smali | dex format used by dalvik, Android's Java VM implementation

by JesusFreke Java Version: v2.0b6 License: No License

Download this library from

kandi X-RAY | smali Summary

smali is a Java library. smali has no bugs, it has no vulnerabilities, it has build file available and it has high support. You can download it from GitHub, Maven.

smali/baksmali is an assembler/disassembler for the dex format used by dalvik, Android's Java VM implementation. The syntax is loosely based on Jasmin's/dedexer's syntax, and supports the full functionality of the dex format (annotations, debug info, line info, etc.).

Support

Quality

Security

License

Reuse

kandi-support Support

smali has a highly active ecosystem.
It has 5072 star(s) with 958 fork(s). There are 283 watchers for this library.
It had no major release in the last 12 months.
There are 115 open issues and 601 have been closed. On average issues are closed in 58 days. There are 6 open pull requests and 0 closed requests.
It has a negative sentiment in the developer community.
The latest version of smali is v2.0b6

smali Support

Best in #Java

Average in #Java

smali Support

Best in #Java

Average in #Java

quality kandi Quality

smali has 0 bugs and 0 code smells.

smali Quality

Best in #Java

Average in #Java

smali Quality

Best in #Java

Average in #Java

security Security

smali has no vulnerabilities reported, and its dependent libraries have no vulnerabilities reported.
smali code analysis shows 0 unresolved vulnerabilities.
There are 0 security hotspots that need review.

smali Security

Best in #Java

Average in #Java

smali Security

Best in #Java

Average in #Java

license License

smali does not have a standard license declared.
Check the repository for any license declaration and review the terms closely.
Without a license, all rights are reserved, and you cannot use the library in your applications.

smali License

Best in #Java

Average in #Java

smali License

Best in #Java

Average in #Java

build Reuse

smali releases are available to install and integrate.
Deployable package is available in Maven.
Build file is available. You can build the component from source.
smali saves you 43712 person hours of effort in developing the same functionality from scratch.
It has 51579 lines of code, 4930 functions and 743 files.
It has medium code complexity. Code complexity directly impacts maintainability of the code.

smali Reuse

Best in #Java

Average in #Java

smali Reuse

Best in #Java

Average in #Java

Top functions reviewed by kandi - BETA

kandi has reviewed smali and discovered the below as its top functions. This is intended to give you an instant insight into smali implemented functionality, and help decide if they suit your requirements.

Analyze an instruction .
Test a list of instructions .
Write code item .
Formats a command hierarchy into a string .
Returns the set of set registers .
Replies the default boot class path for the given dex entry .
Make a SectionItemAnnotator for the CDex .
Converts an instruction to the given instruction .
Annotate this annotated with the specified message .
Determine the bounding bounds of the try block to use .

smali Key Features

github Issue tracker - For any bugs/issues/feature requests

#smali on freenode - Free free to drop by and ask a question. Don't expect an instant response, but if you hang around someone will respond.

Official dex bytecode reference

Registers wiki page

Types, Methods and Fields wiki page

Official dex format reference

smali Examples and Code Snippets

See all related Code Snippets

Smali moveTaskToBack

Copy

Download

java -jar apktool.jar d <file-to-decompile.apk>

const/4 v0, 0x0
invoke-virtual {p0, v0}, Landroid/androapp/Main;->moveTaskToBack(Z)Z

java -jar apktool.jar b <directory created by apktool>

-----------------------

java -jar apktool.jar d <file-to-decompile.apk>

const/4 v0, 0x0
invoke-virtual {p0, v0}, Landroid/androapp/Main;->moveTaskToBack(Z)Z

java -jar apktool.jar b <directory created by apktool>

-----------------------

java -jar apktool.jar d <file-to-decompile.apk>

const/4 v0, 0x0
invoke-virtual {p0, v0}, Landroid/androapp/Main;->moveTaskToBack(Z)Z

java -jar apktool.jar b <directory created by apktool>

How to prevent the detection of fake GPS?

Copy

Download

invoke-virtual {p1}, Landroid/location/Location;->isFromMockProvider()Z
move-result v1

if-eqz v1, :cond_1e   // if v1==0 GOTO cond_1e

-----------------------

invoke-virtual {p1}, Landroid/location/Location;->isFromMockProvider()Z
move-result v1

if-eqz v1, :cond_1e   // if v1==0 GOTO cond_1e

Why APK could not be installed after Smali patching?

