itsMe Posted August 31, 2023 Share Posted August 31, 2023 This is the hidden content, please Sign In or Sign Up Most reverse engineers mainly use Java decompiler, commercial Dalvik decompiler Jeb, and smali2java to analyze Android APPs. Java decompiler is based on Java bytecode, including JD, JD-GUI, jadx, and others. smali2java is a decompiler based on the Smali code. They have their own shortcomings, such as the Java decompiler depends on the conversion of dex2jar. For complex, obfuscated or packed apks, there is a problem of translation failure. smali2java decompiles Smali code which should be translated from DEX with apktool, so it increases the difficulty and error rate and decreases the speed of manual analysis. In addition, their interaction is poor, which increases the difficulty of manual analysis. Although the commercial Jeb has better interactivity, it is easy to death when analyzing a large-sized APP with the Multidex, and it is very expensive for me… Interactive operation: 1.cross-references for strings, classes, methods and fields; 2.searching for strings, classes methods and fields; 3.comments for java code; 4.rename for methods,fields and classes; 5.save the analysis results in gda db file. … Utilities for Assisted Analysis: 1.extracting DEX from ODEX; 2.extracting DEX from OAT; 3.XML Decoder; 4.algorithm tool; 5.device memory dump; … New features: 1.Brand new dalvik decompiler in c++ with friendly GUI; 2.Support python script 3.packers Recognition; 4.Multi-DEX supporting; 5.making and loading signature of the method 6.Malicious Behavior Scanning by API chains; 7.taint analysis to preview the behavior of variables; 8.taint analysis to trace the path of variables; 9.de-obfuscate; 10.API view with x-ref; 11.Association of permissions with modules; … Changelog v4.09 Fix the issue of condition reversal when there are more than 3 consecutive conditions. Added resource search, supporting resource ID and name search. Add the extraction of referenced resource information and add resource cross-reference and double-click viewing functions. Fix variable name errors caused by register references. Fix a bug in the array initialization decompiling code Fix the bug of length calculation errors during string editing. Fix the issue where method codes of the interface are not displayed. #142 Enhanced decoding ability of XML. Added topping and restoration for the package trees. Add code export function. #141 Improved and expanded search functionality, optimized search algorithms. #140 Fixed a series of crash bugs. This is the hidden content, please Sign In or Sign Up Link to comment Share on other sites More sharing options...
Recommended Posts