分类: Java
2011-11-07 14:30:12
一、反编译流程图
二、工具使用方法(命令)
准备工作
假设我的工作目录为 $AndroidDecompile,首先要将system.img中(或者说从源码中编译好的)几个重要的odex文件拷贝到工作目录中,他们是:core.odex, ext.odex, framework.odex, android.policy.odex, services.odex(也可以放在别的目录,通过设置BOOTCLASSPATH指定,默认就是当前目录,关于BOOTCLASSPATH请参考baksmali的帮助信息)。
下载以下工具到 $AndroidDecompile中:
Baksmali :
Smali :
Dex2jar :
JD-GUI (Java Decompile GUI) :
AutoSign :
Apktool
假设我们有一个应用,它的类文件编译后被单独拿了出来,即有两个文件app.apk和app.odex,把他们放在$AndroidDecompile下。
1. 使用 baksmali.jar 将 odex 文件分解为 smali 文件
$ java –jar baksmali-1.2.5.jar –x app.odex
如果成功的话,会在 $AndroidDecompile下生成一个 out目录,里面是一些以“.smali”为后缀名的文件,在此不深究这些文件的作用。
2. 使用 smali.jar将 out/目录下的smali文件转换为 classes.dex
$ java -Xmx512M –jar smali-1.2.5.jar out –o classes.dex
classes.dex便是Dalvik VM所使用的编译后的类文件格式,在正常的apk文件里都会有。
3. 使用 dex2jar将classes.dex反编译为jar文件
将下载后的dex2jar压缩包解压后,里面会有dex2jar.sh(和dex2jar.bat)文件,假如classes.dex文件与dex2jar.sh在同一目录下,使用以下方式将classes.dex反编译为jar文件:
$dex2jar.sh classes.dex
如果执行成功,则会在当前目录下生成反编译后的文件classes.dex.dex2jar.jar。
dex2jar即可以操作dex文件,也可以直接操作apk文件,它的使用规则为:
dex2jar file1.dexORapk file2.dexORapk ...
4. 使用JD-GUI查看反编译后的jar文件
JD-GUI是一个可视化的Java反编译代码查看器,它可以实时的将class文件反编译成java文件进行查看。解压下载的jd-gui文件,执行目录中的jd-gui可执行文件启动,然后加载上一步中反编译好的classes.dex.dex2jar.jar文件即可。
5. 将从odex反编译后的classes.dex与其他资源文件重新打包成一个完整的apk
以上我们假设的情况是应用程序编译后的类文件从apk文件中被剥离出来,下面要做的是如何将上述步骤中得到的classes.dex与apk中的其他文件重新打包成一个可用的apk。
首先将反编译后的classes.dex和原先的app.apk(不含classes.dex)重新压缩成一个完整的app.apk(apk文件可用压缩工具打开),也就是说将classes.dex放进app.apk中。
将下载的AutoSign文件解压,可以看到有signapk.jar(还有个Sign.bat)文件,执行以下命令给app.apk文件签名,就可以生成一个可以运行的apk文件了。
$ java -jar signapk.jar testkey.x509.pem testkey.pk8 app.apk app_signed.apk
6. apktool的使用
网上还有个工具是apktool,可以对apk进行解析,反编译资源文件,并将类文件解析成smali文件;同时还可以将解析后的文件重新打包成apk。功能和以上介绍的几个工具类似,它的使用方法如下:
apktool d app.apk and 反编译 app.apk到文件夹and
apktool b app 从文件夹app重建APK,输出到ABC\dist\out.apk
具体的使用方法在此不再赘述,请参考官方网站,或者:
7. 我的 $AndroidDecompile目录下的文件的截图
三、一些工具的帮助信息
1. baksmali 的帮助信息
usage: java -jar baksmali.jar [options]
disassembles and/or dumps a dex file
-?,--help Prints the help message then exits.
-b,--no-debug-info Specify twice for debug options
don't write out debug info (.local,
.param, .line, etc.)
-c,--bootclasspath
analysis. Defaults to
core.jar:ext.jar:framework.jar:andro
id.policy.jar:services.jar. If the
value begins with a :, it will be
appended to the default
bootclasspath instead of replacing it
-d,--bootclasspath-dir
bootclasspath files in. Defaults to
the current directory
-f,--code-offsets Add comments to the disassembly
containing the code offset for each address
-l,--use-locals Output the .locals directive with
the number of non-parameter
registers, rather than the .register
-o,--output
the directory where the disassembled
files will be placed. The default is out
-p,--no-parameter-registers Use the v
p
method parameters
-r,--register-info
register information for each
instruction. "ARGS,DEST" is the
default if no types are specified.
Valid values are:
ALL: all pre- and post-instruction registers.
ALLPRE: all pre-instruction registers
ALLPOST: all post-instruction registers
ARGS: any pre-instruction registers
used as arguments to the instruction
DEST: the post-instruction
destination register, if any
MERGE: Any pre-instruction register
has been merged from more than 1
different post-instruction register
from its predecessors
FULLMERGE: For each register that
would be printed by MERGE, also show
the incoming register types that
were merged
-s,--sequential-labels Create label names using a
sequential numbering scheme per
label type, rather than using the
bytecode address
-v,--version Prints the version then exits
-x,--deodex Deodex the given odex file. This
option is ignored if the input file
is not an odex file
2. smali 的帮助信息
usage: java -jar smali.jar [options] [--] [
assembles a set of smali files into a dex file
-?,--help prints the help message then exits. Specify twice for
debug options
-o,--output
is out.dex
-v,--version prints the version then exits
3. auto-sign 的帮助信息
SignApk.jar is a tool included with the Android platform source bundle.
testkey.pk8 is the private key that is compatible with the recovery image included in this zip file
testkey.x509.pem is the corresponding certificate/public key
Usage:
java -jar signapk.jar testkey.x509.pem testkey.pk8 update.zip update_signed.zip
4. apktool 的帮助信息
Apktool v1.3.2 - a tool for reengineering Android apk files
Copyright 2010 Ryszard Wi?niewski
Apache License 2.0 ()
Usage: apktool [-v|--verbose] COMMAND [...]
COMMANDs are:
d[ecode] [OPTS]
Decode
OPTS:
-s, --no-src
Do not decode sources.
-r, --no-res
Do not decode resources.
-d, --debug
Decode in debug mode. Check project page for more info.
-f, --force
Force delete destination directory.
-t
Try to use framework files tagged by
--keep-broken-res
Use if there was an error and some resources were dropped, e.g.:
"Invalid config flags detected. Dropping resources", but you
want to decode them anyway, even with errors. You will have to
fix them manually before building.
b[uild] [OPTS] [
Build an apk from already decoded application located in
It will automatically detect, whether files was changed and perform
needed steps only.
If you omit
If you omit
will be used.
OPTS:
-f, --force-all
Skip changes detection and build all files.
-d, --debug
Build in debug mode. Check project page for more info.
if|install-framework
Install framework file to your system.
For additional info, see:
四、参考资料
1. Smali
2. ApkTool
的推荐牛逼反编译工具:Apktool,支持Linux 、Windows下工作
安装步骤如下:
1.首先安装需要JAVA环境,先下载JDK/JRE,,已经有JAVA环境的可跳过此步
2.到code.google上下载apktool.jar以及相关文件:
点击下载和
3.解压apktool.jar 到 C:\Windows文件夹下
解压apktool-install-windows.zip到任意文件夹
4.点击开始菜单,运行,输入CMD回车,用cd命令转到刚刚解压apktool-install-windows所在的文件夹,输入apktool,出现一些命令说明即成功安装。
Apktool 命令
apktool d geek.apk and 反编译 geek.apk到文件夹and
apktool b geek 从文件夹geek重建APK,输出到ABC\dist\out.apk
http://y150988451.iteye.com/blog/992605