Copy

Download

# 1) Install the original APK file
adb install original.apk

# 2) Decode the original APK file, decompiling into Smali
apktool decode --output original original.apk

# 3) Apply the logic patch
patch -p1 < switch.patch

# 4) Rebuild an APK file with the patch
apktool build --output rebuilt.apk original

# 5) Sign the rebuilt APK file
jarsigner -keystore keystore -storepass password rebuilt.apk key0

# 6) Attempt installation of the rebuilt APK file
adb install -r rebuilt.apk

# 1) Install the original APK file
adb install original.apk

# 2) Decode the original APK file, decompiling into Smali
apktool decode --output original original.apk

# 3) Apply the logic patch
patch -p1 < switch.patch

# 4) Rebuild an APK file with the patch
apktool build --output rebuilt.apk original

# 5) Sign the rebuilt APK file
jarsigner -keystore keystore -storepass password rebuilt.apk key0

# 6) Create an aligned APK file
zipalign 4 rebuilt.apk rebuilt-aligned.apk

# 7) Attempt installation of the rebuilt APK file
adb install -r rebuilt-aligned.apk

# 1) Install the original APK file
adb install original.apk

# 2) Decode the original APK file, decompiling into Smali
apktool decode --output original original.apk

# 3) Apply the logic patch
patch -p1 < switch.patch

# 4) Rebuild an APK file with the patch
apktool build --output rebuilt.apk original

# 5) Create an aligned APK file
zipalign 4 rebuilt.apk rebuilt-aligned.apk

# 6) Sign the rebuilt APK file
apksigner sign --ks keystore --ks-pass pass:password rebuilt-aligned.apk

# 7) Attempt installation of the rebuilt APK file
adb install -r rebuilt-aligned.apk

-----------------------

# 1) Install the original APK file
adb install original.apk

# 2) Decode the original APK file, decompiling into Smali
apktool decode --output original original.apk

# 3) Apply the logic patch
patch -p1 < switch.patch

# 4) Rebuild an APK file with the patch
apktool build --output rebuilt.apk original

# 5) Sign the rebuilt APK file
jarsigner -keystore keystore -storepass password rebuilt.apk key0

# 6) Attempt installation of the rebuilt APK file
adb install -r rebuilt.apk

# 1) Install the original APK file
adb install original.apk

# 2) Decode the original APK file, decompiling into Smali
apktool decode --output original original.apk

# 3) Apply the logic patch
patch -p1 < switch.patch

# 4) Rebuild an APK file with the patch
apktool build --output rebuilt.apk original

# 5) Sign the rebuilt APK file
jarsigner -keystore keystore -storepass password rebuilt.apk key0

# 6) Create an aligned APK file
zipalign 4 rebuilt.apk rebuilt-aligned.apk

# 7) Attempt installation of the rebuilt APK file
adb install -r rebuilt-aligned.apk

# 1) Install the original APK file
adb install original.apk

# 2) Decode the original APK file, decompiling into Smali
apktool decode --output original original.apk

# 3) Apply the logic patch
patch -p1 < switch.patch

# 4) Rebuild an APK file with the patch
apktool build --output rebuilt.apk original

# 5) Create an aligned APK file
zipalign 4 rebuilt.apk rebuilt-aligned.apk

# 6) Sign the rebuilt APK file
apksigner sign --ks keystore --ks-pass pass:password rebuilt-aligned.apk

# 7) Attempt installation of the rebuilt APK file
adb install -r rebuilt-aligned.apk

-----------------------

# 1) Install the original APK file
adb install original.apk

# 2) Decode the original APK file, decompiling into Smali
apktool decode --output original original.apk

# 3) Apply the logic patch
patch -p1 < switch.patch

# 4) Rebuild an APK file with the patch
apktool build --output rebuilt.apk original

# 5) Sign the rebuilt APK file
jarsigner -keystore keystore -storepass password rebuilt.apk key0

# 6) Attempt installation of the rebuilt APK file
adb install -r rebuilt.apk

# 1) Install the original APK file
adb install original.apk

# 2) Decode the original APK file, decompiling into Smali
apktool decode --output original original.apk

# 3) Apply the logic patch
patch -p1 < switch.patch

# 4) Rebuild an APK file with the patch
apktool build --output rebuilt.apk original

# 5) Sign the rebuilt APK file
jarsigner -keystore keystore -storepass password rebuilt.apk key0

# 6) Create an aligned APK file
zipalign 4 rebuilt.apk rebuilt-aligned.apk

# 7) Attempt installation of the rebuilt APK file
adb install -r rebuilt-aligned.apk

# 1) Install the original APK file
adb install original.apk

# 2) Decode the original APK file, decompiling into Smali
apktool decode --output original original.apk

# 3) Apply the logic patch
patch -p1 < switch.patch

# 4) Rebuild an APK file with the patch
apktool build --output rebuilt.apk original

# 5) Create an aligned APK file
zipalign 4 rebuilt.apk rebuilt-aligned.apk

# 6) Sign the rebuilt APK file
apksigner sign --ks keystore --ks-pass pass:password rebuilt-aligned.apk

# 7) Attempt installation of the rebuilt APK file
adb install -r rebuilt-aligned.apk

Is there a way to decompile multiple android apk at the same time?

Copy

Download

cd directory_with_apks
find . -iname "*.apk" -exec apktool d -o {}_out {} \;

ApkTool splits java files in to multiple files

Copy

Download

package Abc;

class Foo {
  class Bar {}
}

Antlr4 parser ends prematurely on misplaced token in Python 3.7

Copy

Download

parse
 : expression
 ;

expression
 : expression '+' expression
 | NUMBER
 ;

parse
 : expression EOF
 ;

-----------------------

parse
 : expression
 ;

expression
 : expression '+' expression
 | NUMBER
 ;

parse
 : expression EOF
 ;

Q: Does this smali class decrypt data? what encryption is it using?

Copy

Download

import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.SecretKeySpec;
import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.Paths;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;

public class SimpleDecryption {
    public static void main(String[] args) throws InvalidKeyException, NoSuchPaddingException, NoSuchAlgorithmException, IOException, BadPaddingException, IllegalBlockSizeException {
        System.out.println("Simple decryption method for\n" +
                "https://stackoverflow.com/questions/140131/convert-a-string-representation-of-a-hex-dump-to-a-byte-array-using-java");
        String filename = "cipher.dat";
        byte[] fixedKey = hexStringToByteArray("e409c02fb48745a14f5e1c03e3c6f0ca");
        Cipher aesCipher = Cipher.getInstance("AES/ECB/PKCS5PADDING");
        SecretKeySpec secretKeySpec = new SecretKeySpec(fixedKey, "AES");
        aesCipher.init(Cipher.DECRYPT_MODE, secretKeySpec);
        System.out.println("decrypted text: " + new String(aesCipher.doFinal(Files.readAllBytes(Paths.get(filename))),"UTF-8"));
    }
    public static byte[] hexStringToByteArray(String s) {
        int len = s.length();
        byte[] data = new byte[len / 2];
        for (int i = 0; i < len; i += 2) {
            data[i / 2] = (byte) ((Character.digit(s.charAt(i), 16) << 4)
                    + Character.digit(s.charAt(i + 1), 16));
        }
        return data;
    }
}

Simple decryption method for
https://stackoverflow.com/questions/140131/convert-a-string-representation-of-a-hex-dump-to-a-byte-array-using-java
decrypted text: This text needs to get encrypted

-----------------------

import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.SecretKeySpec;
import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.Paths;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;

public class SimpleDecryption {
    public static void main(String[] args) throws InvalidKeyException, NoSuchPaddingException, NoSuchAlgorithmException, IOException, BadPaddingException, IllegalBlockSizeException {
        System.out.println("Simple decryption method for\n" +
                "https://stackoverflow.com/questions/140131/convert-a-string-representation-of-a-hex-dump-to-a-byte-array-using-java");
        String filename = "cipher.dat";
        byte[] fixedKey = hexStringToByteArray("e409c02fb48745a14f5e1c03e3c6f0ca");
        Cipher aesCipher = Cipher.getInstance("AES/ECB/PKCS5PADDING");
        SecretKeySpec secretKeySpec = new SecretKeySpec(fixedKey, "AES");
        aesCipher.init(Cipher.DECRYPT_MODE, secretKeySpec);
        System.out.println("decrypted text: " + new String(aesCipher.doFinal(Files.readAllBytes(Paths.get(filename))),"UTF-8"));
    }
    public static byte[] hexStringToByteArray(String s) {
        int len = s.length();
        byte[] data = new byte[len / 2];
        for (int i = 0; i < len; i += 2) {
            data[i / 2] = (byte) ((Character.digit(s.charAt(i), 16) << 4)
                    + Character.digit(s.charAt(i + 1), 16));
        }
        return data;
    }
}

