Jadx Alternatives

jadx reviews and mentions

• Can someone please tell me if there is a way i can convert this into readable text?
  1 project | reddit.com/r/HowToHack | 24 Jun 2022

  I'm not sure if it wil help but check this out https://github.com/skylot/jadx

• Android: How to Install ADB, APK's, and JDX-GUI on Parrot OS
  2 projects | dev.to | 25 May 2022

  Recently I have dived into the journey of learning how to hack, or more precisely pen-testing. Since I focused previously on Android Pentesting when I explained how to install Genymotion and VirtualBox on Parrot OS, I thought, why don't I write another tutorial on how to install ADB and JDX-GUI on Parrot OS as it is related and quite easy to do. This tutorial assumes you have Android Studio and Parrot OS installed. A good Android Studio installation tutorial can be found here.

• how to decompile APK into a .jar file?
  1 project | reddit.com/r/LiveOverflow | 20 May 2022

  I suggest you JADX: https://github.com/skylot/jadx

• is whole android apk can be decompiled?
  1 project | reddit.com/r/androiddev | 15 May 2022

  As much as I love Jadx, as much as I hate it, if your app does not have the proguard, with Jadx, anyone can easily get your whole application code, assets folder, XML, and all resources, in fact, anyone can see everything except the code if your app has the proguard enabled

• Interesting things regarding AnYme
  1 project | reddit.com/r/animepiracy | 24 Mar 2022

  i gave people the resources (cause it seemed like a interesting challenge), and i kinda dont have time or experience atm. im sure someone will take it up. since i haven't gotten in java or kotlin yet and dived straight into smali, due to this i didn't recognize the code as being obfuscated until i opened it into jadx and tried to find the thousands of smali files that were not in a subdirectory. the found them in defpackage and wondered why they were there and looked it and found this: https://github.com/skylot/jadx/issues/118

• APKTool: A tool for reverse engineering Android APK files
  5 projects | news.ycombinator.com | 16 Jan 2022

  APKTool is amazing! I wrote an article on how to do end-to-end reverse engineering of Android apps using APKTool: https://yasoob.me/posts/reverse-engineering-android-apps-apk...

  I love using Jadx (https://github.com/skylot/jadx) to get a better understanding of the code in Java and then use APKTool to reverse engineer, decompile and recompile the app

  If you are interested, Frida is also an amazing tool that makes certain type of reverse engineerings a lot easier compared to using APKTool. I wrote an article on that as well: https://yasoob.me/posts/reverse-engineering-nike-run-club-us...

  Reverse engineering is a very exciting field and the moment you learn and figure out one concept you realize there is a lot more out there for you to figure out.

  5 projects | news.ycombinator.com | 16 Jan 2022

  Heh, mine's "after I count to infinity twice" :) I can't remember if I cribbed that from somewhere...

  IIUC, the permissions apps request ultimately just enable access to certain APIs; they don't do anything on their own: https://stackoverflow.com/questions/24858462/how-to-check-if... (see comments). So apps like https://play.google.com/store/apps/details?id=sk.styk.martin... and https://play.google.com/store/apps/details?id=com.ubqsoft.se... basically reason about the ceiling of everything an app might use across its lifetime. It can be a tad misrepresentative, like a wall of text devoid of formatting can be scary to reason about.

  To make matters worse, the very orthogonal way permissions are categorized relative to internal API architecture is woefully unintuitive at best, making it next to impossible to come up with good summary judgements of what a given app might be trying to do. For example, a given game might want access to your "cell ID information" because the analytics SDK it uses is overly invasive (while the game itself never needs the info), while a smart-device controller app might request "real-time location information" (I forget exactly what the permission is called) just so it can enable Bluetooth (!) to actually connect to your smart whatever.

  So not only is the mapping from policy to implementation a case of a pile of arrows all pointing at each other, the permissions model is really just about enabling access to APIs ahead-of-time so they can be used when needed. Android's trying to go down a just-in-time model where for example something requests access to storage as and when needed; this contextualizes and thus justifies the request, allowing for more informed consent.

  With the ahead-of-time way things work nowadays... I'd be a bit bullish that APKTool on its own would be useful. You're basically in an equivalent situation to wondering why a given Chrome extensions might be asking for a certain permission, only to download the CRX, unzip it, and find everything minified. Intractable? Check. "Now what?": check. Suspicious? Good question :(

  In practice a reasonable number of Chrome extensions incidentally aren't minified and contain perfectly readable source, sometimes even with comments (which is great for figuring out how other developers have solved certain complex integration problems ;D) - but the bytecode-based nature of the Java runtime means you're always working with some level of minification. Control flow is generally always somewhat permuted in much the same way pseudo-decompiled C code doesn't quite look the same as the original. If a given app isn't using obfuscation, you might be able to see some symbol names however.

