The DEX code, as we know, is compiled from Java, which is a pretty semantic, easy-to-read language, and I'm sure some of you are wondering by now whether it's possible to decompile the DEX code back into Java? Well, the good news is that this is possible, of course, depending on the quality of the decompiler you are using and the complexity of the DEX code. This is because unless you understand how the DEX code actually works, you will always be at the mercy of your DEX decompiler. There are many ways to thwart the popular decompilers such as reflection and non-standard DEX opcode variants, so if you're hoping that this recipe means you can call yourself an Android reverse engineer even though you are unable to read the DEX code, you are mistaken!
With that said, most DEX code in Android applications are pretty stock standard, and decompilers, such as the one we are about to use, can handle an average DEX file.
Before we start, you will need to grab a few tools from the Internet.
- Dex2Jar: This is a tool that grabs the DEX files from the APK files and outputs a JAR containing the corresponding class files; you can get this at http://code.google.com/p/dex2jar/. Visit this URL and download the version appropriate for your operating system.
- JD-GUI: This is a Java class file decompiler; you can get this at http://jd.benow.ca/. It has support for Linux, Mac, and Windows.
To decompile a sample DEX file into some Java code, you will need to perform the following steps:
- Let's assume we are starting from either an APK or DEX file. In that case, you would start out by interpreting the DEX files into the Java
CLASSfiles. Here's how you do that withDex2jar:dex2jar [Dex file].dexOr for our running example, you would execute the following statement:
dex2jar Example.dexThe output should look something like the following screenshot:
If you've executed this correctly, you should have a file called
Example_dex2jar.jarin your working or current directory:
- So now that we have our class files, we need to work them back into the Java code.
JD-GUIis the tool that we will be using to sort this out. To launchJD-GUI, all you need to do is execute theJD-GUIexecutable that comes with theJD-GUItool. Here's how you do it from Linux; execute the following command from your terminal:jd-guiIt should spawn a window that looks like the following screenshot:
- Once this window shows up, you can open a class file by clicking on the folder icon; the following file selection dialog box should show up:
Once this dialog box is open, you should navigate to the path with the
Example.classfile we parsed from theExample.dexfile. If you manage to find it,JD-GUIwill display the code as follows:
- You can use
JD-GUIto save the source files; all you need to do is click on the File menu on the toolbar, select Save All Sources, and then provide a directory to save it in: