dex2jar
bytecode-viewer
dex2jar | bytecode-viewer | |
---|---|---|
5 | 9 | |
11,875 | 14,351 | |
- | - | |
5.0 | 7.2 | |
24 days ago | 10 days ago | |
Java | Java | |
Apache License 2.0 | GNU General Public License v3.0 only |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
dex2jar
-
Understanding security in React Native applications
App tampering and repackaging can be performed by using reverse engineering or tampering tools, such as Apktool, dex2jar, etc.
-
What Happens When Your Phone Is Spying on You
A week ago I purchased a bluetooth device that takes some measurements. You require an Android or iOS application. The first thing the iOS app did was request permission for your location. Immediate fired up MITMproxy [1] running in transparent `--mode wireguard` and installed it's certificate in the iOS trust store. It was sending a whole bunch of data to China and HK. Since I don't have a jailbroken iPhone, it's off to Android.
For BLE scanning, Android does require permissions for location, but this application is using a Chinese branded tracking SDK and sending encrypted (within already encrypted TLS). So it's time to start reversing and instrumenting the runtime.
Well - not so easy, they used a commercial packer that encrypts their compiled bytecode and decrypts and runs it within a C++ library. I managed to bull the Dalvik out of memory using Frida[2], covert it to java bytecode with dex2jar[3] then into decompiled java with jadx [3].
Since the developer relied on the packer to hide/obfuscate their software, it's quite easy to follow. The libraries that do the location tracking on the otherhand are obfuscated so now I'm at the stage of identifying where to hook before the encrypted blobs are sent to servers in China.
I've sunk about 8 hours into this so far. The message here is that to understand what some applications on your phone does you need to really invest time and effort. The developers increase the cost to the consumer to know what their application is doing by obfuscation, encryption and packing. It's asymmetric.
[1] https://mitmproxy.org/posts/wireguard-mode/
[2] https://frida.re/docs/android/
[3] https://github.com/skylot/jadx
[3] https://github.com/pxb1988/dex2jar
-
Reverse Engineering Tools in 2022
I think they forgot to google translate the disadvantages of JEB Decompiler
I haven't used JEB to comment, but I've gotten a lot of mileage out of https://github.com/pxb1988/dex2jar#readme and then feed the normal Java jars it produces into https://github.com/mstrobel/procyon#readme and (of course) one shouldn't overlook picking your favorite tool for dealing with AndroidManifest.xml which often has fun things hiding in it
While digging up those links, I was reminded that some folks enjoy https://github.com/Konloch/bytecode-viewer#is-there-a-demo because it can be easier to "try out" a few of the decompilation engines, but I don't use it because it's hard to do batch things with it, versus dex2jar into procyon is automation friendly
- The Code the FBI Used to Wiretap the World
-
Decompilers for android
Take a look at apktool: https://ibotpeaches.github.io/Apktool/ and dex2jar: https://github.com/pxb1988/dex2jar
bytecode-viewer
- Java 泛型程式設計的注意事項
-
Reverse Engineering Tools in 2022
I think they forgot to google translate the disadvantages of JEB Decompiler
I haven't used JEB to comment, but I've gotten a lot of mileage out of https://github.com/pxb1988/dex2jar#readme and then feed the normal Java jars it produces into https://github.com/mstrobel/procyon#readme and (of course) one shouldn't overlook picking your favorite tool for dealing with AndroidManifest.xml which often has fun things hiding in it
While digging up those links, I was reminded that some folks enjoy https://github.com/Konloch/bytecode-viewer#is-there-a-demo because it can be easier to "try out" a few of the decompilation engines, but I don't use it because it's hard to do batch things with it, versus dex2jar into procyon is automation friendly
-
Is there any tool for Java reverse engineering that doesn't totally suck?
Here's a good tool for inspecting the bytecode of applications, with built in decompiler support: https://github.com/Konloch/bytecode-viewer
-
Stack Overflow Developer Survey: 54% of Respondents Dread Java?
If you're curious what anything (Lombok or otherwise) compiles to, JVM bytecode is much simpler than the kinds C/C++ compiles to. It's fairly readable even with the JDK disassembler javap. There are also various community disassemblers and decompilers that provide nicer output than javap. I use https://github.com/Konloch/bytecode-viewer, which is a GUI frontend for several. If one decompiler doesn't handle a class well, another usually does.
-
Looking for a lightweight java decompiler / code viewer that has dark mode
I use Bytecode Viewer, https://github.com/Konloch/bytecode-viewer with Dark Mode.
-
CandyPixel - Known Information Wanted Please.
if you do use this plugin i'd recommend also using https://bytecodeviewer.com/ to check the supposed malicious lines of code.
-
A response from r/AskReddit. Are we even surprised?
Take a look at tools like this one to get an idea of what you can actually get: https://bytecodeviewer.com/
- Needed some suggestions
-
1.8 source code
Also, you can always install the latest release and then put it through a Java decompiler to get the complete source code. It might have some errors since decompilers aren't perfect, but will give you a more complete source code than anything I can legally provide.
What are some alternatives?
Apktool - A tool for reverse engineering Android apk files
AndroRAT - A Simple android remote administration tool using sockets. It uses java on the client side and python on the server side
comm - Comm is the working name of this open source messaging project.
Caesium - A Java bytecode obfuscator
vineflower - Modern Java decompiler aiming to be as accurate as possible, with an emphasis on output quality. Fork of the Fernflower decompiler.
Perses - A project to cause (controlled) destruction on your jvm application
ricochet - Anonymous peer-to-peer instant messaging
Mixin - Mixin is a trait/mixin and bytecode weaving framework for Java using ASM
Recaf - The modern Java bytecode editor
jpexs-decompiler - JPEXS Free Flash Decompiler
procyon - Procyon java decompiler - Procyon is a binary star system in Canis Minor