  Android Studio adds the Proguard obfuscator (which ships for free with 'Studio) into the build instructions of every new project by default, but switched off by default to make builds faster. Once enabled by just changing a couple build settings to "true", obfuscation Just Works™ without any additional steps. Given this state of commoditization it's often a good question whether an app's symbols are available or not.

  JADX (https://github.com/skylot/jadx) is generally the tool people mostly use to fight their way through this status quo. Like with IDA, you generally need a very good idea of exactly what you want to do when using it. "Find why this wants all these permissions" is a sadly very open-ended question from this low-level perspective. :(

  FWIW, there are "interestinger" obfuscators that Proguard out there; I once wondered how a random Chinese smart-device companion app worked internally, and found that it shipped with a .so (shared library!)-based obfuscation/protection runtime. Frida (https://frida.re/) proved particularly awesome here, as it turned that for all the obfuscation and insanity the runtime brought to the table, it was to hide the application's original .dex files, which it briefly wrote to a temporary location on launch - so that was just a question of winning a race condition in an Android emulator.

  TL;DR: You are sadly fundamentally correct in your gut assumption that this is a generally intractable question to straightforwardly answer. :(

  I think one of the most viable realistic goals in pursuit of ideal privacy is to run all traffic through a captive proxy and install CA certificates on at least all phones to enable MITMing all TLS traffic. I've seen the occasional comment on here by people who have done just that; they just uninstall whatever doesn't cooperate (with certificate pinning etc). I've been wanting to do this myself for quite a while but don't have the hardware to pull it off effectively/seamlessly yet. FWIW, device policy controller apps can install CA certificates and start VPNs without any persistent notifications cluttering up the screen (:D) - and they're surprisingly easy to write.

  If there was a specific angle or takeaway I'd like to focus on here, it's that the ecosystem has organically evolved into a headdesk-inducingly awkward but still so incredibly interesting status quo, that sadly requires a bit of attention-span buy-in to get past all the "...!!! *run away*", but in much the same way that learning about Slackware taught me a tonne about Linux (and sed, incidentally, because it was one of the few things that weren't corrupted on the install CD I used, haha) that I wouldn't have known if I hadn't taken everything apart and gone "ok, now maintain this mess", this provides a great hands-on opportunity to learn about network security. (It's kind of amazing everything fits together (and then disappears!) as well as it does.) I'm looking forward to playing around more when I get the chance.

• Is there a privacy respecting alternative to Google Family Link?
  2 projects | reddit.com/r/PrivacyGuides | 29 Nov 2021

  Also, I think those functions that you have written about Game Genie I think could be implemented by another app. It would require some reverse engineering, and some Android app development knowledge, but it could be possible to replace it, I think. If you like to deal with computers, this could be an interesting hobby. If you decide to try it out, some basics: - you need to extract the apk of Game Genie, like with App Manager - then throw it at Jadx (a good java decompiler), and either inspect the source there, or export it to Android Studio.

• Can Tasker decompile an APK file?
  4 projects | reddit.com/r/tasker | 20 Nov 2021
• Awesome CTF : Top Learning Resource Labs
  72 projects | reddit.com/r/TutorialBoy | 13 Nov 2021

  Jadx - Decompile Android files.

• I wrote an open source mod of an Android App
  7 projects | dev.to | 4 Oct 2021

  But before we take a dive into the smali code, let's look at some good ol' Java code. Android byte-code is an optimized form of Java byte-code, which is very easily and reliably decompilable. Don't get me wrong, the result will contain lots of issues and won't be compilable. The tool of choice for Android decompilation is called JADX. Just hand it an apk file and it will produce an entire Android Studio project for you:

• [Tutorial] How to modify APK files for premium features
  3 projects | reddit.com/r/ApksApps | 30 Jun 2021

  jadx - Used to view the Java source code of our APK

• Admob behaving weirdly
  1 project | reddit.com/r/admob | 17 Jun 2021

  1 - Search for this app on a 3rd-party site such as APKPURE. 2 - Download the APK, use JADX to decompile this APK into source code. 3 - Search for the AdMob Ad Unit ID. 4 - Now compare this ID with your app's AdMob IDs. 5 - If you found that person used the same ID as yours, go to AdMob, go to your app, remove all ads on it and create new ads.

• Analysis of ViaWallet
  2 projects | reddit.com/r/handshake | 22 Apr 2021

  Used: mitmproxy/Burp Suite to understand how the api works, and jadx to try to get readable decompiled source code once I knew what to look for and general idea of what to expect/how it works.

• Task >[Run Shell] Action, Commands > Service.
  1 project | reddit.com/r/tasker | 18 Mar 2021

  There are ways, but for me, I find it easy to use the JADX since I can search anything and instantly go to the class it implements or use. It's really confusing to be honest haha. They use other classes to do this and that.