Simple decryption method for
https://stackoverflow.com/questions/140131/convert-a-string-representation-of-a-hex-dump-to-a-byte-array-using-java
decrypted text: This text needs to get encrypted

Frida: Replace string literal in class method

Copy

Download

Java.perform(function() {
  var ObfuscatedClass = Java.use('o.bdq$if');
  ObfuscatedClass.ॱ.implementation = function(string, stringArray) { // replace original implementation
    var modifiedStringArray = ...; // do your stuff with the stringArray that contains your hash
    return this.ॱ(string, modifiedStringArray); // call original method with modified string array containing new hash
  }
});

frida：java.lang.ClassCastException: java.lang.Object[] cannot be cast to android.content.Intent[]

Copy

Download

Java.perform(function () {
    Java.use('com.xxx.xxx.processManager.g').doInBackground.overload('[Ljava.lang.Object;').implementation = function (objectArray) {
        return this.a.overload('[Landroid.content.Intent;').call(this, intentArray); 
    }
})

Frida - access to a class attribute that has the desired type

Copy

Download

const eaxe = Java.use("e.a.x.e");
for (f of eaxe.class.getDeclaredFields()) {
    if (f.getType().getName() == "e.a.x.e") {
        f.setAccessible(true);
        var fieldValue = f.get(this);
        console.log("Field of type e.a.x.e has value: " + fieldValue);
    }
}

-----------------------

var lo_fld_eaxe;
var lv_found = false;
var lt_fields = this.getClass().getDeclaredFields();
for (var i = 0; i < lt_fields.length && lv_found == false; i++) {
    if(lt_fields[i].getName().toString() == 'a' &&  lt_fields[i].getType().getName().toString() == 'e.a.x.e' ){
       lo_fld_eaxe = lt_fields[i];
       lv_found = true; 
  }
}
if(lv_found == true) {
   lo_fld_eaxe.setAccessible(true);
   try{ 
          var       lv_e_a_x_e = lo_fld_eaxe.get(this);   
   }
   catch(err){
          console.log("Error:"+err);
   }
 }

See all related Code Snippets

Community Discussions

Trending Discussions on smali

Smali moveTaskToBack
how to locate the register problem in Android after modifying some smali code of an APK?
How to get dex file from apk when using v2 signature?
How to prevent the detection of fake GPS?
Why APK could not be installed after Smali patching?
Smali - lots of "move-object"
Android Device Monitor / DDMS does not show threads from device
Is it possible to analyze dex file directly with mobsf?
Is there a way to decompile multiple android apk at the same time?
How do i work with .smali files to easily understand and modify Codes?

Trending Discussions on smali

QUESTION

Smali moveTaskToBack

Asked 2022-Mar-25 at 10:28

I just started in smali and I'm trying to add moveTaskToBack(true) in main activity (smali) but I don't know how to convert it.

Btw here's what I tried:

invoke-virtual {p0, v0}, Landroid/androapp/Main;->moveTaskToBack(Z)Z

ANSWER

Answered 2022-Mar-25 at 10:28

Use apktool to decompile

java -jar apktool.jar d <file-to-decompile.apk>

Then edit the smali file where you want to insert the code.

But you have to make sure that at the point where you insert the code v0 already contains the value 1 for true, or you have to set it to 1 but then make sure v0 does not contain a value that is used later:

const/4 v0, 0x0
invoke-virtual {p0, v0}, Landroid/androapp/Main;->moveTaskToBack(Z)Z

Afterwards rebuild the app using apktool.

java -jar apktool.jar b <directory created by apktool>

If apktool succeeds you find the generated apk file in the dist/ subdirectory.

Depending on the APK file that is modified you may have to align the apk using zipalign 4 <modified apk file> or zipalign -p 4 <modified apk file> (the latter has to be used in case the app defines extractNativeLibs=false in it's AndroidManifest.xml).

Now you have to resign the apk using e.g. apksigner for Android SDK.

Source https://stackoverflow.com/questions/71599987

QUESTION

How to prevent the detection of fake GPS?

