Android可視化反編譯工具綠色免費版

現在的手機基本都被安卓和IOS占據了，IOS是封閉係統，不可能破解，但是對於開源的安卓，我們可以進行學習反編譯，今天小編就分享一個Android可視化反編譯工具

反編譯資料分享

假設我們有一個應用，它的類文件編譯後被單獨拿了出來，即有兩個文件app.apk和app.odex，把他們放在$AndroidDecompile下。

1. 使用 baksmali.jar 將 odex 文件分解為 smali 文件

$ java –jar baksmali-1.2.5.jar –x app.odex

如果成功的話，會在 $AndroidDecompile下生成一個 out目錄，裏麵是一些以“.smali”為後綴名的文件，在此不深究這些文件的作用。

2. 使用 smali.jar將 out/目錄下的smali文件轉換為 classes.dex

$ java -Xmx512M –jar smali-1.2.5.jar out –o classes.dex

classes.dex便是Dalvik VM所使用的編譯後的類文件格式，在正常的apk文件裏都會有。

3. 使用 dex2jar將classes.dex反編譯為jar文件

將下載後的dex2jar壓縮包解壓後，裏麵會有dex2jar.sh(和dex2jar.bat)文件，假如classes.dex文件與dex2jar.sh在同一目錄下，使用以下方式將classes.dex反編譯為jar文件：

$dex2jar.sh classes.dex

如果執行成功，則會在當前目錄下生成反編譯後的文件classes.dex.dex2jar.jar。

dex2jar即可以操作dex文件，也可以直接操作apk文件，它的使用規則為：

dex2jar file1.dexORapk file2.dexORapk ...

4. 使用JD-GUI查看反編譯後的jar文件

JD-GUI是一個可視化的Java反編譯代碼查看器，它可以實時的將class文件反編譯成java文件進行查看。解壓下載的jd-gui文件，執行目錄中的jd-gui可執行文件啟動，然後加載上一步中反編譯好的classes.dex.dex2jar.jar文件即可。

5. 將從odex反編譯後的classes.dex與其他資源文件重新打包成一個完整的apk

以上我們假設的情況是應用程序編譯後的類文件從apk文件中被剝離出來，下麵要做的是如何將上述步驟中得到的classes.dex與apk中的其他文件重新打包成一個可用的apk。

首先將反編譯後的classes.dex和原先的app.apk（不含classes.dex）重新壓縮成一個完整的app.apk（apk文件可用壓縮工具打開），也就是說將classes.dex放進app.apk中。

將下載的AutoSign文件解壓，可以看到有signapk.jar（還有個Sign.bat）文件，執行以下命令給app.apk文件簽名，就可以生成一個可以運行的apk文件了。

$ java -jar signapk.jar testkey.x509.pem testkey.pk8 app.apk app_signed.apk

6. apktool的使用

網上還有個工具是apktool，可以對apk進行解析，反編譯資源文件，並將類文件解析成smali文件；同時還可以將解析後的文件重新打包成apk。功能和以上介紹的幾個工具類似，它的使用方法如下：

apktool d app.apk and 反編譯 app.apk到文件夾and

apktool b app 從文件夾app重建APK，輸出到ABC\dist\out.apk

具體的使用方法在此不再贅述，請參考官方網站，或者：

http://www.geeka.net/2010/05/apktool-decode-android-google-code/

7. 我的 $AndroidDecompile目錄下的文件的截圖

一些工具的幫助信息

1. baksmali 的幫助信息

usage: java -jar baksmali.jar [options]

disassembles and/or dumps a dex file

-?,--help Prints the help message then exits.

-b,--no-debug-info Specify twice for debug options

don't write out debug info (.local,

.param, .line, etc.)

-c,--bootclasspath The bootclasspath jars to use, for

analysis. Defaults to

core.jar:ext.jar:framework.jar:andro

id.policy.jar:services.jar. If the

value begins with a :, it will be

appended to the default

bootclasspath instead of replacing it

-d,--bootclasspath-dir

The base folder to look for the

bootclasspath files in. Defaults to

the current directory

-f,--code-offsets Add comments to the disassembly

containing the code offset for each address

-l,--use-locals Output the .locals directive with

the number of non-parameter

registers, rather than the .register

-o,--output

Directive with the total number of register

the directory where the disassembled

files will be placed. The default is out

-p,--no-parameter-registers Use the v syntax instead of the

p syntax for registers mapped to

method parameters

-r,--register-info Print the specificed type(s) of

register information for each

instruction. "ARGS,DEST" is the

default if no types are specified.

Valid values are:

ALL: all pre- and post-instruction registers.

ALLPRE: all pre-instruction registers

ALLPOST: all post-instruction registers

ARGS: any pre-instruction registers

used as arguments to the instruction

DEST: the post-instruction

destination register, if any

MERGE: Any pre-instruction register

has been merged from more than 1

different post-instruction register

from its predecessors

FULLMERGE: For each register that

would be printed by MERGE, also show

the incoming register types that

were merged

-s,--sequential-labels Create label names using a

sequential numbering scheme per

label type, rather than using the

bytecode address

-v,--version Prints the version then exits

-x,--deodex Deodex the given odex file. This

option is ignored if the input file

is not an odex file

2. smali 的幫助信息

usage: java -jar smali.jar [options] [--] [|folder]*

assembles a set of smali files into a dex file

-?,--help prints the help message then exits. Specify twice for

debug options

-o,--output the name of the dex file that will be written. The default

is out.dex

-v,--version prints the version then exits

3. auto-sign 的幫助信息

SignApk.jar is a tool included with the Android platform source bundle.

testkey.pk8 is the private key that is compatible with the recovery image included in this zip file

testkey.x509.pem is the corresponding certificate/public key

Usage:

java -jar signapk.jar testkey.x509.pem testkey.pk8 update.zip update_signed.zip

4. apktool 的幫助信息

Apktool v1.3.2 - a tool for reengineering Android apk files

Copyright 2010 Ryszard Wi?niewski

Apache License 2.0 (http://www.apache.org/licenses/LICENSE-2.0)

Usage: apktool [-v|--verbose] COMMAND [...]

COMMANDs are:

d[ecode] [OPTS] [

]

Decode to

.

OPTS:

-s, --no-src

Do not decode sources.

-r, --no-res

Do not decode resources.

-d, --debug

Decode in debug mode. Check project page for more info.

-f, --force

Force delete destination directory.

-t , --frame-tag

Try to use framework files tagged by .

--keep-broken-res

Use if there was an error and some resources were dropped, e.g.:

"Invalid config flags detected. Dropping resources", but you

want to decode them anyway, even with errors. You will have to

fix them manually before building.

b[uild] [OPTS] [] []

Build an apk from already decoded application located in .

It will automatically detect, whether files was changed and perform

needed steps only.

If you omit then current directory will be used.

If you omit then /dist/

will be used.

OPTS:

-f, --force-all

Skip changes detection and build all files.

-d, --debug

Build in debug mode. Check project page for more info.

if|install-framework []

Install framework file to your system.