Android安全:dex2jar、jd-gui和AXMLPrinter2
来源:互联网 发布:淘宝的主营类目怎么改 编辑:程序博客网 时间:2024/06/05 22:54
生成Android的apk文件过程中,将Java语言的字节码(.class)转换成Dalvik虚拟机字节码(.dex),d2j-dexjar可以将这个过程可逆,将.dex转换成.class。下面我们就介绍如何反编译一个dex文件,并使用jd-gui反编译.class为java源码并查看:
一、dex2jar(https://sourceforge.net/p/dex2jar/wiki/Home/)
Android.dex和java.class文件相关的工具集:
1.dex-reader/writer:读/写Dalvik可执行文件(.dex);
2.d2j-dex2jar:.dex文件转换为.class文件(压缩成jar);
3.smail/baksmail:反汇编dex为smail文件,和编译smali文件为dex;
4.其它的工具:d2j-decrypt-string;
二、如何反编译一个dex文件
1.安装JDK(Ubuntu)
3.将dex2jar-version.zip解压到一个目录;
注意:如果执行输出如下错误:
sh /usr/local/bin/dex2jar-2.0/d2j-dex2jar.sh app-debug.apk
/usr/local/bin/dex2jar-2.0/d2j-dex2jar.sh: 36: /usr/local/bin/dex2jar-2.0/d2j-dex2jar.sh: /usr/local/bin/dex2jar-2.0/d2j_invoke.sh: Permission denied
处理:
pengchengxiang@ubuntu:/usr/local/bin$ sudo chown -R pengchengxiang dex2jar-2.0
pengchengxiang@ubuntu:/usr/local/bin$ sudo chgrp -R pengchengxiang dex2jar-2.0
pengchengxiang@ubuntu:/usr/local/bin$ sudo chmod -R 766 dex2jar-2.0
6.除了dex文件转换成jar之外,还提供了一些其他的功能,每个功能使用一个bat批处理或sh脚本来包装;
https://sourceforge.net/p/dex2jar/wiki/Faq/#markdown-header-want-to-read-dex-file-using-dex2jar
三、jd-gui(http://jd.benow.ca/)
1.jd-gui是C++开发的Java反编译工具,支持如Windows、Linux和Mac OS多平台;
2.将jar文件转换成Java源文件,你可以使用他浏览重构源码查看方法、字段;
3.除了反编译功能之外,还具有强大的搜索功能;
四、如何反编译查看Java源代码
1.从官网下载linux版本jd-gui-0.3.5.linux.i686.tar.gz;
2.解压到指定目录(/usr/local/bin/jd-gui-0.3.5);
3.进入到解压目录,执行./jd-gui打开jd-gui工具界面;
4.File->Open File,选择有dex2jar反编译生成的app-debug-dex2jar.jar,如下图就可以阅读反编译的java源码:
注意:
pengchengxiang@ubuntu:/usr/local/bin/jd-gui-0.3.5$ ./jd-gui
./jd-gui: error while loading shared libraries: libgtk-x11-2.0.so.0: cannot open shared object file: No such file or directory
一、dex2jar(https://sourceforge.net/p/dex2jar/wiki/Home/)
Android.dex和java.class文件相关的工具集:
1.dex-reader/writer:读/写Dalvik可执行文件(.dex);
2.d2j-dex2jar:.dex文件转换为.class文件(压缩成jar);
3.smail/baksmail:反汇编dex为smail文件,和编译smali文件为dex;
4.其它的工具:d2j-decrypt-string;
二、如何反编译一个dex文件
1.安装JDK(Ubuntu)
sudo apt-get install openjdk-7-jre2.从https://sourceforge.net/projects/dex2jar/files/下载dex2jar;
3.将dex2jar-version.zip解压到一个目录;
pengchengxiang@ubuntu:/usr/local/bin$ sudo unzip dex2jar-2.0.zip Archive: dex2jar-2.0.zip creating: dex2jar-2.0/ ... ... -rw-rw-r-- 1 root root 836 Oct 27 2014 d2j-std-apk.bat -rw-rw-r-- 1 root root 1088 Oct 27 2014 d2j-std-apk.sh drwxrwxrwx 2 root root 4096 Oct 27 2014 lib4.使用dex2jar生成.jar文件,dex2jar将会在工作目录生成一个名为someApk-dex2jar.jar;
pengchengxiang@ubuntu:~/SecurityWorkSpace/SecurityDemo/app/build/outputs/apk$ sh /usr/local/bin/dex2jar-2.0/d2j-dex2jar.sh app-debug.apk dex2jar app-debug.apk -> ./app-debug-dex2jar.jar pengchengxiang@ubuntu:~/SecurityWorkSpace/SecurityDemo/app/build/outputs/apk$ ls app-debug.apk app-debug-dex2jar.jar app-debug-unaligned.apk app-release5.使用反编译器查看源码,如jd-gui(见下章节),JAD,Procyon;
