Chinaunix首页 | 论坛 | 博客
  • 博客访问: 579657
  • 博文数量: 192
  • 博客积分: 3780
  • 博客等级: 中校
  • 技术积分: 1487
  • 用 户 组: 普通用户
  • 注册时间: 2010-08-26 10:11
文章存档

2012年(6)

2011年(160)

2010年(26)

分类: Java

2011-11-07 14:30:12

一、反编译流程图

                 

二、工具使用方法(命令)

准备工作

假设我的工作目录为 $AndroidDecompile,首先要将system.img中(或者说从源码中编译好的)几个重要的odex文件拷贝到工作目录中,他们是:core.odex, ext.odex, framework.odex, android.policy.odex, services.odex(也可以放在别的目录,通过设置BOOTCLASSPATH指定,默认就是当前目录,关于BOOTCLASSPATH请参考baksmali的帮助信息)。

 

下载以下工具到 $AndroidDecompile中:

Baksmali :

 

Smali :

 

Dex2jar :

 

JD-GUI (Java Decompile GUI) :

 

AutoSign :

 

Apktool

 

假设我们有一个应用,它的类文件编译后被单独拿了出来,即有两个文件app.apkapp.odex,把他们放在$AndroidDecompile下。

 

1. 使用 baksmali.jar  odex 文件分解为 smali 文件

$ java –jar baksmali-1.2.5.jar –x app.odex

如果成功的话,会在 $AndroidDecompile下生成一个 out目录,里面是一些以“.smali”为后缀名的文件,在此不深究这些文件的作用。

 

2. 使用 smali.jar out/目录下的smali文件转换为 classes.dex

$ java -Xmx512M –jar smali-1.2.5.jar out –o classes.dex

classes.dex便是Dalvik VM所使用的编译后的类文件格式,在正常的apk文件里都会有。

 

3. 使用 dex2jarclasses.dex反编译为jar文件

将下载后的dex2jar压缩包解压后,里面会有dex2jar.sh(dex2jar.bat)文件,假如classes.dex文件与dex2jar.sh在同一目录下,使用以下方式将classes.dex反编译为jar文件:

$dex2jar.sh classes.dex

如果执行成功,则会在当前目录下生成反编译后的文件classes.dex.dex2jar.jar

dex2jar即可以操作dex文件,也可以直接操作apk文件,它的使用规则为:

dex2jar file1.dexORapk file2.dexORapk ...

 

4. 使用JD-GUI查看反编译后的jar文件

JD-GUI是一个可视化的Java反编译代码查看器,它可以实时的将class文件反编译成java文件进行查看。解压下载的jd-gui文件,执行目录中的jd-gui可执行文件启动,然后加载上一步中反编译好的classes.dex.dex2jar.jar文件即可。

 

5. 将从odex反编译后的classes.dex与其他资源文件重新打包成一个完整的apk

以上我们假设的情况是应用程序编译后的类文件从apk文件中被剥离出来,下面要做的是如何将上述步骤中得到的classes.dexapk中的其他文件重新打包成一个可用的apk

首先将反编译后的classes.dex和原先的app.apk(不含classes.dex)重新压缩成一个完整的app.apkapk文件可用压缩工具打开),也就是说将classes.dex放进app.apk中。

将下载的AutoSign文件解压,可以看到有signapk.jar(还有个Sign.bat)文件,执行以下命令给app.apk文件签名,就可以生成一个可以运行的apk文件了。

$ java -jar signapk.jar testkey.x509.pem testkey.pk8 app.apk app_signed.apk

 

6. apktool的使用

网上还有个工具是apktool,可以对apk进行解析,反编译资源文件,并将类文件解析成smali文件;同时还可以将解析后的文件重新打包成apk。功能和以上介绍的几个工具类似,它的使用方法如下:

apktool d app.apk and    反编译 app.apk到文件夹and

apktool b app                从文件夹app重建APK,输出到ABC\dist\out.apk

具体的使用方法在此不再赘述,请参考官方网站,或者:

 

7. 我的 $AndroidDecompile目录下的文件的截图

 

 

三、一些工具的帮助信息

1. baksmali 的帮助信息

usage: java -jar baksmali.jar [options]

disassembles and/or dumps a dex file

 -?,--help                                 Prints the help message then exits.

 -b,--no-debug-info                         Specify twice for debug options

                           don't write out debug info (.local,

                                           .param, .line, etc.)

