Jadx - Android APK Decompiler
Jadx - Android APK反编译工具
You are helping the user decompile Android APK files using jadx to convert DEX bytecode into readable Java source code for security analysis, vulnerability discovery, and understanding app internals.
您将学习如何使用jadx反编译Android APK文件,将DEX字节码转换为可读的Java源代码,用于安全分析、漏洞发现和理解应用内部机制。
Jadx is a dex to Java decompiler that produces clean, readable Java source code from Android APK files. Unlike apktool (which produces smali), jadx generates actual Java code that's much easier to read and analyze. It's essential for:
- Converting DEX bytecode to readable Java source
- Understanding app logic and control flow
- Finding security vulnerabilities in code
- Discovering hardcoded credentials, API keys, URLs
- Analyzing encryption/authentication implementations
- Searching through code with familiar Java syntax
Jadx是一款将DEX转换为Java的反编译工具,能从Android APK文件生成清晰可读的Java源代码。与apktool(生成smali代码)不同,jadx生成的是真正的Java代码,更易于阅读和分析。它主要用于:
- 将DEX字节码转换为可读的Java源代码
- 理解应用逻辑和控制流
- 查找代码中的安全漏洞
- 发现硬编码凭据、API密钥和URL
- 分析加密/认证实现
- 使用熟悉的Java语法搜索代码
- jadx (and optionally jadx-gui) must be installed
- Java Runtime Environment (JRE) required
- Sufficient disk space (decompiled output is typically 3-10x APK size)
- Write permissions in output directory
- jadx(可选安装jadx-gui)必须安装
- 需要Java运行环境(JRE)
- 足够的磁盘空间(反编译后的输出通常是APK大小的3-10倍)
- 输出目录的写入权限
Jadx provides two interfaces:
CLI (jadx): Command-line interface
- Best for automation and scripting
- Batch processing multiple APKs
- Integration with other tools
- Headless server environments
GUI (jadx-gui): Graphical interface
- Interactive code browsing
- Built-in search functionality
- Cross-references and navigation
- Easier for manual analysis
- Syntax highlighting
When to use each:
- Use CLI for automated analysis, scripting, CI/CD pipelines
- Use GUI for interactive exploration and deep-dive analysis
Jadx提供两种界面:
CLI(jadx):命令行界面
- 最适合自动化和脚本编写
- 批量处理多个APK
- 与其他工具集成
- 无头服务器环境适用
GUI(jadx-gui):图形界面
- 交互式代码浏览
- 内置搜索功能
- 交叉引用与导航
- 更适合手动分析
- 语法高亮
适用场景:
- 使用CLI进行自动化分析、脚本编写、CI/CD流水线
- 使用GUI进行交互式探索和深度分析
1. Basic APK Decompilation (Most Common)
1. 基础APK反编译(最常用)
Standard decompile command:
bash
jadx <apk-file> -d <output-directory>
Example:
bash
jadx app.apk -d app-decompiled
With deobfuscation (recommended for obfuscated apps):
bash
jadx --deobf app.apk -d app-decompiled
标准反编译命令:
bash
jadx <apk-file> -d <output-directory>
示例:
bash
jadx app.apk -d app-decompiled
启用反混淆(针对混淆应用推荐使用):
bash
jadx --deobf app.apk -d app-decompiled
2. Understanding Output Structure
2. 理解输出结构
After decompilation, the output directory contains:
app-decompiled/
├── sources/ # Java source code
│ └── com/company/app/ # Package structure
│ ├── MainActivity.java
│ ├── utils/
│ ├── network/
│ └── ...
└── resources/ # Decoded resources
├── AndroidManifest.xml # Readable manifest
├── res/ # Resources
│ ├── layout/ # XML layouts
│ ├── values/ # Strings, colors
│ ├── drawable/ # Images
│ └── ...
└── assets/ # App assets
反编译完成后,输出目录包含以下内容:
app-decompiled/
├── sources/ # Java源代码
│ └── com/company/app/ # 包结构
│ ├── MainActivity.java
│ ├── utils/
│ ├── network/
│ └── ...
└── resources/ # 解码后的资源
├── AndroidManifest.xml # 可读的清单文件
├── res/ # 资源文件
│ ├── layout/ # XML布局
│ ├── values/ # 字符串、颜色
│ ├── drawable/ # 图片
│ └── ...