注意:如果执行输出如下错误:
sh /usr/local/bin/dex2jar-2.0/d2j-dex2jar.sh app-debug.apk
/usr/local/bin/dex2jar-2.0/d2j-dex2jar.sh: 36: /usr/local/bin/dex2jar-2.0/d2j-dex2jar.sh: /usr/local/bin/dex2jar-2.0/d2j_invoke.sh: Permission denied
处理:
pengchengxiang@ubuntu:/usr/local/bin$ sudo chown -R pengchengxiang dex2jar-2.0
pengchengxiang@ubuntu:/usr/local/bin$ sudo chgrp -R pengchengxiang dex2jar-2.0
pengchengxiang@ubuntu:/usr/local/bin$ sudo chmod -R 766 dex2jar-2.0
6.除了dex文件转换成jar之外,还提供了一些其他的功能,每个功能使用一个bat批处理或sh脚本来包装;
pengchengxiang@ubuntu:/usr/local/bin/dex2jar-2.0$ ls -al total 92 drwxrw-rw- 3 pengchengxiang pengchengxiang 4096 Oct 27 2014 . drwxr-xr-x 3 root root 4096 Jul 11 10:10 .. -rwxrw-rw- 1 pengchengxiang pengchengxiang 834 Oct 27 2014 d2j-baksmali.bat -rwxrw-rw- 1 pengchengxiang pengchengxiang 1086 Oct 27 2014 d2j-baksmali.sh -rwxrw-rw- 1 pengchengxiang pengchengxiang 837 Oct 27 2014 d2j-dex2jar.bat -rwxrw-rw- 1 pengchengxiang pengchengxiang 1089 Oct 27 2014 d2j-dex2jar.sh … …7.关于其它功能,如:修改一个apk/dex文件,如何将jar转换成dex等,请阅读相关官方文档:
https://sourceforge.net/p/dex2jar/wiki/Faq/#markdown-header-want-to-read-dex-file-using-dex2jar
三、jd-gui(http://jd.benow.ca/)
1.jd-gui是C++开发的Java反编译工具,支持如Windows、Linux和Mac OS多平台;
2.将jar文件转换成Java源文件,你可以使用他浏览重构源码查看方法、字段;
3.除了反编译功能之外,还具有强大的搜索功能;
四、如何反编译查看Java源代码
1.从官网下载linux版本jd-gui-0.3.5.linux.i686.tar.gz;
2.解压到指定目录(/usr/local/bin/jd-gui-0.3.5);
3.进入到解压目录,执行./jd-gui打开jd-gui工具界面;
4.File->Open File,选择有dex2jar反编译生成的app-debug-dex2jar.jar,如下图就可以阅读反编译的java源码:
注意:
pengchengxiang@ubuntu:/usr/local/bin/jd-gui-0.3.5$ ./jd-gui
./jd-gui: error while loading shared libraries: libgtk-x11-2.0.so.0: cannot open shared object file: No such file or directory
处理:sudo apt-get install libgtk2.0-0:i386 libxxf86vm1:i386 libsm6:i386 lib32stdc++6
五、AXMLPrint2
1.如上所述,使用jd-gui工具查看反编译源码时,并没有AndroidManifest.xml文件。在APK文件中的资源是经过压缩的,解压Apk,用文本编译工具都是乱码(如下图),其以AXML(用于Android设备的一种XML编码格式)格式存在。
2.AXMLPrint2就是一款可以将AXML转换为可读xml文件的工具;
六、如何查看AndroidManifest.xml文件
1.下载AXMLPrinter2.jar(https://code.google.com/archive/p/android4me/downloads);
2.从APK文件中解压出AndroidManifest.xml文件;
