前往Shuct.Net首页

Shudepb PB反编译专家长时间以来,为业内同类软件事实上的唯一选择.细节,彰显专业.态度,决定品质.

关于反编译的搜索

Android 反编译资料整理 - 美帝亡我之心不死,腐败终成抽心一烂。 - ITeye技术网站 首页 资讯 精华 论坛 问答 博客 专栏 群组 更多 ▼ 招聘 搜索 您还未登录 ! 登录 注册 美帝亡我之心不死,腐败终成抽心一烂。 博客 微博 相册 收藏 留言 关于我 rayleeya Android 反编译资料整理 博客分类: Android AndroidGoogleEXTGmail.net ? Android 反编译资料整理 Made by 李文栋? rayleeya@gmail.com 2010-12-13? Monday 于北京 一、反编译流程图 ?? ? ? ? ? ? ? ?? 二、工具使用方法(命令) 准备工作 假设我的工作目录为 $AndroidDecompile,首先要将system.img中(或者说从源码中编译好的)几个重要的odex文件拷贝到工作目录中,他们是:core.odex, ext.odex, framework.odex, android.policy.odex, services.odex(也可以放在别的目录,通过设置BOOTCLASSPATH指定,默认就是当前目录,关于BOOTCLASSPATH请参考baksmali的帮助信息)。 ? 下载以下工具到 $AndroidDecompile中: Baksmali : http://code.google.com/p/smali/downloads/list ? Smali : http://code.google.com/p/smali/downloads/list ? Dex2jar : http://code.google.com/p/dex2jar/downloads/list ? JD-GUI (Java Decompile GUI) : http://java.decompiler.free.fr/?q=jdgui<!--[if !supportNestedAnchors]--><!--[endif]--> ? AutoSign : http://d.download.csdn.net/down/2768910/fjfdszj ? Apktool http://code.google.com/p/android-apktool/downloads/list ? 假设我们有一个应用,它的类文件编译后被单独拿了出来,即有两个文件app.apk和app.odex,把他们放在 $AndroidDecompile下。 ? 1. 使用 baksmali.jar 将 odex 文件分解为 smali 文件 $ java –jar baksmali-1.2.5.jar –x app.odex 如果成功的话,会在 $AndroidDecompile下生成一个 out目录,里面是一些以“.smali”为后缀名的文件,在此不深究这些文件的作用。 ? 2. 使用 smali.jar将 out/目录下的smali文件转换为 classes.dex $ java -Xmx512M –jar smali-1.2.5.jar out –o classes.dex classes.dex便是Dalvik VM所使用的编译后的类文件格式,在正常的apk文件里都会有。 ? 3. 使用 dex2jar将classes.dex反编译为jar文件 将下载后的dex2jar压缩包解压后,里面会有dex2jar.sh(和dex2jar.bat)文件,假如classes.dex文件与dex2jar.sh在同一目录下,使用以下方式将classes.dex反编译为jar文件: $dex2jar.sh classes.dex 如果执行成功,则会在当前目录下生成反编译后的文件classes.dex.dex2jar.jar。 dex2jar即可以操作dex文件,也可以直接操作apk文件,它的使用规则为: dex2jar file1.dexORapk file2.dexORapk ... ? 4. 使用JD-GUI查看反编译后的jar文件 JD-GUI是一个可视化的Java反编译代码查看器,它可以实时的将class文件反编译成java文件进行查看。解压下载的jd-gui文件,执行目录中的jd-gui可执行文件启动,然后加载上一步中反编译好的classes.dex.dex2jar.jar文件即可。 ? 5. 将从odex反编译后的classes.dex与其他资源文件重新打包成一个完整的apk 以上我们假设的情况是应用程序编译后的类文件从apk文件中被剥离出来,下面要做的是如何将上述步骤中得到的classes.dex与apk中的其他文件重新打包成一个可用的apk。 首先将反编译后的classes.dex和原先的app.apk(不含classes.dex)重新压缩成一个完整的app.apk(apk文件可用压缩工具打开),也就是说将classes.dex放进app.apk中。 将下载的AutoSign文件解压,可以看到有signapk.jar(还有个Sign.bat)文件,执行以下命令给app.apk文件签名,就可以生成一个可以运行的apk文件了。 $ java -jar signapk.jar testkey.x509.pem testkey.pk8 app.apk app_signed.apk ? 6. apktool的使用 网上还有个工具是apktool,可以对apk进行解析,反编译资源文件,并将类文件解析成smali文件;同时还可以将解析后的文件重新打包成apk。功能和以上介绍的几个工具类似,它的使用方法如下: apktool d app.apk and????反编译 app.apk到文件夹and apktool b?app ???????????????从文件夹app重建APK,输出到ABC\dist\out.apk 具体的使用方法在此不再赘述,请参考官方网站,或者: http://www.geeka.net/2010/05/apktool-decode-android-google-code/ ? 7. 我的 $AndroidDecompile目录下的文件的截图 ? ? 三、一些工具的帮助信息 1. baksmali 的帮助信息 usage: java -jar baksmali.jar [options] <dex-file> disassembles and/or dumps a dex file ?-?,--help???????????????????????????????? Prints the help message then exits. ?-b,--no-debug-info ????????????????????????Specify twice for debug options ???????????????????????? ??don't write out debug info (.local, ????????????????????????????????????????? ?.param, .line, etc.) ?-c,--bootclasspath <BOOTCLASSPATH>????? The bootclasspath jars to use, for ?????????????????????????????????????????? analysis. Defaults to ?????????????????????????????????????????? core.jar:ext.jar:framework.jar:andro ?????????????????????????????????????????? id.policy.jar:services.jar. If the ?????????????????????????????????????????? value begins with a :, it will be ?????????????????????????????????????????? appended to the default ?????????????????????????????????????????? bootclasspath instead of replacing it ?-d,--bootclasspath-dir <DIR>?????????????? ?The base folder to look for the ?????????????????????????????? ????????????bootclasspath files in. Defaults to ?????????????????????????????????????????? the current directory ?-f,--code-offsets????????????????????????? ?Add comments to the disassembly ?????????????????????????????????????????? containing the code offset for each address ?-l,--use-locals??????????????????????????? ?Output the .locals directive with ?????????????????????????????????????????? the number of non-parameter ?????????????????????????????????????????? registers, rather than the .register ?-o,--output <DIR>?????????????????????? ??Directive with the total number of? register ?????????????????????????? ????????????????the directory where the disassembled ?????????????????????????????????????? ????files will be placed. The default is out ?-p,--no-parameter-registers??????????????? ??Use the v<n> syntax instead of the ?????????????????????????????????????????? p<n> syntax for registers mapped to ?????????????????????????????????????????? method parameters ?-r,--register-info <REGISTER_INFO_TYPES> ?Print the specificed type(s) of ?????????????????????????????????????????? register information for each ?????????????????????????????????????????? instruction. "ARGS,DEST" is the ?????????????????????????????????????????? default if no types are specified. ?????????????????????????????????????????? Valid values are: ?????????????????????????????????????????? ALL: all pre- and post-instruction registers. ?????????????????????????????????????????? ALLPRE: all pre-instruction registers ??????????????????????? ???????????????????ALLPOST: all post-instruction registers ?????????????????????????????????????????? ARGS: any pre-instruction registers ?????????????????????????????????????????? ????used as arguments to the instruction ????????????????????????????????? ?????????DEST: the post-instruction ??????????????????????????????????????????? ???destination register, if any ?????????????????????????????????????????? MERGE: Any pre-instruction register ??????????????????????????????????????????? ???has been merged from more than 1 ??????????????????????????????????????????? ???different post-instruction register ??????????????????????????????????????????? ???from its predecessors ?????????????????????????????????????????? FULLMERGE: For each register that ??????????? ?????????????????????????????????would be printed by MERGE, also show ??????????????????????????????????????????? ?the incoming register types that ??????????????????????????????????????????? ?were merged ?-s,--sequential-labels???????????????????? ??Create label names using a ?????????????????????????????????????????? sequential numbering scheme per ?????????????????????????????????????????? label type, rather than using the ?????????????????????????????????????????? bytecode address ?-v,--version???????? ??????????????????????Prints the version then exits ?-x,--deodex?????????????????????????????? Deodex the given odex file. This ?????????????????????????????????????????? option is ignored if the input file ?????????????????????????????????????????? is not an odex file ? 2. smali 的帮助信息 usage: java -jar smali.jar [options] [--] [<smali-file>|folder]* assembles a set of smali files into a dex file ?-?,--help??????????? prints the help message then exits. Specify twice for ????????????????????? debug options ?-o,--output <FILE>?? the name of the dex file that will be written. The default ????????????????????? is out.dex ?-v,--version???????? prints the version then exits ? 3. auto-sign 的帮助信息 SignApk.jar is a tool included with the Android platform source bundle. testkey.pk8 is the private key that is compatible with the recovery image included in this zip file testkey.x509.pem is the corresponding certificate/public key ? Usage: java -jar signapk.jar testkey.x509.pem testkey.pk8 update.zip update_signed.zip ? 4. apktool 的帮助信息 Apktool v1.3.2 - a tool for reengineering Android apk files Copyright 2010 Ryszard Wi?niewski <brut.alll@gmail.com> Apache License 2.0 (http://www.apache.org/licenses/LICENSE-2.0) ? Usage: apktool [-v|--verbose] COMMAND [...] ? COMMANDs are: ? ??? d[ecode] [OPTS] <file.apk> [<dir>] ??????? Decode <file.apk> to <dir>. ? ??????? OPTS: ? ??????? -s, --no-src ??????????? Do not decode sources. ??????? -r, --no-res ??????????? Do not decode resources. ??????? -d, --debug ??????????? Decode in debug mode. Check project page for more info. ??????? -f, --force ??????????? Force delete destination directory. ??????? -t <tag>, --frame-tag <tag> ??????????? Try to use framework files tagged by <tag>. ??????? --keep-broken-res ??????????? Use if there was an error and some resources were dropped, e.g.: ??????????? "Invalid config flags detected. Dropping resources", but you ??????????? want to decode them anyway, even with errors. You will have to ??????????? fix them manually before building. ??? b[uild] [OPTS] [<app_path>] [<out_file>] ??????? Build an apk from already decoded application located in <app_path>. ? ??????? It will automatically detect, whether files was changed and perform ??????? needed steps only. ? ??????? If you omit <app_path> then current directory will be used. ??????? If you omit <out_file> then <app_path>/dist/<name_of_original.apk> ??????? will be used. ? ??????? OPTS: ? ??????? -f, --force-all ??????????? Skip changes detection and build all files. ??????? -d, --debug ??????????? Build in debug mode. Check project page for more info. ? ??? if|install-framework <framework.apk> [<tag>] ??????? Install framework file to your system. For additional info, see: http://code.google.com/p/android-apktool/ 四、参考资料 1. Smali http://code.google.com/p/smali/ http://www.geeka.net/2010/05/android-apk-odex-classes-dex/ ? 2. ApkTool http://code.google.com/p/android-apktool/ http://www.geeka.net/2010/05/apktool-decode-android-google-code/ 2 顶0 踩 分享到: 三阶魔方花式手法 | [转]Android 设计思想 2010-12-13 19:01 浏览 6421 评论(0) 分类:移动开发 相关推荐 评论 发表评论 您还没有登录,请您登录后再发表评论 rayleeya 浏览: 115976 次 性别: 来自: 北京 最近访客 更多访客>> dp543831577 gybin lyg881106 foxerfly 文章分类 全部博客 (49) Java (3) Spring (1) Hibernate (1) Design Pattern (1) algorithm (2) Feeling (5) Git (3) 魔兽争霸 (1) Android (21) 娱乐 (1) 移动开发 (8) 社区版块 我的资讯 (0) 我的论坛 (49) 我的问答 (55) 存档分类 2013-10 (7) 2012-11 (1) 2012-03 (2) 更多存档... 评论排行榜 【原创】Android 系统稳定性 - ANR(三) 最新评论 wynney: 求ANR全文的PDF 【原创】Android 系统稳定性 - ANR(三) fengzhongdeshu: ... [Android] 内存泄漏调试经验分享 (二) yangjie_intel: 你的感觉是对的! 发现一个Spring AOP: ControlFlowPointcut 的缺陷 renfujiang: Cause GC 不出现视图啊 [Android] 内存泄漏调试经验分享 (二) rayleeya: chenpeilei2003 写道你好, 我在代码里加入了下面 ... [Android] 内存泄漏调试经验分享 (二) 声明:ITeye文章版权属于作者,受法律保护。没有作者书面许可不得转载。若作者同意转载,必须以超链接形式标明文章原始出处和作者。 &copy; 2003-2012 ITeye.com. All rights reserved. [ 京ICP证110151号 京公网安备110105010620 ]