Asked 2021-Oct-09 at 11:54

I found an app that detects Location spoofing and returns a warning screen. [1]: https://i.stack.imgur.com/qbhuU.jpg Then I tried to reverse engineer the app and remove the function isFromMockProvider()which checks whether the Location data is from a Mock location provider or not. I found these lines of code from a smali file

method public onLocationChanged(Landroid/location/Location;)V
.registers 10
.annotation build Landroidx/annotation/RequiresApi;
    api = 0x12
.end annotation

const-string v0, "0"

.line 1
invoke-virtual {p1}, Landroid/location/Location;->isFromMockProvider()Z

move-result v1

const-string v2, "IS_MOCK"

const-string v3, "LIVE_TRACKING_MOCK_LOCATION"

if-eqz v1, :cond_1e

.line 2
new-instance p1, Landroid/content/Intent;

invoke-direct {p1, v3}, Landroid/content/Intent;-><init>(Ljava/lang/String;)V

const-string v0, "false"

.line 3
invoke-virtual {p1, v2, v0}, Landroid/content/Intent;->putExtra(Ljava/lang/String;Ljava/lang/String;)Landroid/content/Intent;

.line 4
invoke-static {p0}, Landroidx/localbroadcastmanager/content/LocalBroadcastManager;->getInstance(Landroid/content/Context;)Landroidx/localbroadcastmanager/content/LocalBroadcastManager;

move-result-object v0

invoke-virtual {v0, p1}, Landroidx/localbroadcastmanager/content/LocalBroadcastManager;->sendBroadcast(Landroid/content/Intent;)Z

return-void

.line 5
:cond_1e
new-instance v1, Landroid/content/Intent;

invoke-direct {v1, v3}, Landroid/content/Intent;-><init>(Ljava/lang/String;)V

const-string v3, "false"

what changes have to be made here to prevent the detection of mock location?

ANSWER

Answered 2021-Oct-09 at 11:54

The calls

invoke-virtual {p1}, Landroid/location/Location;->isFromMockProvider()Z
move-result v1

returns 1 (true) if a mock provider is used and 0 otherwise. The result is stored in v1.

Later the value is used for a conditional branch in

if-eqz v1, :cond_1e   // if v1==0 GOTO cond_1e

So only if there is no mock provider used (v1=0) it jumps to a special code part. Otherwise it continues with a code part that handles the mock location which is most likely what you don't want.

So you have to tweak that check and for doing so you have two possibilities:

Overwrite v1 with 0 before the check, e.g. via the command const/4 v1, 0x0
Replace the conditional branch if-eqz v1, :cond_1e with a non-conditional goto :cond_1e so it doesn't matter what value v1 has.

Source https://stackoverflow.com/questions/69499952

QUESTION

Why APK could not be installed after Smali patching?

Asked 2021-Sep-01 at 11:58

Here is the TestClass and MainActivity.

In order to always show the Toast, I changed TestClass constructor using smali patching to following:

but after compiling and signing, the new patched apk could not be installed.

where is the problem??

Here is the patching code:

iput-boolean p1, p0, Lcom/example/test1/TestClass;->testB:Z

if-nez p1, :cond_0

const/4 p1, 0x1

iput-boolean p1, p0, Lcom/example/test1/TestClass;->testB:Z

:cond_0

This is the LOGCAT during installation:

1772  1772 D AndroidRuntime: >>>>>> START com.android.internal.os.RuntimeInit uid 0 <<<<<<

1772  1772 D AndroidRuntime: CheckJNI is OFF

1772  1772 D ICU     : No timezone override file found: /data/misc/zoneinfo/current/icu/icu_tzdata.dat

1772  1772 E memtrack: Couldn't load memtrack module (No such file or directory)

1772  1772 E android.os.Debug: failed to load memtrack module: -2

1772  1772 I Radio-JNI: register_android_hardware_Radio DONE

1772  1772 D AndroidRuntime: Calling main entry com.android.commands.pm.Pm

1594  1606 D DefContainer: Copying /data/local/tmp/app-release_SIGNED_UNALIGNED.apk to base.apk

 637   662 D NativeLibraryHelper: Library 'libtoolChecker.so' is not page-aligned - will not be able to open it directly from apk.

 637   662 W NativeHelper: Failure copying native libraries [errorCode=-2]

 637   662 I art     : Starting a blocking GC Explicit

 637   662 I art     : Explicit concurrent mark sweep GC freed 34438(1881KB) AllocSpace objects, 2(40KB) LOS objects, 33% free, 6MB/9MB, paused 267us total 14.270ms

1772  1772 I art     : System.exit called, status: 1

1772  1772 I AndroidRuntime: VM exiting with result code 1.