pengchengxiang@ubuntu:~/SecurityWorkSpace/SecurityDemo/app/build/outputs/apk$ unzip app-debug.apk -d app-debug Archive: app-debug.apk inflating: app-debug/AndroidManifest.xml inflating: app-debug/res/anim/abc_fade_in.xml ... ... inflating: app-debug/META-INF/CERT.SF inflating: app-debug/META-INF/CERT.RSA pengchengxiang@ubuntu:~/SecurityWorkSpace/SecurityDemo/app/build/outputs/apk$ lsapp-debug app-debug-dex2jar.jar app-release app-debug.apk app-debug-unaligned.apk pengchengxiang@ubuntu:~/SecurityWorkSpace/SecurityDemo/app/build/outputs/apk$ cd app-debug/ pengchengxiang@ubuntu:~/SecurityWorkSpace/SecurityDemo/app/build/outputs/apk/app-debug$ ls AndroidManifest.xml classes.dex META-INF res resources.arsc3.使用java -jar AXMLPrinter2.jar AndroidManifest.xml >> AndroidManifest2.xml转码清单文件;
pengchengxiang@ubuntu:~/SecurityWorkSpace/SecurityDemo/app/build/outputs/apk/app-debug$ cd /usr/local/bin/ pengchengxiang@ubuntu:/usr/local/bin$ sudo java -jar AXMLPrinter2.jar /home/pengchengxiang/SecurityWorkSpace/SecurityDemo/app/build/outputs/apk/app-debug/AndroidManifest.xml >> /home/pengchengxiang/SecurityWorkSpace/SecurityDemo/app/build/outputs/apk/app-debug/AndroidManifext2.xml pengchengxiang@ubuntu:/usr/local/bin$ cd /home/pengchengxiang/SecurityWorkSpace/SecurityDemo/app/build/outputs/apk/app-debug/ pengchengxiang@ubuntu:~/SecurityWorkSpace/SecurityDemo/app/build/outputs/apk/app-debug$ ls AndroidManifest.xml classes.dex res AndroidManifext2.xml META-INF resources.arsc4.使用gedit查看转码后的清单文件;
pengchengxiang@ubuntu:~/SecurityWorkSpace/SecurityDemo/app/build/outputs/apk/app-debug$ gedit AndroidManifext2.xml
1 0
- Android安全:dex2jar、jd-gui和AXMLPrinter2
- 【移动安全】Android APK反编译(AXMLPrinter2,smali,dex2jar.bat,jd-gui.exe,baksmali)
- android反编译小结:apktool/AXMLPrinter2.jar/dex2jar.bat/jd-gui/
- android反编译小结:apktool/AXMLPrinter2.jar/dex2jar.bat/jd-gui/
- [android反编译小结]apktool/ AXMLPrinter2.jar/ dex2jar.bat/ jd-gui/
- android反编译小结:apktool/AXMLPrinter2.jar/dex2jar.bat/jd-gui/
- [android反编译小结]apktool/ AXMLPrinter2.jar/ dex2jar.bat/ jd-gui/ Jodeclipse/ JadClipse
- [android反编译小结]apktool/ AXMLPrinter2.jar/ dex2jar.bat/ jd-gui/ Jodeclipse/ JadClipse
- [android反编译小结]apktool/ AXMLPrinter2.jar/ dex2jar.bat/ jd-gui/ Jodeclipse/ JadClipse
- [android反编译小结]apktool/ AXMLPrinter2.jar/ dex2jar.bat/ jd-gui/ Jodeclipse/ JadClipse
- [android反编译小结]apktool/ AXMLPrinter2.jar/ dex2jar.bat/ jd-gui/ Jodeclipse/ JadClipse
- dex2jar和JD-GUI 反编译
- Android 的 dex2jar 和 jd-gui 反编译 apk 源代码
- Android 的 dex2jar 和 jd-gui 反编译 apk 源代码
- Android 的 dex2jar 和 jd-gui 反编译 apk 源代码
- Android 的 dex2jar 和 jd-gui 反编译 apk 源代码
- Android逆向分析之dex2jar和jd-gui使用
- 使用dex2jar和jd-gui反编译apk
- Struts2配置环境
- scala 基本语法-4 ok
- 优雅编程之这样取名字,你就"正常"了!
- 广播接收者BroadcastReceiver
- Python 机器学习有关机器学习工具包(Numpy、Theano、Caffe等)安装汇总
- Android安全:dex2jar、jd-gui和AXMLPrinter2
- 结构体中指针赋值问题的分析及C代码示例
- VS2010中“工具>选项中的VC++目录编辑功能已被否决”解决方法
- POJ 1041 欧拉回路
- 标签语义化
- MySQL InnoDB存储引擎下的锁
- spark streaming的NetworkWordCount实例理解
- HBase学习之五:HBase的RowKey设计原则
- 【翻译】LearnYouSomeErlangForGreatGood(二):起始