.
??????????????????????????????????????????Valid values are:
?????????????????????????????????????????? ALL:all pre- and post-instruction registers.
??????????????????????????????????????????ALLPRE: all pre-instruction registers
??????????????????????? ???????????????????ALLPOST: allpost-instruction registers
??????????????????????????????????????????ARGS: any pre-instruction registers
?????????????????????????????????????????? ????used as arguments to the instruction
????????????????????????????????? ?????????DEST: the post-instruction
??????????????????????????????????????????? ???destination register, if any
??????????????????????????????????????????MERGE: Any pre-instruction register
??????????????????????????????????????????? ???has been merged from more than 1
??????????????????????????????????????????? ???different post-instruction register
??????????????????????????????????????????? ???from its predecessors
??????????????????????????????????????????FULLMERGE: For each register that
????????????????????????????????????????????would be printed by MERGE, also show
??????????????????????????????????????????? ?the incoming register types that
??????????????????????????????????????????? ?were merged
?-s,--sequential-labels???????????????????? ??Create label names using a
??????????????????????????????????????????sequential numbering scheme per
??????????????????????????????????????????label type, rather than using the
??????????????????????????????????????????bytecode address
?-v,--version???????? ??????????????????????Prints the version thenexits
?-x,--deodex?????????????????????????????? Deodex the givenodex file. This
??????????????????????????????????????????option is ignored if the input file
?????????????????????????????????????????? isnot an odex file
?
2.smali 的帮助信息
usage: java -jar smali.jar [options] [--][<smali-file>|folder]*
assembles a set of smali files into a dexfile
?-?,--help??????????? prints the help message then exits.Specify twice for
????????????????????? debug options
?-o,--output <FILE>?? the name of the dex file that will bewritten. The default
????????????????????? is out.dex
?-v,--version???????? prints the version then exits
?
3.auto-sign 的帮助信息
SignApk.jar is a tool included withthe Android platform source bundle.
testkey.pk8 is the private key thatis compatible with the recovery image included in this zip file
testkey.x509.pem is thecorresponding certificate/public key
?
Usage:
java -jar signapk.jar testkey.x509.pemtestkey.pk8 update.zip update_signed.zip
?
4.apktool 的帮助信息
Apktool v1.3.2- a tool for reengineering Android apk files
Copyright 2010 Ryszard Wi?niewski<[email protected]>
Apache License 2.0(http://www.apache.org/licenses/LICENSE-2.0)
?
Usage: apktool [-v|--verbose] COMMAND [...]
?
COMMANDs are:
?
???d[ecode] [OPTS] <file.apk> [<dir>]
???????Decode <file.apk> to <dir>.
?
???????OPTS:
?
???????-s, --no-src
???????????Do not decode sources.
???????-r, --no-res
???????????Do not decode resources.
???????-d, --debug
???????????Decode in debug mode. Check project page for more info.
???????-f, --force
???????????Force delete destination directory.
???????-t <tag>, --frame-tag <tag>
???????????Try to use framework files tagged by <tag>.
???????--keep-broken-res
???????????Use if there was an error and some resources were dropped, e.g.:
???????????"Invalid config flags detected. Dropping resources", but you
???????????want to decode them anyway, even with errors. You will have to
???????????fix them manually before building.
???b[uild] [OPTS] [<app_path>] [<out_file>]
???????Build an apk from already decoded application located in<app_path>.
?
???????It will automatically detect, whether files was changed and perform
???????needed steps only.
?
???????If you omit <app_path> then current directory will be used.
???????If you omit <out_file> then<app_path>/dist/<name_of_original.apk>
???????will be used.
?
???????OPTS:
?
???????-f, --force-all
???????????Skip changes detection and build all files.
???????-d, --debug
???????????Build in debug mode. Check project page for more info.
?
???if|install-framework <framework.apk> [<tag>]
???????Install framework file to your system.
For additional info, see: http://code.google.com/p/android-apktool/