Android安全：dex2jar、jd-gui和AXMLPrinter2

生成Android的apk文件过程中，将Java语言的字节码（.class）转换成Dalvik虚拟机字节码（.dex），d2j-dexjar可以将这个过程可逆，将.dex转换成.class。下面我们就介绍如何反编译一个dex文件，并使用jd-gui反编译.class为java源码并查看： 
一、dex2jar（https://sourceforge.net/p/dex2jar/wiki/Home/） 
Android.dex和java.class文件相关的工具集： 
1.dex-reader/writer：读/写Dalvik可执行文件（.dex）； 
2.d2j-dex2jar：.dex文件转换为.class文件（压缩成jar）； 
3.smail/baksmail：反汇编dex为smail文件，和编译smali文件为dex； 
4.其它的工具：d2j-decrypt-string； 
二、如何反编译一个dex文件 
1.安装JDK（Ubuntu） 

sudo apt-get install openjdk-7-jre

2.从https://sourceforge.net/projects/dex2jar/files/下载dex2jar； 
3.将dex2jar-version.zip解压到一个目录； 

pengchengxiang@ubuntu:/usr/local/bin$ sudo unzip dex2jar-2.0.zip  
Archive:  dex2jar-2.0.zip 
   creating: dex2jar-2.0/ 
 ... ...  
-rw-rw-r-- 1 root           root            836 Oct 27  2014 d2j-std-apk.bat 
-rw-rw-r-- 1 root           root           1088 Oct 27  2014 d2j-std-apk.sh 
drwxrwxrwx 2 root           root           4096 Oct 27  2014 lib 

4.使用dex2jar生成.jar文件，dex2jar将会在工作目录生成一个名为someApk-dex2jar.jar； 

pengchengxiang@ubuntu:~/SecurityWorkSpace/SecurityDemo/app/build/outputs/apk$ sh /usr/local/bin/dex2jar-2.0/d2j-dex2jar.sh app-debug.apk 
dex2jar app-debug.apk -> ./app-debug-dex2jar.jar 
pengchengxiang@ubuntu:~/SecurityWorkSpace/SecurityDemo/app/build/outputs/apk$ ls 
app-debug.apk  app-debug-dex2jar.jar  app-debug-unaligned.apk  app-release 

5.使用反编译器查看源码，如jd-gui（见下章节），JAD，Procyon； 
注意：如果执行输出如下错误： 
sh /usr/local/bin/dex2jar-2.0/d2j-dex2jar.sh app-debug.apk  
/usr/local/bin/dex2jar-2.0/d2j-dex2jar.sh: 36: /usr/local/bin/dex2jar-2.0/d2j-dex2jar.sh: /usr/local/bin/dex2jar-2.0/d2j_invoke.sh: Permission denied 
处理： 
pengchengxiang@ubuntu:/usr/local/bin$ sudo chown -R pengchengxiang dex2jar-2.0 
pengchengxiang@ubuntu:/usr/local/bin$ sudo chgrp -R pengchengxiang dex2jar-2.0 
pengchengxiang@ubuntu:/usr/local/bin$ sudo chmod -R 766 dex2jar-2.0 
6.除了dex文件转换成jar之外，还提供了一些其他的功能，每个功能使用一个bat批处理或sh脚本来包装； 

pengchengxiang@ubuntu:/usr/local/bin/dex2jar-2.0$ ls -al 
total 92 
drwxrw-rw- 3 pengchengxiang pengchengxiang 4096 Oct 27  2014 . 
drwxr-xr-x 3 root           root           4096 Jul 11 10:10 .. 
-rwxrw-rw- 1 pengchengxiang pengchengxiang  834 Oct 27  2014 d2j-baksmali.bat 
-rwxrw-rw- 1 pengchengxiang pengchengxiang 1086 Oct 27  2014 d2j-baksmali.sh 
-rwxrw-rw- 1 pengchengxiang pengchengxiang  837 Oct 27  2014 d2j-dex2jar.bat 
-rwxrw-rw- 1 pengchengxiang pengchengxiang 1089 Oct 27  2014 d2j-dex2jar.sh 
… …  

