Made by?李文栋??[email protected] 2010-12-13??Monday?于北京 一、反编译流程图 ?? ? ? ? ? ? ? ?? 准备工作 假设我的工作目录为?$AndroidDecompile,首先要将system.img中(或者说从源码中编译好的)几个重要的odex文件拷贝到工作目录中,他们是:core.odex, ext.odex, framework.odex, android.policy.odex, services.odex(也可以放在别的目录,通过设置BOOTCLASSPATH指定,默认就是当前目录,关于BOOTCLASSPATH请参考baksmali的帮助信息)。 ? 下载以下工具到?$AndroidDecompile中: Baksmali : http://code.google.com/p/smali/downloads/list ? Smali : http://code.google.com/p/smali/downloads/list ? Dex2jar : http://code.google.com/p/dex2jar/downloads/list ? JD-GUI (Java Decompile GUI) : http://java.decompiler.free.fr/?q=jdgui<!--[if !supportNestedAnchors]--><!--[endif]--> ? AutoSign : http://d.download.csdn.net/down/2768910/fjfdszj ? Apktool http://code.google.com/p/android-apktool/downloads/list ? 假设我们有一个应用,它的类文件编译后被单独拿了出来,即有两个文件app.apk和app.odex,把他们放在$AndroidDecompile下。 ? 1.?使用?baksmali.jar?将?odex?文件分解为?smali?文件 $ java –jar baksmali-1.2.5.jar –x app.odex 如果成功的话,会在?$AndroidDecompile下生成一个?out目录,里面是一些以“.smali”为后缀名的文件,在此不深究这些文件的作用。 ? 2.?使用?smali.jar将?out/目录下的smali文件转换为?classes.dex $ java -Xmx512M –jar smali-1.2.5.jar out –o classes.dex classes.dex便是Dalvik VM所使用的编译后的类文件格式,在正常的apk文件里都会有。 ? 3.?使用?dex2jar将classes.dex反编译为jar文件 将下载后的dex2jar压缩包解压后,里面会有dex2jar.sh(和dex2jar.bat)文件,假如classes.dex文件与dex2jar.sh在同一目录下,使用以下方式将classes.dex反编译为jar文件: $dex2jar.sh classes.dex 如果执行成功,则会在当前目录下生成反编译后的文件classes.dex.dex2jar.jar。 dex2jar即可以操作dex文件,也可以直接操作apk文件,它的使用规则为: dex2jar file1.dexORapk file2.dexORapk ... ? 4.?使用JD-GUI查看反编译后的jar文件 JD-GUI是一个可视化的Java反编译代码查看器,它可以实时的将class文件反编译成java文件进行查看。解压下载的jd-gui文件,执行目录中的jd-gui可执行文件启动,然后加载上一步中反编译好的classes.dex.dex2jar.jar文件即可。 ? 5.?将从odex反编译后的classes.dex与其他资源文件重新打包成一个完整的apk 以上我们假设的情况是应用程序编译后的类文件从apk文件中被剥离出来,下面要做的是如何将上述步骤中得到的classes.dex与apk中的其他文件重新打包成一个可用的apk。 首先将反编译后的classes.dex和原先的app.apk(不含classes.dex)重新压缩成一个完整的app.apk(apk文件可用压缩工具打开),也就是说将classes.dex放进app.apk中。 将下载的AutoSign文件解压,可以看到有signapk.jar(还有个Sign.bat)文件,执行以下命令给app.apk文件签名,就可以生成一个可以运行的apk文件了。 $ java -jar signapk.jar testkey.x509.pem testkey.pk8 app.apk app_signed.apk ? 6. apktool的使用 网上还有个工具是apktool,可以对apk进行解析,反编译资源文件,并将类文件解析成smali文件;同时还可以将解析后的文件重新打包成apk。功能和以上介绍的几个工具类似,它的使用方法如下: apktool d app.apk and????反编译?app.apk到文件夹and apktool b?app ???????????????从文件夹app重建APK,输出到ABC\dist\out.apk 具体的使用方法在此不再赘述,请参考官方网站,或者: http://www.geeka.net/2010/05/apktool-decode-android-google-code/ ? 7.?我的?$AndroidDecompile目录下的文件的截图 ? ? 三、一些工具的帮助信息 1. baksmali?的帮助信息 usage: java -jar baksmali.jar [options] <dex-file> disassembles and/or dumps a dex file ?-?,--help?????????????????????????????????Prints the help message then exits. ?-b,--no-debug-info?????????????????????????Specify twice for debug options ???????????????????????????don't write out debug info (.local, ???????????????????????????????????????????.param, .line, etc.) ?-c,--bootclasspath <BOOTCLASSPATH>??????The bootclasspath jars to use, for ???????????????????????????????????????????analysis. Defaults to ???????????????????????????????????????????core.jar:ext.jar:framework.jar:andro ???????????????????????????????????????????id.policy.jar:services.jar. If the ???????????????????????????????????????????value begins with a :, it will be ???????????????????????????????????????????appended to the default ???????????????????????????????????????????bootclasspath instead of replacing it ?-d,--bootclasspath-dir <DIR>????????????????The base folder to look for the ???????????????????????????????????????????bootclasspath files in. Defaults to ???????????????????????????????????????????the current directory ?-f,--code-offsets???????????????????????????Add comments to the disassembly ???????????????????????????????????????????containing the code offset for each address ?-l,--use-locals?????????????????????????????Output the .locals directive with ???????????????????????????????????????????the number of non-parameter ???????????????????????????????????????????registers, rather than the .register ?-o,--output <DIR>?????????????????????????Directive with the total number of??register ???????????????????????????????????????????the directory where the disassembled ???????????????????????????????????????????files will be placed. The default is out ?-p,--no-parameter-registers??????????????????Use the v<n> syntax instead of the ???????????????????????????????????????????p<n> syntax for registers mapped to ???????????????????????????????????????????method parameters ?