Friday, June 1, 2012

decompiling DEX into Java sourcecode

Are there any tools or recipes for turning Android DEX (VM bytecode) files into corresponding Java sourcecode?

Source: Tips4all


  1. first you need a tool called dex2jar ,which is made by a chinese student. it will translate dex to jar file. then you can use jd-gui, the source code is quite readable as dex2jar makes some optimizations.

  2. i'd actually recommend going here:

    it provides BAKSMALI which is a most excellent reverse-engeneering tool for DEX files.
    made by JesusFreke, the guy who created the famos ROMs for Android.

  3. Refer this blog it clearly show decompile process step by step

  4. To clarify somewhat, there are two major paths you might take here depending on what you want to accomplish:

    Decompile the Dalvik bytecode (dex) into readable Java source. You can do this easily with dex2jar and jd-gui, as fred mentions. The resulting source is useful to read and understand the functionality of an app, but will likely not produce 100% usable code. In other words, you can read the source, but you can't really modify and repackage it. Note that if the source has been obfuscated with proguard, the resulting source code will be substantially more difficult to untangle.

    The other major alternative is to disassemble the bytecode to smali, an assembly language designed for precisely this purpose. I've found that the easiest way to do this is with apktool. Once you've got apktool installed, you can just point it at an apk file, and you'll get back a smali file for each class contained in the application. You can read and modify the smali or even replace classes entirely by generating smali from new Java source (to do this, you could compile your .java source to .class files with javac, then convert your .class files to .dex files with Android's dx compiler, and then use baksmali (smali disassembler) to convert the .dex to .smali files, as described in this question. There might be a shortcut here). Once you're done, you can easily package the apk back up with apktool again. Note that apktool does not sign the resulting apk, so you'll need to take care of that just like any other Android application.

    In short, your choices are pretty much either to decompile into Java, which is more readable but likely irreversible, or to disassemble to smali, which is harder to read but much more flexible to make changes and repackage a modified app. Which approach you choose would depend on what you're looking to achieve.

    Lastly, phaeton's suggestion of ded is also of note. I didn't have much luck with a quick attempt compared to the tools above, but it may become more useful in this regard as it continues to evolve.

  5. Since no one mentioned this, there's one more tool: DED homepage

    Install how-to and some explanations: Installation.

    It was used in a quite interesting study of the security of top market apps(not really related, just if you're curious): A Survey of Android Application Security

  6. With Dedexer, you can disassemble the .dex file into dalvik bytecode (.ddx).

    Decompiling towards Java isn't possible as far as I know.
    You can read about dalvik bytecode here.

  7. A more complete version of fred's answer:

    Manual way

    First you need a tool to extract all the (compiled) classes on the DEX to a JAR.
    There's one called dex2jar, which is made by a chinese student.

    Then, you can use jd-gui to decompile the classes on the JAR to source code.
    The resulting source should be quite readable, as dex2jar applies some optimizations.

    Automatic way

    You can use APKTool. It will automaticly extract all the classes (.dex), resources (.asrc), then it will convert binary XML to human-readable XML, and it will also dissassemble the classes for you.

    Just tell APKTool to decode the APK into a directory, then modify what you want,
    and finally encode it back to an APK. That's all.

    Important: APKTool dissassembles. It doesn't decompile.
    The generated code won't be Java source.
    But you should be able to read it, and even edit it if you're familiar with jasmin.
    If you want Java source, please go over the Manual way.

  8. Android Reverse Engineering is possible
    . Follow these steps to get .java file from apk file.

    Step1 . Using dex2jar

    Generate .jar file from .apk file
    command : dex2jar sampleApp.apk

    Step2 . Decompiling .jar using JD-GUI

    it decompiles the .class files i.e., we'll get obfuscated .java back from the apk.

  9. Once you downloaded your APK file , You need to do the following steps to get a editable java code/document.

    1 -> Convert your apk file to zip (while start your download don't go with "save" option , just go with "save as" and mention your extension as .zip) by doing like this you may avoid APKTOOL...

    2 -> Extract the zip file , there you can find somefilename.dex. so now we need to convert dex -> .class

    3 -> To do that, you need "dex2jar"(you can download it from , after extracted, in command prompt you have to mention like, [D:\dex2jar-0.09>dex2jar somefilename.dex] (Keep in mind that your somefilename.dex must be inside the same folder where you have keep your dex2jar.)

    4 -> Download jad from and extract it. Once extracted you can see two files like "jad.exe" and "Readme.txt" (sometimes "jad.txt" may there instead of "jad.exe", so just rename its extension as.exe to run)

    5 -> Finally, in command prompt you have to mention like [D:\jad>jad -sjava yourfilename.class] it will parse your class file into editable java document.


  10. To decompile a DEX file into Java you can use AndroChef Java Decompiler: