How can one decompile Android DEX (VM bytecode) files into corresponding Java sourcecode?
This question is related to
java
android
reverse-engineering
decompiler
dex
A more complete version of fred's answer:
First you need a tool to extract all the (compiled) classes on the DEX to a JAR.
There's one called dex2jar, which is made by a chinese student.
Then, you can use jd-gui to decompile the classes on the JAR to source code.
The resulting source should be quite readable, as dex2jar applies some optimizations.
You can use APKTool. It will automatically extract all the classes (.dex
), resources (.asrc
), then it will convert binary XML to human-readable XML, and it will also dissassemble the classes for you.
Disassembly will always be more robust than decompiling, especially with
JARs obfuscated with Pro Guard!
Just tell APKTool to decode the APK into a directory, then modify what you want,
and finally encode it back to an APK. That's all.
Important: APKTool dissassembles. It doesn't decompile.
The generated code won't be Java source.
But you should be able to read it, and even edit it if you're familiar with jasmin.
If you want Java source, please go over the Manual way.
You might try JADX (https://bitbucket.org/mstrobel/procyon/wiki/Java%20Decompiler), this is a perfect tool for DEX decompilation.
And yes, it is also available online on (my :0)) new site: http://www.javadecompilers.com/apk/
This can be done in following five steps:
This gem does these things for you automatically even the installation of required tools
I'd actually recommend going here: https://github.com/JesusFreke/smali
It provides BAKSMALI, which is a most excellent reverse-engineering tool for DEX files. It's made by JesusFreke, the guy who created the fameous ROMs for Android.
Sometimes you get broken code, when using dex2jar
/apktool
, most notably in loops. To avoid this, use jadx, which decompiles dalvik bytecode into java source code, without creating a .jar
/.class
file first as dex2jar
does (apktool uses dex2jar I think). It is also open-source and in active development. It even has a GUI, for GUI-fanatics. Try it!
If you're not looking to download dex2jar, then just use the apk_grabber
python script to decompile any apk into jar files. Then you read them with jd-gui.
Since Dheeraj Bhaskar
's answer is relatively old as many years past.
Here is my latest (2019 year) answer:
from dex
to java sourcecode
, currently has two kind of solution:
One Step
: directly convert dex
to java sourcecode
Two Step
: first convert dex
to jar
, second convert jar
to java sourcecode
dex
directly to java sourcecode
bin
folder can see command line jadx
or GUI version jadx-gui
, double click to run GUI version: jadx-gui
dex
filethen can show java source code:
File
-> save as gradle project
then got java sourcecode:
dex
to jar
download dex2jar zip, unzip got d2j-dex2jar.sh
, then:
apk
to jar
: sh d2j-dex2jar.sh -f ~/path/to/apk_to_decompile.apk
dex
to jar
: sh d2j-dex2jar.sh -f ~/path/to/dex_to_decompile.dex
example:
? v3.4.8 /Users/crifan/dev/dev_tool/android/reverse_engineering/dex-tools/dex-tools-2.1-SNAPSHOT/d2j-dex2jar.sh -f com.huili.readingclub8825612.dex
dex2jar com.huili.readingclub8825612.dex -> ./com.huili.readingclub8825612-dex2jar.jar
? v3.4.8 ll
-rw------- 1 crifan staff 9.5M 3 21 10:00 com.huili.readingclub8825612-dex2jar.jar
-rw------- 1 crifan staff 8.4M 3 19 14:04 com.huili.readingclub8825612.dex
jar
to java sourcecode
many
code will decompile errorminor
code will decompile errorno
code decompile error
Procyon
here demo Procyon
convert jar to java source code:
download procyon-decompiler-0.5.34.jar
then using syntax:
java -jar /path/to/procyon-decompiler-0.5.34.jar -jar your_to_decompile.jar -o outputFolderName
example:
java -jar /Users/crifan/dev/dev_tool/android/reverse_engineering/Procyon/procyon-decompiler-0.5.34.jar -jar com.huili.readingclub8825612-dex2jar.jar -o com.huili.readingclub8825612
using editor VSCode to open exported source code, look like this:
Conversion correctness : Jadx
> Procyon
> CRF
> JD-GUI
Recommend use: (One step solution's) Jadx
for more detailed explanation, please refer my online Chinese ebook: ??????????
Android Reverse Engineering is possible . Follow these steps to get .java file from apk file.
Step1 . Using dex2jar
dex2jar sampleApp.apk
Step2 . Decompiling .jar using JD-GUI
Once you downloaded your APK file , You need to do the following steps to get a editable java code/document.
Since no one mentioned this, there's one more tool: DED homepage
Install how-to and some explanations: Installation.
It was used in a quite interesting study of the security of top market apps(not really related, just if you're curious): A Survey of Android Application Security
A lot has changed since most of these answers were posted. Now-a-days there a are many easy tools with GUI's, like these:
APK Easy Tool for Windows (GUI tool, friendly)
Bytecode Viewer - APK/Java Reverse Engineering Suite
URET Android Reverser Toolkit
Best place to find them is on the XDA Developers forum.
Recent Debian have Python package androguard
:
Description-en: full Python tool to play with Android files
Androguard is a full Python tool to play with Android files.
* DEX, ODEX
* APK
* Android's binary xml
* Android resources
* Disassemble DEX/ODEX bytecodes
* Decompiler for DEX/ODEX files
Install corresponding packages:
sudo apt-get install androguard python-networkx
Decompile DEX file:
$ androdd -i classes.dex -o ./dir-for-output
Extract classes.dex
from Apk + Decompile:
$ androdd -i app.apk -o ./dir-for-output
Apk file is nothing more that Java archive (JAR), you may extract files from archive via:
$ unzip app.apk -d ./dir-for-output
To clarify somewhat, there are two major paths you might take here depending on what you want to accomplish:
Decompile the Dalvik bytecode (dex) into readable Java source. You can do this easily with dex2jar and jd-gui, as fred mentions. The resulting source is useful to read and understand the functionality of an app, but will likely not produce 100% usable code. In other words, you can read the source, but you can't really modify and repackage it. Note that if the source has been obfuscated with proguard, the resulting source code will be substantially more difficult to untangle.
The other major alternative is to disassemble the bytecode to smali, an assembly language designed for precisely this purpose. I've found that the easiest way to do this is with apktool. Once you've got apktool installed, you can just point it at an apk file, and you'll get back a smali file for each class contained in the application. You can read and modify the smali or even replace classes entirely by generating smali from new Java source (to do this, you could compile your .java source to .class files with javac, then convert your .class files to .dex files with Android's dx compiler, and then use baksmali (smali disassembler) to convert the .dex to .smali files, as described in this question. There might be a shortcut here). Once you're done, you can easily package the apk back up with apktool again. Note that apktool does not sign the resulting apk, so you'll need to take care of that just like any other Android application.
If you go the smali route, you might want to try APK Studio, an IDE that automates some of the above steps to assist you with decompiling and recompiling an apk and installing it on a device.
In short, your choices are pretty much either to decompile into Java, which is more readable but likely irreversible, or to disassemble to smali, which is harder to read but much more flexible to make changes and repackage a modified app. Which approach you choose would depend on what you're looking to achieve.
Lastly, the suggestion of dare is also of note. It's a retargeting tool to convert .dex and .apk files to java .class files, so that they can be analyzed using typical java static analysis tools.
Easiest method to decompile an android app is to download an app named ShowJava from playstore . Just select the application that needs to be decompiled from the list of applications. There are three different decompiler you can use to decompile an app namely -
CFR 0.110, JaDX 0.6.1 or FernFlower (analytical decompiler) .
Source: Stackoverflow.com