ANSWER

Answered 2021-Sep-01 at 11:58

Short answer

Align the APK file using zipalign and (if not already) sign using apksigner which handles the v2 signature, an additional requirement.

Long answer

There are two mentions of alignment in your logcat, which strongly suggests that your APK file is not aligned. Since Android 11, there is a requirement that the APK file contains an uncompressed resources.asrc file, which is aligned to 4 bytes in the file.

Replicating the issue via ADB, I used the following:

# 1) Install the original APK file
adb install original.apk

# 2) Decode the original APK file, decompiling into Smali
apktool decode --output original original.apk

# 3) Apply the logic patch
patch -p1 < switch.patch

# 4) Rebuild an APK file with the patch
apktool build --output rebuilt.apk original

# 5) Sign the rebuilt APK file
jarsigner -keystore keystore -storepass password rebuilt.apk key0

# 6) Attempt installation of the rebuilt APK file
adb install -r rebuilt.apk

which results in the following error:

adb: failed to install rebuilt.apk: Failure [-124: Failed parse during installPackageLI: Targeting R+ (version 30 and above) requires the resources.arsc of installed APKs to be stored uncompressed and aligned on a 4-byte boundary]

My first thought was to simply use zipalign after using jarsigner to sign the APK like so:

# 1) Install the original APK file
adb install original.apk

# 2) Decode the original APK file, decompiling into Smali
apktool decode --output original original.apk

# 3) Apply the logic patch
patch -p1 < switch.patch

# 4) Rebuild an APK file with the patch
apktool build --output rebuilt.apk original

# 5) Sign the rebuilt APK file
jarsigner -keystore keystore -storepass password rebuilt.apk key0

# 6) Create an aligned APK file
zipalign 4 rebuilt.apk rebuilt-aligned.apk

# 7) Attempt installation of the rebuilt APK file
adb install -r rebuilt-aligned.apk

However, this resulted in the following error:

adb: failed to install rebuilt-aligned.apk: Failure [INSTALL_PARSE_FAILED_NO_CERTIFICATES: Scanning Failed.: No signature found in package of version 2 or newer for package au.com.msbit.a68855123]

This then indicated that there was another requirement with Android 11; that the APK files be signed with the v2 signature scheme, which requires apksigner. Putting both those together, something like the following works:

# 1) Install the original APK file
adb install original.apk

# 2) Decode the original APK file, decompiling into Smali
apktool decode --output original original.apk

# 3) Apply the logic patch
patch -p1 < switch.patch

# 4) Rebuild an APK file with the patch
apktool build --output rebuilt.apk original

# 5) Create an aligned APK file
zipalign 4 rebuilt.apk rebuilt-aligned.apk

# 6) Sign the rebuilt APK file
apksigner sign --ks keystore --ks-pass pass:password rebuilt-aligned.apk

# 7) Attempt installation of the rebuilt APK file
adb install -r rebuilt-aligned.apk

As noted in the documentation for apksigner, it must be run after any modifications have been made to the APK file, so, as opposed to the order when using jarsigner, zipalign must be run before apksigner.

Source https://stackoverflow.com/questions/68855123

QUESTION

Is it possible to analyze dex file directly with mobsf?

Asked 2021-Feb-03 at 22:37

I have several dex files that needs to be statically analyzed by mobsf after unpacking the apk file because core code are inaccessible prior to unpacking.

What I've tried: Adding Line 3 and changing line 4 from glob_pattern = app_dir + *.dex' to glob_pattern = ddex_dir

def get_dex_files(app_dir):
    """Get all Dex Files for analysis."""
    ddex_dir = "C:/path/Sample/dexfilepath/"
    glob_pattern = app_dir + '*.dex'
    return glob.glob(glob_pattern)

I know it's naïve approach but I'm really new into pentesting.

