I am reversing an android app. I want to modify and rebuild it. I used APK Studio (which is pretty much a GUI version of apktool) to get the files inside the apk. Now reading smali code is very difficult.
I also tried to unzip it, get classes.dex, then got the jar files (using dex2jar) and opened it in jd-gui but that method does not get the complete source code and yeah some java code was obviously missing. So I cannot use that to rebuild it.
So any alternate method available which I can use to rebuild the app without having to go through smali code??
I know exactly which class and which code I have to change. But I can't reach the same code in smali files.
The two-step conversion via dex2jar and then decompile the Java class files is known to make problems. The main reason for this is that DEX is a register based architecture where as Java is a stack based architecture. The conversion between both systems is complex and error-prone.
Therefore I prefer a "one-step" decompilation (directly DEX to Java source code) as it is done by Jadx - a Dex to Java decompiler.
Jadx usually can decompile most of the methods. However for very complex methods or methods that were originally not compiled from Java source code the decompilation can fail.
There is no way to decompile the project in 100% right java code. That means you have to adjust/modify a big part of decompiled sources to recompile it back, is almost impossible(or very expensive) to do for big projects.
Best way is to make changes in smali code, it can be easily recompiled back without any troubles. Just invest 1-2 hours to learn smali, is very easy.
Related
I'm looking to write a Java program which will download a Java source file in text format off the web, compile it, load it, and use it as part of the running program. I've heard this is possible, but don't know how to write the code to make it happen. A fully functioning example or tutorial would be great, if you could point me in the direction of documentation such as this.
Once I learn how it's done, I plan to use this knowledge to build an Android Application which can customize itself with code from the web.
A desktop program could use a shell script to download, compile and run a Java program. Android does not have a compiler, and adding one is non-trivial. The easiest way would be to also make a server program. The Android program would then tell the server program to download and compile the Java source code, and then send the result to the Android program, which would then load it using its ClassLoader.
One caveat is that the JDK compiler produces bytecode for the standard Java Virtual Machine, whereas Android's JVM is uses the Dalvik VM, so when you compile the Java class, you can't just use the JDK; you have to use the Android SDK to produce compatible bytecode that the Android ClassLoader can use.
Yes, it's possible in the general sense to do what you want. In the specific case of Android, however, it is likely that the sandbox imposes restrictions that will make what you're trying to do difficult or impossible. To do this in the general case you can use an approach like:
Use a web library of your choosing (for example, HttpClient, or HtmlUnit, or for simple tasks, Java's built-in URLConnection class is entirely acceptable as well) to download the Java file locally.
Use System.exec() to fork a javac process to compile the downloaded Java file for you (or use a JavaCompiler implementation to do the same). Note that this might be a bit tricky if the downloaded Java file uses external JAR's/libraries that aren't on your system.
Use the ClassLoader to load your compiled class. Note that you'll only be able to use it if your runtime classpath also includes any external JAR's/libraries that the code you're loading in relies upon.
However, step #2 will almost certainly not be possible on an Android device. Instead you'd need to compile Android-compatible class files somewhere else (like on a server, as Yusuf suggests), and then download and load the compiled class files from your app. Or, if you're really looking for a challenge, perhaps you could package a full Java compiler in your app, and compile the Java file(s) that way.
What you are trying to do is something similar to either the JRuby-for-Android project or AIDE both of which builds on device, but only in the case of creating apps to be run on Android as opposed to adding code functionality to an currently running app. While JRuby-for-Android is more for scripting, it may provide enough functionality as it is open source and you may be able to modify it to fit your needs.
The AIDE project appears to be more of an achievement as you can write in Java on device to build an app. Features include Dropbox and git support. AIDE appears to be a closed-source app.
Permissions will be a problem. You can't write files to the partition where the app is installed. Maybe you can if you move the app to the SD card.
An alternative is to create a custom classloader and use that to feed class files to the runtime. I don't know if you can do that on Android.
Is scripting an option? I'm sure you can find a scripting interpreter for Android. Then you can download and execute the script in the interpreter.
My main problem is that i have some class files from a game where i wan't to edit/modify parts of it
What would be the easiest way to achieve this ?
Decompiling the whole code and recompiling is not an option unless you have some decompiler that doesn't cause errors in the source code, as i do not wish to spend time fixing them.
Best regards
A solution could be the use of bytecode manipulators like ASM or BCEL. They both provide an API to load a class file, change part of it and save it. ASM has the advantage to be able to do this during runtime.
You can also use the Krakatau disassembler/assembler I wrote. The disassembler turns a class file into a human readable (well readable if you understand bytecode anyway) format, which you can then edit and reassemble. This is useful if you want to view and edit the classfiles by hand, where writing a bunch of library calls and then compiling and running a program just to use ASM or BCEL is rather unwieldy.
Krakatau also has a decompiler specifically designed to handle obfuscated classes, so it may be able to produce valid source code even when no other decompiler can. Of course if the class is obfuscated, the generated source will probably still be unreadable.
I have created a plugin project in Eclipse, distributed as a jar.
The user can take this jar and decompile it using JAD.
Is there any way so that i can stop the decompilation of a jar file?
Or, at least, to hide my source code from the user?
The best way to stop your jar from being decompiled is to give users no reason to want to. Obfuscation is just a bandaid. In fact, some people will probably reverse it just for the challenge if it's famous enough.