└── assets/ # 应用资源
3. Decompilation Options
3. 反编译选项
A. Performance Options
A. 性能选项
Multi-threaded decompilation (faster):
bash
jadx -j 4 app.apk -d output
多线程反编译(速度更快):
bash
jadx -j 4 app.apk -d output
-j specifies number of threads (default: CPU cores)
-j 指定线程数(默认:CPU核心数)
**Skip resources (code only, much faster):**
```bash
jadx --no-res app.apk -d output
Skip source code (resources only):
bash
jadx --no-src app.apk -d output
**跳过资源(仅保留代码,速度快很多):**
```bash
jadx --no-res app.apk -d output
跳过源代码(仅保留资源):
bash
jadx --no-src app.apk -d output
B. Deobfuscation Options
B. 反混淆选项
Enable deobfuscation:
bash
jadx --deobf app.apk -d output
- Renames obfuscated classes (a.b.c → meaningful names)
- Attempts to recover original names
- Makes code much more readable
- Essential for obfuscated/minified apps
Deobfuscation map output:
bash
jadx --deobf --deobf-rewrite-cfg --deobf-use-sourcename app.apk -d output
- More aggressive deobfuscation
- Uses source file names as hints
- Rewrites control flow graphs
启用反混淆:
bash
jadx --deobf app.apk -d output
- 重命名混淆后的类(如a.b.c → 有意义的名称)
- 尝试恢复原始名称
- 使代码更易读
- 对混淆/压缩后的应用必不可少
导出反混淆映射:
bash
jadx --deobf --deobf-rewrite-cfg --deobf-use-sourcename app.apk -d output
- 更激进的反混淆策略
- 使用源文件名作为提示
- 重写控制流图
Show inconsistent/bad code:
bash
jadx --show-bad-code app.apk -d output
- Shows code that couldn't be decompiled cleanly
- Useful for finding obfuscation or anti-decompilation tricks
- May contain syntax errors but reveals structure
Export as Gradle project:
bash
jadx --export-gradle app.apk -d output
- Creates buildable Gradle Android project
- Useful for rebuilding/modifying app
- Includes build.gradle files
Fallback mode (when decompilation fails):
bash
jadx --fallback app.apk -d output
- Uses alternative decompilation strategy
- Produces less clean code but handles edge cases
显示不完整/有问题的代码:
bash
jadx --show-bad-code app.apk -d output
- 显示无法干净反编译的代码
- 有助于发现混淆或反反编译技巧
- 可能包含语法错误,但能揭示结构
导出为Gradle项目:
bash
jadx --export-gradle app.apk -d output
- 创建可构建的Gradle Android项目
- 适用于重建/修改应用
- 包含build.gradle文件
Fallback模式(反编译失败时使用):
bash
jadx --fallback app.apk -d output
- 使用替代反编译策略
- 生成的代码不够整洁,但能处理边缘情况
4. Common Analysis Tasks
4. 常见分析任务
A. Searching for Sensitive Information
A. 搜索敏感信息
After decompilation, search for common security issues:
Search for API keys
搜索API密钥
grep -r "api.*key|apikey|API_KEY" app-decompiled/sources/
grep -r "api.*key|apikey|API_KEY" app-decompiled/sources/
Search for passwords and credentials
搜索密码和凭据
grep -r "password|credential|secret" app-decompiled/sources/
grep -r "password|credential|secret" app-decompiled/sources/
Search for hardcoded URLs
搜索硬编码URL
grep -rE "https?://[^"]+" app-decompiled/sources/
grep -rE "https?://[^"]+" app-decompiled/sources/
Search for encryption keys
搜索加密密钥
grep -r "AES|DES|RSA|encryption.*key" app-decompiled/sources/
grep -r "AES|DES|RSA|encryption.*key" app-decompiled/sources/
grep -r "token|auth.*token|bearer" app-decompiled/sources/
grep -r "token|auth.*token|bearer" app-decompiled/sources/
Search for database passwords
搜索数据库密码
grep -r "jdbc|database|db.*password" app-decompiled/sources/
grep -r "jdbc|database|db.*password" app-decompiled/sources/
B. Finding Security Vulnerabilities
