将 DEX 反编译为 Java 源代码

How can one decompile Android DEX (VM bytecode) files into corresponding Java sourcecode?

转载于:https://stackoverflow.com/questions/1249973/decompiling-dex-into-java-sourcecode

csdnceshi75
衫裤跑路 There is a new cross plateform (java) and open source tool, that enable you to do that, just checkout bytecodeviewer : stackoverflow.com/a/36557898/795245
4 年多之前 回复
weixin_41568174
from.. This gem does all the work for you
4 年多之前 回复
csdnceshi79
python小菜 If you have money, buy jeb, otherwise use jadx, see here why
接近 5 年之前 回复
csdnceshi63
elliott.david Updated info is available on coders hub blog: coders-hub.com/2013/04/how-to-convert-apk-file-into-source.html
接近 5 年之前 回复
csdnceshi78
程序go Have a look here. You will get possible leads from there to move on.
接近 11 年之前 回复

17个回答

It's easy

Get these tools:

1) dex2jar to translate dex files to jar files

2) jd-gui to view the java files in the jar

The source code is quite readable as dex2jar makes some optimizations.

Procedure:

And here's the procedure on how to decompile:

Step 1:

Convert classes.dex in test_apk-debug.apk to test_apk-debug_dex2jar.jar

d2j-dex2jar.sh -f -o output_jar.jar apk_to_decompile.apk

Note: In the Windows machines all the .sh scripts are replaced by .bat scripts

dex2jar documentation

Step 2:

Open the jar in JD-GUI

The decompiled source

csdnceshi68
local-host linking related : stackoverflow.com/a/30875602/884674
2 年多之前 回复
weixin_41568127
?yb? why do you need the step 1? when you can just rename the .apk to .zip and open? But yes 2nd step is required as it is in compiled classes and we need to decompile to source code
3 年多之前 回复
csdnceshi80
胖鸭 '"*' is not recognized as an internal or external command,
大约 4 年之前 回复
weixin_41568134
MAO-EYE If you don't like using jd-gui for the interface, you can follow instructions to save the java file hierarchy to a folder of your choice: stackoverflow.com/a/1384652/198348
7 年多之前 回复
csdnceshi59
ℙℕℤℝ I agree with jmendeth, apktool is also the way to go if you want to decompile your apk, modify it and then recompile it. While using dex2jar and jd-gui the source are really readable but you can't recompile whitout some errors!
接近 8 年之前 回复
weixin_41568131
10.24 that depends. If the JARs are obfuscated and you want to do little modifications, Backsmali is the only way to go. Bonus! With APKTool you also get all the XMLs, images and other resources back. See my answer.
接近 8 年之前 回复
csdnceshi70
笑故挽风 The above sentence rang a bell - it seems to be a semi-quote from here: geeknizer.com/decompile-reverse-engineer-android-apk (or the other way around?). The linked articles briefly explains the above mentioned tools as well as Smali and APKTool.
8 年多之前 回复
weixin_41568126
乱世@小熊 The code I got back from JD-GUI was very odd (some activities were split up into multiple activities like Activity$1 Activity$2 etc). It took a little work to unscramble, but much less than starting all over!
大约 9 年之前 回复
weixin_41568184
叼花硬汉 hi, Will you please share the way you are going? I will be very thankful to you.
9 年多之前 回复
csdnceshi61
derek5. +1. I tried both Baksmali and Dex2jar. Dex2Jar+JD-Gui wins for giving you perfectly readable source code for most .dex files.
9 年多之前 回复

To clarify somewhat, there are two major paths you might take here depending on what you want to accomplish:

Decompile the Dalvik bytecode (dex) into readable Java source. You can do this easily with dex2jar and jd-gui, as fred mentions. The resulting source is useful to read and understand the functionality of an app, but will likely not produce 100% usable code. In other words, you can read the source, but you can't really modify and repackage it. Note that if the source has been obfuscated with proguard, the resulting source code will be substantially more difficult to untangle.

The other major alternative is to disassemble the bytecode to smali, an assembly language designed for precisely this purpose. I've found that the easiest way to do this is with apktool. Once you've got apktool installed, you can just point it at an apk file, and you'll get back a smali file for each class contained in the application. You can read and modify the smali or even replace classes entirely by generating smali from new Java source (to do this, you could compile your .java source to .class files with javac, then convert your .class files to .dex files with Android's dx compiler, and then use baksmali (smali disassembler) to convert the .dex to .smali files, as described in this question. There might be a shortcut here). Once you're done, you can easily package the apk back up with apktool again. Note that apktool does not sign the resulting apk, so you'll need to take care of that just like any other Android application.

If you go the smali route, you might want to try APK Studio, an IDE that automates some of the above steps to assist you with decompiling and recompiling an apk and installing it on a device.

In short, your choices are pretty much either to decompile into Java, which is more readable but likely irreversible, or to disassemble to smali, which is harder to read but much more flexible to make changes and repackage a modified app. Which approach you choose would depend on what you're looking to achieve.

Lastly, the suggestion of dare is also of note. It's a retargeting tool to convert .dex and .apk files to java .class files, so that they can be analyzed using typical java static analysis tools.

csdnceshi60
℡Wang Yan Very cool @Guntis. I'll add a note about that option.
接近 4 年之前 回复
csdnceshi62
csdnceshi62 vaibhavpandey.com/apkstudio is good for smali path.
接近 4 年之前 回复

I have used

  1. dex2jar + jd-gui
  2. javadecompilers.com
  3. enjarify
  4. Apktool

But none beats google's own tools

1)Android Studio 2.x: build> analyze apk enter image description here

2)Android Studio 3.0: Profile or Debug APK enter image description here enter image description here

csdnceshi61
derek5. Plus one for Enjarify. In my personal experience, it has proven to give better results as compared to d2j
接近 2 年之前 回复

Once you downloaded your APK file , You need to do the following steps to get a editable java code/document.

  1. Convert your apk file to zip (while start your download don't go with "save" option , just go with "save as" and mention your extension as .zip) by doing like this you may avoid APKTOOL...
  2. Extract the zip file , there you can find somefilename.dex. so now we need to convert dex -> .class
  3. To do that, you need "dex2jar"(you can download it from http://code.google.com/p/dex2jar/ , after extracted, in command prompt you have to mention like, [D:\dex2jar-0.09>dex2jar somefilename.dex] (Keep in mind that your somefilename.dex must be inside the same folder where you have keep your dex2jar.)
  4. Download jad from http://www.viralpatel.net/blogs/download/jad/jad.zip and extract it. Once extracted you can see two files like "jad.exe" and "Readme.txt" (sometimes "jad.txt" may there instead of "jad.exe", so just rename its extension as.exe to run)
  5. Finally, in command prompt you have to mention like [D:\jad>jad -sjava yourfilename.class] it will parse your class file into editable java document.
weixin_41568110
七度&光 the Jad download link doesn't work. Try with: varaneckas.com/jad
接近 6 年之前 回复

You might try JADX (https://bitbucket.org/mstrobel/procyon/wiki/Java%20Decompiler), this is a perfect tool for DEX decompilation.

And yes, it is also available online on (my :0)) new site: http://www.javadecompilers.com/apk/

Easiest method to decompile an android app is to download an app named ShowJava from playstore . Just select the application that needs to be decompiled from the list of applications. There are three different decompiler you can use to decompile an app namely -

CFR 0.110, JaDX 0.6.1 or FernFlower (analytical decompiler) .

Recent Debian have Python package androguard:

Description-en: full Python tool to play with Android files
 Androguard is a full Python tool to play with Android files.
  * DEX, ODEX
  * APK
  * Android's binary xml
  * Android resources
  * Disassemble DEX/ODEX bytecodes
  * Decompiler for DEX/ODEX files

Install corresponding packages:

sudo apt-get install androguard python-networkx

Decompile DEX file:

$ androdd -i classes.dex -o ./dir-for-output

Extract classes.dex from Apk + Decompile:

$ androdd -i app.apk -o ./dir-for-output

Apk file is nothing more that Java archive (JAR), you may extract files from archive via:

$ unzip app.apk -d ./dir-for-output

A more complete version of fred's answer:

Manual way

First you need a tool to extract all the (compiled) classes on the DEX to a JAR.
There's one called dex2jar, which is made by a chinese student.

Then, you can use jd-gui to decompile the classes on the JAR to source code.
The resulting source should be quite readable, as dex2jar applies some optimizations.

Automatic way

You can use APKTool. It will automatically extract all the classes (.dex), resources (.asrc), then it will convert binary XML to human-readable XML, and it will also dissassemble the classes for you.
Disassembly will always be more robust than decompiling, especially with
JARs obfuscated with Pro Guard!

Just tell APKTool to decode the APK into a directory, then modify what you want,
and finally encode it back to an APK. That's all.

Important: APKTool dissassembles. It doesn't decompile.
The generated code won't be Java source.
But you should be able to read it, and even edit it if you're familiar with jasmin.
If you want Java source, please go over the Manual way.

Sometimes you get broken code, when using dex2jar/apktool, most notably in loops. To avoid this, use jadx, which decompiles dalvik bytecode into java source code, without creating a .jar/.class file first as dex2jar does (apktool uses dex2jar I think). It is also open-source and in active development. It even has a GUI, for GUI-fanatics. Try it!

csdnceshi72
谁还没个明天 This answer makes it sound like it doesn't ever use the dex2jar tool, but instead decompiles directly from dex to java source code. Is that really the case? If so, then how is it also able to open normal desktop jar files? (just tried and it works) Does it have a separate decompiler for dex and jars?
3 年多之前 回复
csdnceshi52
妄徒之命 Death penalty for you, you monster!
接近 4 年之前 回复
weixin_41568196
撒拉嘿哟木头 I have no idea how I unintentionally managed to downvote your answer. Now I can't remove it. Sorry for that.
接近 4 年之前 回复
csdnceshi52
妄徒之命 Well you can help implement that - otherwise you could use apktool for that.. or zipalign/sign with the android tools
接近 5 年之前 回复
csdnceshi54
hurriedly% how about forming an apk ? placing classes in apk, zipalign, signing etc.
接近 5 年之前 回复
csdnceshi52
妄徒之命 you mean like javac "$(find . -name '*.java')" ?
接近 5 年之前 回复
csdnceshi54
hurriedly% I suppose jadx doesn't have compile option but the code is readable though
接近 5 年之前 回复
weixin_41568208
北城已荒凉 Worked like charm.
大约 5 年之前 回复

I'd actually recommend going here: https://github.com/JesusFreke/smali

It provides BAKSMALI, which is a most excellent reverse-engineering tool for DEX files. It's made by JesusFreke, the guy who created the fameous ROMs for Android.

csdnceshi63
elliott.david Code, code, code, ... Why only code? If you use APKTool you get everything back! And it's as simple as ./apktool d myprogram.apk. See my answer.
接近 8 年之前 回复
csdnceshi63
elliott.david There are no tools capable of doing that. See this question for more info.
8 年多之前 回复
weixin_41568184
叼花硬汉 smali is an assembly-like language based on dalvik IL, it cannot be directly translated to Java.
9 年多之前 回复
csdnceshi51
旧行李 Is there any way convert smali files to java code?
9 年多之前 回复
共17条数据 1 尾页
Csdn user default icon
上传中...
上传图片
插入图片
抄袭、复制答案,以达到刷声望分或其他目的的行为,在CSDN问答是严格禁止的,一经发现立刻封号。是时候展现真正的技术了!
立即提问