If you don't insert your source code in the jar, your sourcecode isn't what is decompiled by a decompiler, but something similar.
However, you may use an obfuscator to make code decompilation produce very ugly code like Proguard.
ProGuard is a free Java class file shrinker, optimizer, obfuscator,
and preverifier. It detects and removes unused classes, fields,
methods, and attributes. It optimizes bytecode and removes unused
instructions. It renames the remaining classes, fields, and methods
using short meaningless names. Finally, it preverifies the processed
code for Java 6 or for Java Micro Edition.
Search for other products with the term obfuscator.
I require a source code obfuscator for Java that is working on windows 7.
Because I plan to release a closed source library in GWT it really has to be an obfuscator that outputs source and does not process ready to use .class files. The result files need to be .java files.
The only obfuscator that is Java-to-Java instead of .class as a result is Java Source Code Obfuscator from Semantic Design.
But sadly it seems this one does not work on Windows 7.
What about compile it into class files with all the debugging symbols stripped and then run a decompiler on the resulting class files? Example decompiler
Despite the existence of some quality work out there, I assure you Java obfuscation will NOT stop someone who is determined to decompile your code. Understand that all you are buying is a bit of time. If they have your class files in hand and choose to decompile them, it won't take long before they have your source code.
If you don't trust your customer, don't give them the class files. Come up with a different solution. More and more companies are moving to services as a way to keep their source code in house and still make their monies.
Most Java source codes are self obfuscated, nobody can understand them.
There are no effective obfuscators, the silly things they do do not deter anyone determined to steal your code. This is a false market based on false fears. If the threats were real, there will be de-obfuscators, selling for much higher price than obfuscators.
If you really want to obfuscate your code, don't use meaningless symbols, use misleading symbols.
So, I've been programming for a while now, but since I haven't worked on many larger, modular projects, I haven't come across this issue before.
I know what a .dll is in C++, and how they are used. But every time I've seen similar things in Java, they've always been packaged with source code. For instance, what would I do if I wanted to give a Java library to someone else, but not expose the source code? Instead of the source, I would just give a library as well as a Javadoc, or something along those lines, with the public methods/functions, to another programmer who could then implement them in their own Java code.
For instance, if I wanted to create a SAX parser that could be "borrowed" by another programmer, but (for some reason--can't think of one in this specific example lol) I don't want to expose my source. Maybe there's a login involved that I don't want exploited--I don't know.
But what would be the Java way of doing this? With C++, .dll files make it much easier, but I have never run into a Java equivalent so far. (I'm pretty new to Java, and a pretty new "real-world" programmer, in general as well)
Java .jar library is the Java equivalent of .dll, and it also has "Jar hell", which is the Java version of "dll hell"
http://en.wikipedia.org/wiki/JAR_(file_format)
Google JAR files.
Edit: Wikipedia sums it up nicely: http://en.wikipedia.org/wiki/JAR_%28file_format%29
Software developers generally use .jar files to distribute Java applications or libraries...
A jar is just a uncompressed zip of your classes. All classes can be easily decompiled and viewed. If you really don't want to share your code, you might want to look at obfuscating your code.
The Java analog to a DLL is the .jar file, which is a zip file containing a bunch of Java .class files and (perhaps) other resources. See Sun's, er, Oracle's documentation.
Java's simple moto 'Write Once, Run anywhere'. create your all java classes as jar file but there are possibilities that still some one can see the Java code by using Decompilers. To prevent someone really looking at your code then Obfuscate the jar using the below link.
Java Obfuscation
You could publish a collection of compiled *.class files.
The most common way to package up Java code is to use a ".jar" file. A .jar file is basically just a .zip file.
To distribute just your compiled code, you'll want to build a .jar that contains your .class files. If you want to additionally distribute the source code, you can include the .java files in a separate area of the .jar.
There are a lot of tools and tutorials out there that explain how to build a .jar.
Technically, you can compile Java bytecode down to native code and create a conventional DLL or shared library using an Ahead-Of-Time compiler.
However, that DLL would need the Java runtime specific to the AOT compiler, and two Java runtimes may not coexist in one process. Also, one would have to employ JNI to make any use of that DLL.
Unfortunately, obfuscation has too many weaknesses...
your tittle doesn't match your comment....
simple have a source jar and a code jar. but, as other people pointed out you can obfuscate the code if you don't want people to read it, it's a pain for other people using your library as they would need the mappings in order to compile and the obfuscator.
A dll is a shared library (from what I read gets instantiated one time across multiple processes)
A jar is a shared library (code gets instantiated per process from the same file)
So to answer your title question there doesn't appear to be one built into java. A library could be made and then supported on all 3 major os's to have a dll equivalent version in java. But, the reason why java made it a new instance per program is for security / sanity reasons. there are custom class loaders, asm and reflection that other programs can modify the classes on load. So if your program does any of these things it could mess up other processes.
You don't have to distribute your source code. You can distribute compiled .class files, which contain human-unreadable bytecode. You can bundle them into .jar files, which are just zip files, and are roughly Java equivalent of native .dll files.
Note taht .class files can be easily decompiled (although decompilers cannot recover 100% of information from sources). To make decompilation more difficult, you can use obfuscator to make sources much less legible.