apk、jar、dex、odex、vdex相互转换java
1. ? to jar
1.1 odex to jar
1.2 dex to jar
1.3 apk to jar
输出结果可能有损
1)、用jadx工具将dex反编译出jar
2)、用dex2jar工具,反编译出jar,若是报错修改dex2jar工具源码
3)、odex to dex,而后执行1)2)linux
2. ? to dex
2.1 o/vdex to dex | dex to o/vdex
2.2 apk to dex
2.3 jar to dex
输出结果无损
1)、用odex2dex工具
2)、从apk解压出dex
3)、用dx工具
D:\Android\sdk\platform-tools\***Fm\os-framework>D:\Android\sdk\build-tools\27.0.2\dx --dex --output=target.jar os-framework_org.jarandroid
3. ? to apk
3.1 jar to apk
输出结果无损
将jar导入空工程,从新编译生成apkgit
3.2 dex to apk
输出结果可能有损
1)、dex to jar后,将jar导入空工程,从新编译生成apk;从apk中取出dex,替换到原来的apk中
2)、dex to jar后,修改jar源码,生成jar,用dx命令从新编译出dexgithub
3.3 odex/vdex to apk
输出结果可能有损
1)、odex/vdex to dex
2)、dex to jar
3)、jar to apkshell
4. ? to odex
4.1 apk to odex/vdex
4.2 jar to odex/vdex
4.3 dex to odex/vdex
输出结果无损
一、apk安装方式
1)、用空工程集成jar源码,生成apk
2)、在真机上安装apk
3)、拉出odex和vdex文件
二、使用dex2odex工具
windows
附逆向工具网站:sass
X:\Android\sdk\build-tools\**.*.*\dx.batapp
phone: /system/framework/dex2oat 等等ide
附逆向工具解析:
一、apktool(解包apk,打包apk)
解包apk
apktool d[ecode] [options]
打包apk
apktool b[uild] [options]
安装framework资源
apktool if|install-framework [options]
工具说明:
Apktool v2.2.0 - a tool for reengineering Android apk files
with smali v2.1.3 and baksmali v2.1.3
-advance,--advanced prints advance information.
-version,--versionprints the version then exits
usage: apktool if|install-framework [options]
-p,--frame-path
-t,--tag Tag frameworks using .
usage: apktool d[ecode] [options]
-f,--force Force delete destination directory.
-o,--output
-p,--frame-path
-r,--no-resDo not decode resources.
-s,--no-srcDo not decode sources.
-t,--frame-tag Uses framework files tagged by .
usage: apktool b[uild] [options]
-f,--force-all Skip changes detection and build all files.
-o,--output
-p,--frame-path
使用命令示例:
apktool.bat if framework-res\framework-res.apk -p .
apktool.bat d -f Settings.apk -p ..\..\framework
apktool.bat d -f system\priv-app\Settings\Settings.apk
二、smali/baksmali(apktool利用该工具来反编译/打包dex文件)
反编译jar/apk中的dex文件
java -Xmx1024M -jar baksmali.jar -l -o out x.jar
合成smali文件为dex文件
java –Xmx1024M -jar smali.jar -o "out\classes.dex" out
三、jd-gui (java 字节码反编译器: .class -> .java)
四、jadx (dex/apk 反编译器: apk/jar -> java)
五、deodex
SVADeodexer (art .oat)
解包odex,从新打包成dex,生成deodexed后的apk/jar
示例:
如何使用SVADeodexer deodex一个 rom 或者 手机?
adb pull /system/framework
adb pull /system/app
adb pull /system/priv-app
adb pull /system/build.prop
六、oatdump(分析oat文件)
oatdump
--list-methods --method-filter=getElem
--class-filter=com.qiku.android.server.systeminterface.util.SystemUtil
--oat-file=/data/dalvik-cache/arm64/system@framework@boot.oat
使用说明:
Usage: oatdump [options] ...
Example: oatdump --image=$ANDROID_PRODUCT_OUT/system/framework/boot.art
Example: adb shell oatdump --image=/system/framework/boot.art
--list-classes may be used to list target file classes (can be used with filters).
Example: --list-classes
Example: --list-classes --class-filter=com.example.foo
--list-methods may be used to list target file methods (can be used with filters).
Example: --list-methods
Example: --list-methods --class-filter=com.example --method-filter=foo
--class-filter=: only dumps classes that contain the filter.
Example: --class-filter=com.example.foo
--method-filter=: only dumps methods that contain the filter.
Example: --method-filter=foo
--export-dex-to=: may be used to export oat embedded dex files.
Example: --export-dex-to=/data/local/tmp
--addr2instr=
: output matching method disassembled code from relative
address (e.g. PC from crash dump)
Example: --addr2instr=0x00001a3b
Example: --no-dump:vmap
--no-disassemble may be used to disable disassembly.
Example: --no-disassemble
Native code disassembling
IDA (Commercial : 2350$ ~ 3525$)
objdump (free, prebuit in Android NDK)
64bit: aarch64-linux-android-objdump
${ndk}\toolchains\aarch64-linux-android-4.9\prebuilt\windows-x86_64\bin
32bit : arm-linux-androideabi-objdump
${ndk}\toolchains\arm-linux-androideabi-4.9\prebuilt\windows-x86_64\bin