A portion of the error code:

[INFO] 08/Jan/2021 11:49:08 - Decompiling to Java with jadx
[INFO] 08/Jan/2021 11:49:30 - DEX -> SMALI
[INFO] 08/Jan/2021 11:49:30 - Converting 10046944_dexfile_execute.dex to Smali Code
[INFO] 08/Jan/2021 11:49:30 - Converting 10152568_dexfile_execute.dex to Smali Code
[INFO] 08/Jan/2021 11:49:30 - Converting 10247328_dexfile_execute.dex to Smali Code
[INFO] 08/Jan/2021 11:49:30 - Converting 10286360_dexfile_execute.dex to Smali Code
[INFO] 08/Jan/2021 11:49:30 - Converting 10453796_dexfile_execute.dex to Smali Code
[INFO] 08/Jan/2021 11:49:30 - Converting 1272952_dexfile_execute.dex to Smali Code
[INFO] 08/Jan/2021 11:49:30 - Converting 1349780_dexfile_execute.dex to Smali Code
[INFO] 08/Jan/2021 11:49:30 - Converting 13539468_dexfile_execute.dex to Smali Code
[INFO] 08/Jan/2021 11:49:30 - Converting 3046356_dexfile_execute.dex to Smali Code
[INFO] 08/Jan/2021 11:49:31 - Converting 3261832_dexfile.dex to Smali Code
[INFO] 08/Jan/2021 11:49:31 - Converting 3261832_dexfile_execute.dex to Smali Code
[INFO] 08/Jan/2021 11:49:31 - Converting 359592_dexfile_execute.dex to Smali Code
[INFO] 08/Jan/2021 11:49:31 - Converting 5068284_dexfile_execute.dex to Smali Code
[INFO] 08/Jan/2021 11:49:31 - Converting 8294920_dexfile.dex to Smali Code
Lcom/qinggan/ftp/library/ftp/QGFTPServer$MyFtplet;->onConnect(Lorg/apache/ftpserver/ftplet/FtpSession;)Lorg/apache/ftpserver/ftplet/FtpletResult;: Invalid debug offset
Lcom/qinggan/ftp/library/socket/message/QGP2PMessageBase;->obtainHead(I)Ljava/lang/String;: Invalid debug offset
Lcom/qinggan/ftp/library/socket/message/QGP2PMessageServer$1;->run()V: Invalid debug offset
Lcom/qinggan/ftp/library/socket/message/QGP2PMessageClient$1;->run()V: Invalid debug offset
Lcom/qinggan/keepalive/GuardService;->getServiceIntent()Landroid/content/Intent;: Invalid debug offset
Lcom/qinggan/ftp/library/socket/message/QGP2PMessageClient;->closeSelf()V: Invalid debug offset
[INFO] 08/Jan/2021 11:49:32 - Converting 8294920_dexfile_execute.dex to Smali CodeLcom/qinggan/app/arielapp/ArielApplication$16;->insert(Ljava/util/List;)V: Invalid debug offset
Lcom/qinggan/ftp/library/ftp/QGFTPClient$2;->run()V: Invalid debug offset
Lcom/qinggan/app/arielapp/ArielApplication$11;->clearUserCache()V: Invalid debug offset
Lcom/qinggan/ftp/library/socket/message/QGP2PMessageServer;->dispatchMessage(Lcom/qinggan/ftp/library/socket/message/QGP2PMessage;)V: Invalid debug offset

Lcom/hp/hpl/sparta/DefaultLog;->error(Ljava/lang/String;Ljava/lang/String;I)V: Invalid debug offset
Lcom/qinggan/app/arielapp/ArielApplication$17;->onConnectStatusChange(Z)V: Invalid debug offset

ANSWER

Answered 2021-Jan-08 at 21:14

I would try to use dex2jar tool for this purpose. Convert your apk to jar and then analyze it with MobSF. MobSF should work with jar files since this is an archive. I am not sure if it will show the stable behavior, but it can be an option.

As far as I know MobSF also have this package within it's source code, so did you try to load this APK directly to MobSF without changing anything? I think it might work.

Also you can use JADX tool for manual source code analyzing. It should restore the source code from the DEX binaries.

Also observe this issue. MobSF developer suggests to use enjarify instead of dex2jar (2nd answer) and sends the link which explains how to do it.

Source https://stackoverflow.com/questions/65623227

Community Discussions, Code Snippets contain sources that include Stack Exchange Network

Vulnerabilities

No vulnerabilities reported

Install smali

You can download it from GitHub, Maven.
You can use smali like any standard Java library. Please include the the jar files in your classpath. You can also use any IDE and you can run and debug the smali component as you would do with any other Java program. Best practice is to use a build tool that supports dependency management such as Maven or Gradle. For Maven installation, please refer maven.apache.org. For Gradle installation, please refer gradle.org .

Support

For any new features, suggestions and bugs create an issue on GitHub. If you have any questions check and ask questions on community page Stack Overflow .