 -c,--bootclasspath       The bootclasspath jars to use, for

                                           analysis. Defaults to

                                           core.jar:ext.jar:framework.jar:andro

                                           id.policy.jar:services.jar. If the

                                           value begins with a :, it will be

                                           appended to the default

                                           bootclasspath instead of replacing it

 -d,--bootclasspath-dir

                The base folder to look for the

                                           bootclasspath files in. Defaults to

                                           the current directory

 -f,--code-offsets                           Add comments to the disassembly

                                           containing the code offset for each address

 -l,--use-locals                             Output the .locals directive with

                                           the number of non-parameter

                                           registers, rather than the .register

 -o,--output

                         Directive with the total number of  register

                                           the directory where the disassembled

                                           files will be placed. The default is out

 -p,--no-parameter-registers                  Use the v syntax instead of the

                                           p syntax for registers mapped to

                                           method parameters

 -r,--register-info   Print the specificed type(s) of

                                           register information for each

                                           instruction. "ARGS,DEST" is the

                                           default if no types are specified.

                                           Valid values are:

                                           ALL: all pre- and post-instruction registers.

                                           ALLPRE: all pre-instruction registers

                                           ALLPOST: all post-instruction registers

                                           ARGS: any pre-instruction registers

                                               used as arguments to the instruction

                                           DEST: the post-instruction

                                               destination register, if any

                                           MERGE: Any pre-instruction register

                                               has been merged from more than 1

                                               different post-instruction register

                                               from its predecessors

                                           FULLMERGE: For each register that

                                             would be printed by MERGE, also show

                                             the incoming register types that

                                             were merged

 -s,--sequential-labels                       Create label names using a

                                           sequential numbering scheme per

                                           label type, rather than using the

                                           bytecode address

 -v,--version                               Prints the version then exits

 -x,--deodex                               Deodex the given odex file. This

                                           option is ignored if the input file

                                           is not an odex file

 

2. smali 的帮助信息

usage: java -jar smali.jar [options] [--] [|folder]*

assembles a set of smali files into a dex file

 -?,--help            prints the help message then exits. Specify twice for

                      debug options

 -o,--output    the name of the dex file that will be written. The default

                      is out.dex

 -v,--version         prints the version then exits

 

3. auto-sign 的帮助信息

SignApk.jar is a tool included with the Android platform source bundle.

testkey.pk8 is the private key that is compatible with the recovery image included in this zip file

testkey.x509.pem is the corresponding certificate/public key

 

Usage:

java -jar signapk.jar testkey.x509.pem testkey.pk8 update.zip update_signed.zip

 

4. apktool 的帮助信息

Apktool v1.3.2 - a tool for reengineering Android apk files

Copyright 2010 Ryszard Wi?niewski

Apache License 2.0 ()

 

Usage: apktool [-v|--verbose] COMMAND [...]

 

COMMANDs are:

 

    d[ecode] [OPTS] [

]

        Decode to

.

 

        OPTS:

 

        -s, --no-src

            Do not decode sources.

        -r, --no-res

            Do not decode resources.

        -d, --debug

            Decode in debug mode. Check project page for more info.

        -f, --force

            Force delete destination directory.

        -t , --frame-tag

            Try to use framework files tagged by .

        --keep-broken-res

            Use if there was an error and some resources were dropped, e.g.:

            "Invalid config flags detected. Dropping resources", but you

            want to decode them anyway, even with errors. You will have to

            fix them manually before building.

    b[uild] [OPTS] [] []

        Build an apk from already decoded application located in .

 

        It will automatically detect, whether files was changed and perform

        needed steps only.

 

        If you omit then current directory will be used.

        If you omit then /dist/

        will be used.

 

        OPTS:

 

        -f, --force-all

            Skip changes detection and build all files.

        -d, --debug

            Build in debug mode. Check project page for more info.

 

    if|install-framework []

        Install framework file to your system.

For additional info, see: 


四、参考资料

1. Smali

 

2. ApkTool


的推荐牛逼反编译工具:Apktool,支持Linux 、Windows下工作

安装步骤如下:

1.首先安装需要JAVA环境,先下载JDK/JRE,,已经有JAVA环境的可跳过此步

2.到code.google上下载apktool.jar以及相关文件:

点击下载和

3.解压apktool.jar 到 C:\Windows文件夹下
解压apktool-install-windows.zip到任意文件夹

4.点击开始菜单,运行,输入CMD回车,用cd命令转到刚刚解压apktool-install-windows所在的文件夹,输入apktool,出现一些命令说明即成功安装。

Apktool 命令

apktool d geek.apk and    反编译 geek.apk到文件夹and

apktool b  geek               从文件夹geek重建APK,输出到ABC\dist\out.apk


http://y150988451.iteye.com/blog/992605


阅读(1424) | 评论(0) | 转发(0) |
给主人留下些什么吧!~~