-r,--register-info <REGISTER_INFO_TYPES>??Print the specificed type(s) of ???????????????????????????????????????????register information for each ???????????????????????????????????????????instruction. "ARGS,DEST" is the ???????????????????????????????????????????default if no types are specified. ???????????????????????????????????????????Valid values are: ???????????????????????????????????????????ALL: all pre- and post-instruction registers. ???????????????????????????????????????????ALLPRE: all pre-instruction registers ???????????????????????????????????????????ALLPOST: all post-instruction registers ???????????????????????????????????????????ARGS: any pre-instruction registers ???????????????????????????????????????????????used as arguments to the instruction ???????????????????????????????????????????DEST: the post-instruction ???????????????????????????????????????????????destination register, if any ???????????????????????????????????????????MERGE: Any pre-instruction register ???????????????????????????????????????????????has been merged from more than 1 ???????????????????????????????????????????????different post-instruction register ???????????????????????????????????????????????from its predecessors ???????????????????????????????????????????FULLMERGE: For each register that ?????????????????????????????????????????????would be printed by MERGE, also show ?????????????????????????????????????????????the incoming register types that ?????????????????????????????????????????????were merged ?-s,--sequential-labels???????????????????????Create label names using a ???????????????????????????????????????????sequential numbering scheme per ???????????????????????????????????????????label type, rather than using the ???????????????????????????????????????????bytecode address ?-v,--version???????????????????????????????Prints the version then exits ?-x,--deodex???????????????????????????????Deodex the given odex file. This ???????????????????????????????????????????option is ignored if the input file ???????????????????????????????????????????is not an odex file ? 2. smali?的帮助信息 usage: java -jar smali.jar [options] [--] [<smali-file>|folder]* assembles a set of smali files into a dex file ?-?,--help????????????prints the help message then exits. Specify twice for ??????????????????????debug options ?-o,--output <FILE>???the name of the dex file that will be written. The default ??????????????????????is out.dex ?-v,--version?????????prints the version then exits ? 3. auto-sign?的帮助信息 SignApk.jar is a tool included with the Android platform source bundle. testkey.pk8 is the private key that is compatible with the recovery image included in this zip file testkey.x509.pem is the corresponding certificate/public key ? Usage: java -jar signapk.jar testkey.x509.pem testkey.pk8 update.zip update_signed.zip ? 4. apktool?的帮助信息 Apktool v1.3.2 - a tool for reengineering Android apk files Copyright 2010 Ryszard Wi?niewski <[email protected]> Apache License 2.0 (http://www.apache.org/licenses/LICENSE-2.0) ? Usage: apktool [-v|--verbose] COMMAND [...] ? COMMANDs are: ? ????d[ecode] [OPTS] <file.apk> [<dir>] ????????Decode <file.apk> to <dir>. ? ????????OPTS: ? ????????-s, --no-src ????????????Do not decode sources. ????????-r, --no-res ????????????Do not decode resources. ????????-d, --debug ????????????Decode in debug mode. Check project page for more info. ????????-f, --force ????????????Force delete destination directory. ????????-t <tag>, --frame-tag <tag> ????????????Try to use framework files tagged by <tag>. ????????--keep-broken-res ????????????Use if there was an error and some resources were dropped, e.g.: ????????????"Invalid config flags detected. Dropping resources", but you ????????????want to decode them anyway, even with errors. You will have to ????????????fix them manually before building. ????b[uild] [OPTS] [<app_path>] [<out_file>] ????????Build an apk from already decoded application located in <app_path>. ? ????????It will automatically detect, whether files was changed and perform ????????needed steps only. ? ????????If you omit <app_path> then current directory will be used. ????????If you omit <out_file> then <app_path>/dist/<name_of_original.apk> ????????will be used. ? ????????OPTS: ? ????????-f, --force-all ????????????Skip changes detection and build all files. ????????-d, --debug ????????????Build in debug mode. Check project page for more info. ? ????if|install-framework <framework.apk> [<tag>] ????????Install framework file to your system. For additional info, see:?http://code.google.com/p/android-apktool/ 四、参考资料 1. Smali http://code.google.com/p/smali/ http://www.geeka.net/2010/05/android-apk-odex-classes-dex/ ? 2. ApkTool http://code.google.com/p/android-apktool/ http://www.geeka.net/2010/05/apktool-decode-android-google-code/
Android?反编译资料整理
二、工具使用方法(命令)
