Are there ways to decompile obfuscated dex/jar files into Java source code? I have an APK with no classes.dex file within it, but I have the odex file. I've tried using oat2dex and dex2jar to get the dex/jar files, and then used a few decompilers to get the Java source, but I'm either getting errors on some parts, or really hard to read code since it's obfuscated.
Here's what I've tried
JD-GUI (first I've tried that completed decompilation, but with multiple errors)
Fernflower (couldn't complete)
Procyon (pretty good, but with some errors)
CFR (better, but with some errors)
Jadx (best, with least errors, but code is still obfuscated and hard to read, with multiple classes/methods with the same random names)
What can I do to get more readable code?
There isn't any magical tool that will refactor all your obfuscated code into something meaningful and "clean". Obfuscated code is obfuscated: deal with it.
You can however save the obfuscated source code, create a project with your prefered ide (that support refactor) and manually analize functions and variables and refactor them to something meaninful. This require a lot of time, but eventually you will obtain an almost clean source code.
Related
I have my project in .jar file.
But i lost the source code of it.
How to get source code from .jar file.
First of all I would like to tell you that if your project is big and complex, you are in trouble. Generated source code via external tools(no matter whatever the tool is) is never same as the real code. Code like comments, constants, inner classes, etc gets messy.
For simpler code and projects you can use -
Java Decompiler (JD-GUI) http://jd.benow.ca/
DJ Java Decompiler http://www.neshkov.com/dj.html
But always know this that its not what was written originally in the source code.
You must decompile your code. You can use Java decompiler http://jd.benow.ca/
Okay, so my programming teacher sent me an app that I should look at and modify. I downloaded the APK file, and turned it into a source code following these instructions: how to extract code of apk file.
I have the java (src) files, the resources files, and the XML files. I have the Manifest file too.
I imported them successfully on eclipse, but now it has like 2000 errors.
I really don't know what to do. The apk works fine on my phone.
Why is it doing this?
If anyone needs the apk, I'll upload it.
If someone can be so generous to convert it into a working eclipse workspace for me, I'll be more than grateful.
You can never get the exact source code from the .apk file. The .apk file is generated from the compiled classes which doesnt have all information like actual variable names, actual method names. so you cannot retrieve back 100% original source code.
Basically everything will be obfuscated. so when obfuscated, multiple classes may have same name.
eg: two classes may have name 'a'. Hence the Errors in Eclipse.
As far I know re-compiling apk file will not give you exact results except the images and xml resources. Some free tools available that cannot provide 100% accurate code. here's a tutorial you can check How To Retrieve The Source Code From A Compiled Android .Apk
I was going through the Stack Overflow question decompiling DEX into Java sourcecode. I was successfully able to decompile the apk file, and I made some changes in the Java code.
I converted them successfully to smali files so that apktool can repack the app. But it gave me undefined kind of errors. I used a Hello, World! example for time being.
Is it possible? Or did I go somewhere wrong? Is there any alternate method is possible for it?
Using dex2jar and a decompiler will produce something vaguely resembling Java source code. Don't expect the result to be compilable, or to actually match the original logic.
We have normal java files residing in the SVN. We have made some changes in those files , but it happens that , those files are lost (they are not in SVN). But we have the class files that are generated using the newly changed files.
Can we use the class files , decompile them and compare it against SVN. What is the easiest way to do it?
There are about 400 changed files. So comparing one by one is not feasible.
I am looking for any tool or scripts.
Also is there any decompiler , that would decompile a whole folder at one go?
Thanks
For decompiling use JAD, most commonly used tool. Comparing is a bit tricky though. I would suggest the following scenario:
Grab the latest source code from SVN
Build it
Decompile it (!)
Take your compiled classes that include some modifications but you don't have sources
Decompile them as well
Compare both decompiled sources directories
Why compiling and decompiling the original source codes? Because JAD produces pretty good results, but it will never generate the exact same sources that were used. So if you want to avoid headaches when comparing original sources and decompiled ones (and pinpoint the actual differences quickly), you have to compare two JAD outputs rather than original source and synthetic JAD output.
I hope having two directory structures to compare won't be a problem for you. You can use Total Commander on Windows or various utilities/scripts on Linux, like:
$ diff -r dir1 dir2
jad can decompile a whole folder but the result depends on a couple of factors. First, JAD only supports Java 4 well. Java 5 and up will contain odd byte code chunks that JAD didn't understand.
If the code is compiled with debug symbols, you can realign line numbers (the jadclipse plugin can do that) but JAD itself can't do it.
If you compiled the code with -g:source, then the class files contain the complete source code. At first glance, I don't know how to get at this but tools like javap (comes with the JDK) or ASM should allow you to get it.
It is possible to compare a decompiled source file with the orginal, provided you did not use obfuscation when generating class files. However, automated comparison will be difficult because the decompiled source is often slightly different than the original source due to compiler optimization for example.
Personally I use jad as a decompiler, but I'm not sure you can provide it with a whole folder at one go.
I used the below command(jad decompiler) to compile all the class files in a folder in one go.
jad -o -r -sjava -dsrc tree/**/*.class
Use jd-gui, very good decompiler, but the compering ... its going to be painful.
Right now im doing exactly that, using http://java.decompiler.free.fr/ to decompile and beyond compare (http://www.scootersoftware.com/) to compare packages and files. It looks like a great idea to make a fast compare against the actual version (svn) compiled and decompiled, to check which files (and which sections) are up to date.
Is it possible to convert a .class file to .java file?
How can this be done?
What about the correctness of the code extracted from this option?
It is possible. You need a Java Decompiler to do this.
You'll find mostly it'll do a surprisingly good job. What you'll get is a valid .java file which will compile to the .class file but this .java file won't necessarily be the same as the original source code. Things like looping constructs might come out differently, and anything that's compile time only such as generics and annotations won't be re-created.
You might have a problem if the code has been obfuscated. This is a process which alters the class files to make them hard to decompile. For example, class and variable names are changed to all be similar so you'll end up with code like aa.a(ab) instead of employee.setName(name) and it's very hard to work out what's going on.
I remember using JAD to do this but I don't think this is actively maintained so it may not work with never versions of Java. A Google search for java decompiler will give you plenty of options.
This is possible using one of the available Java decompilers. Since you are working from byte-code which may have been optimised by the compiler (inlining static variables, restructing control flow etc) what you get out may not be exactly the same as the code that was originally compiled but it will be functionally equivalent.
Adding to the previous answers: recently, a new wave of decompilers has been coming, namely Procyon, CFR, JD, Fernflower
Here's a list of modern decompilers as of March, 2015:
Procyon
CFR
JD
Fernflower
You may test above mention decompilers online, no installation required and make your own educated choice.
Java decompilers in the cloud: http://www.javadecompilers.com/
It is always possible. Search for "java disassembler".
But source code comments and temporary variables will not be available.
If you decompile a class and see the code is too complex with variable names and method names are like a,b,c... that means that the project is obfuscated.
Not exactly a decompiler, but the JDK contains javap, a disassembler:
javap -c org.example.MyClass
Depending on your usecase, it might still be interesting to know or use.
Note that results of class file decompilation depend on the included information within a class file. If I remember correctly, included debug information (see -g flag of javac) is important, especially for naming of variables and the like.
DJ is the easy to use java decompiler . Just open any .class file and it will show you its java code.
Also, you can use jadClipse plugin for eclipse to directly decompile the .class into .java
What about the correctness of the code extracted from this option?
In any case, the code which will be generated by any java decompiler will not be the same as it was written in orginal java class. As it just decodes the bytecode into java code. The only thing you can be sure is, that the output will be same as the output of orginal java code.