7.关于其它功能，如：修改一个apk/dex文件，如何将jar转换成dex等，请阅读相关官方文档： 
https://sourceforge.net/p/dex2jar/wiki/Faq/#markdown-header-want-to-read-dex-file-using-dex2jar 
三、jd-gui（http://jd.benow.ca/） 
1.jd-gui是C++开发的Java反编译工具，支持如Windows、Linux和Mac OS多平台； 
2.将jar文件转换成Java源文件，你可以使用他浏览重构源码查看方法、字段； 
3.除了反编译功能之外，还具有强大的搜索功能； 
四、如何反编译查看Java源代码 
1.从官网下载linux版本jd-gui-0.3.5.linux.i686.tar.gz； 
2.解压到指定目录（/usr/local/bin/jd-gui-0.3.5）； 
3.进入到解压目录，执行./jd-gui打开jd-gui工具界面； 
4.File->Open File，选择有dex2jar反编译生成的app-debug-dex2jar.jar，如下图就可以阅读反编译的java源码： 

注意： 
pengchengxiang@ubuntu:/usr/local/bin/jd-gui-0.3.5$ ./jd-gui  
./jd-gui: error while loading shared libraries: libgtk-x11-2.0.so.0: cannot open shared object file: No such file or directory 

处理：sudo apt-get install libgtk2.0-0:i386 libxxf86vm1:i386 libsm6:i386 lib32stdc++6

五、AXMLPrint2 
1.如上所述，使用jd-gui工具查看反编译源码时，并没有AndroidManifest.xml文件。在APK文件中的资源是经过压缩的，解压Apk，用文本编译工具都是乱码（如下图），其以AXML(用于Android设备的一种XML编码格式)格式存在。 
2.AXMLPrint2就是一款可以将AXML转换为可读xml文件的工具； 

六、如何查看AndroidManifest.xml文件 
1.下载AXMLPrinter2.jar（https://code.google.com/archive/p/android4me/downloads）； 
2.从APK文件中解压出AndroidManifest.xml文件； 

pengchengxiang@ubuntu:~/SecurityWorkSpace/SecurityDemo/app/build/outputs/apk$ unzip app-debug.apk -d app-debug 
Archive:  app-debug.apk 
  inflating: app-debug/AndroidManifest.xml   
  inflating: app-debug/res/anim/abc_fade_in.xml   
  ... ... 
  inflating: app-debug/META-INF/CERT.SF   
  inflating: app-debug/META-INF/CERT.RSA   
pengchengxiang@ubuntu:~/SecurityWorkSpace/SecurityDemo/app/build/outputs/apk$ lsapp-debug       
app-debug-dex2jar.jar    app-release 
app-debug.apk  app-debug-unaligned.apk 
pengchengxiang@ubuntu:~/SecurityWorkSpace/SecurityDemo/app/build/outputs/apk$ cd app-debug/ 
pengchengxiang@ubuntu:~/SecurityWorkSpace/SecurityDemo/app/build/outputs/apk/app-debug$ ls 
AndroidManifest.xml  classes.dex  META-INF  res  resources.arsc 

3.使用java -jar AXMLPrinter2.jar AndroidManifest.xml >> AndroidManifest2.xml转码清单文件； 

pengchengxiang@ubuntu:~/SecurityWorkSpace/SecurityDemo/app/build/outputs/apk/app-debug$ cd /usr/local/bin/ 
pengchengxiang@ubuntu:/usr/local/bin$ sudo java -jar AXMLPrinter2.jar /home/pengchengxiang/SecurityWorkSpace/SecurityDemo/app/build/outputs/apk/app-debug/AndroidManifest.xml >> /home/pengchengxiang/SecurityWorkSpace/SecurityDemo/app/build/outputs/apk/app-debug/AndroidManifext2.xml 
pengchengxiang@ubuntu:/usr/local/bin$ cd /home/pengchengxiang/SecurityWorkSpace/SecurityDemo/app/build/outputs/apk/app-debug/ 
pengchengxiang@ubuntu:~/SecurityWorkSpace/SecurityDemo/app/build/outputs/apk/app-debug$ ls 
AndroidManifest.xml   classes.dex  res 
AndroidManifext2.xml  META-INF     resources.arsc 

4.使用gedit查看转码后的清单文件； 

pengchengxiang@ubuntu:~/SecurityWorkSpace/SecurityDemo/app/build/outputs/apk/app-debug$ gedit AndroidManifext2.xml