B. 查找安全漏洞
SQL Injection:
bash
grep -r "SELECT.*FROM.*WHERE" app-decompiled/sources/ | grep -v "PreparedStatement"
grep -r "rawQuery\|execSQL" app-decompiled/sources/
Insecure Crypto:
bash
grep -r "DES\|MD5\|SHA1" app-decompiled/sources/
grep -r "SecureRandom.*setSeed" app-decompiled/sources/
grep -r "Cipher.getInstance" app-decompiled/sources/ | grep -v "AES/GCM"
Insecure Storage:
bash
grep -r "SharedPreferences" app-decompiled/sources/
grep -r "MODE_WORLD_READABLE\|MODE_WORLD_WRITABLE" app-decompiled/sources/
grep -r "openFileOutput" app-decompiled/sources/
WebView vulnerabilities:
bash
grep -r "setJavaScriptEnabled.*true" app-decompiled/sources/
grep -r "addJavascriptInterface" app-decompiled/sources/
grep -r "WebView.*loadUrl" app-decompiled/sources/
Certificate pinning bypass:
bash
grep -r "TrustManager\|HostnameVerifier" app-decompiled/sources/
grep -r "checkServerTrusted" app-decompiled/sources/
SQL注入:
bash
grep -r "SELECT.*FROM.*WHERE" app-decompiled/sources/ | grep -v "PreparedStatement"
grep -r "rawQuery\|execSQL" app-decompiled/sources/
不安全的加密:
bash
grep -r "DES\|MD5\|SHA1" app-decompiled/sources/
grep -r "SecureRandom.*setSeed" app-decompiled/sources/
grep -r "Cipher.getInstance" app-decompiled/sources/ | grep -v "AES/GCM"
不安全的存储:
bash
grep -r "SharedPreferences" app-decompiled/sources/
grep -r "MODE_WORLD_READABLE\|MODE_WORLD_WRITABLE" app-decompiled/sources/
grep -r "openFileOutput" app-decompiled/sources/
WebView漏洞:
bash
grep -r "setJavaScriptEnabled.*true" app-decompiled/sources/
grep -r "addJavascriptInterface" app-decompiled/sources/
grep -r "WebView.*loadUrl" app-decompiled/sources/
证书固定绕过:
bash
grep -r "TrustManager\|HostnameVerifier" app-decompiled/sources/
grep -r "checkServerTrusted" app-decompiled/sources/
C. Understanding App Logic
C. 理解应用逻辑
grep -r "extends Activity|extends AppCompatActivity" app-decompiled/sources/
grep -r "extends Activity|extends AppCompatActivity" app-decompiled/sources/
Application class
Application类
grep -r "extends Application" app-decompiled/sources/
grep -r "extends Application" app-decompiled/sources/
grep -r "extends Service" app-decompiled/sources/
grep -r "extends Service" app-decompiled/sources/
grep -r "extends BroadcastReceiver" app-decompiled/sources/
**Trace network communication:**
```bash
grep -r "extends BroadcastReceiver" app-decompiled/sources/
Find HTTP client usage
查找HTTP客户端使用情况
grep -r "HttpURLConnection|OkHttpClient|Retrofit" app-decompiled/sources/
grep -r "HttpURLConnection|OkHttpClient|Retrofit" app-decompiled/sources/
Find API endpoints
查找API端点
grep -r "@GET|@POST|@PUT|@DELETE" app-decompiled/sources/
grep -r "@GET|@POST|@PUT|@DELETE" app-decompiled/sources/
grep -r "baseUrl|BASE_URL|API_URL" app-decompiled/sources/
**Find authentication logic:**
```bash
grep -r "login\|Login\|authenticate\|Authorization" app-decompiled/sources/
grep -r "jwt\|JWT\|bearer\|Bearer" app-decompiled/sources/
grep -r "baseUrl|BASE_URL|API_URL" app-decompiled/sources/
**查找认证逻辑:**
```bash
grep -r "login\|Login\|authenticate\|Authorization" app-decompiled/sources/
grep -r "jwt\|JWT\|bearer\|Bearer" app-decompiled/sources/
D. Analyzing Specific Classes
D. 分析特定类
After identifying interesting classes, read them directly:
cat app-decompiled/sources/com/example/app/LoginActivity.java
cat app-decompiled/sources/com/example/app/LoginActivity.java
Use less for pagination
使用less分页查看
less app-decompiled/sources/com/example/app/network/ApiClient.java
less app-decompiled/sources/com/example/app/network/ApiClient.java
Search within specific class
在特定类中搜索
grep "password" app-decompiled/sources/com/example/app/LoginActivity.java
grep "password" app-decompiled/sources/com/example/app/LoginActivity.java
5. GUI Mode (Interactive Analysis)
5. GUI模式(交互式分析)
Launch GUI:
GUI features:
- Full-text search: Ctrl+Shift+F (search all code)
- Find usage: Right-click on class/method → "Find usage"
- Go to declaration: Ctrl+Click on any class/method
- Decompilation: Click any class to see Java code
- Save decompiled code: File → Save all
- Export options: File → Export as Gradle project
GUI workflow:
- Open APK with jadx-gui
- Browse package structure in left panel
- Use search (Ctrl+Shift+F) to find keywords
- Click results to view code in context
- Follow cross-references with Ctrl+Click
- Save interesting findings
启动GUI:
GUI功能:
- 全文搜索:Ctrl+Shift+F(搜索所有代码)
- 查找引用:右键点击类/方法 → "Find usage"
- 跳转到定义:Ctrl+点击任意类/方法
- 反编译:点击任意类查看Java代码
- 保存反编译代码:文件 → 全部保存
- 导出选项:文件 → 导出为Gradle项目
GUI工作流程:
- 使用jadx-gui打开APK
- 在左侧面板浏览包结构
- 使用搜索(Ctrl+Shift+F)查找关键字
- 点击结果查看上下文代码
- 使用Ctrl+点击追踪交叉引用
- 保存有价值的发现
6. Integration with Other Tools
6. 与其他工具集成
Combine Jadx with Apktool
Jadx与Apktool结合使用
Both tools complement each other:
Jadx strengths:
- Readable Java source code
- Easy to understand logic
- Fast searching through code
Apktool strengths:
- Accurate resource extraction
- Smali code (closer to original)
- Can rebuild/repackage APKs
Recommended workflow:
两个工具可以互补:
Jadx优势:
Apktool优势:
- 准确提取资源
- Smali代码(更接近原始代码)
- 可重建/重新打包APK
推荐工作流程:
Use jadx for code analysis
使用jadx进行代码分析
jadx --deobf app.apk -d app-jadx
jadx --deobf app.apk -d app-jadx
Use apktool for resources and smali
使用apktool处理资源和smali代码
apktool d app.apk -o app-apktool
apktool d app.apk -o app-apktool
Analyze both outputs
分析两个输出结果
grep -r "API_KEY" app-jadx/sources/
grep -r "api_key" app-apktool/res/
grep -r "API_KEY" app-jadx/sources/
grep -r "api_key" app-apktool/res/
Workflow 1: Security Assessment
工作流程1:安全评估
1. Decompile with deobfuscation
1. 启用反混淆进行反编译
jadx --deobf app.apk -d app-decompiled
jadx --deobf app.apk -d app-decompiled
2. Search for hardcoded secrets
2. 搜索硬编码机密
echo "[+] Searching for API keys..."
grep -ri "api.*key|apikey" app-decompiled/sources/ | tee findings-apikeys.txt
echo "[+] Searching for passwords..."
grep -ri "password|passwd|pwd" app-decompiled/sources/ | tee findings-passwords.txt
echo "[+] Searching for URLs..."
grep -rE "https?://[^"]+" app-decompiled/sources/ | tee findings-urls.txt
echo "[+] 搜索API密钥..."
grep -ri "api.*key|apikey" app-decompiled/sources/ | tee findings-apikeys.txt
echo "[+] 搜索密码..."
grep -ri "password|passwd|pwd" app-decompiled/sources/ | tee findings-passwords.txt
echo "[+] 搜索URL..."
grep -rE "https?://[^"]+" app-decompiled/sources/ | tee findings-urls.txt
3. Check crypto usage
3. 检查加密使用情况
echo "[+] Checking crypto implementations..."
grep -r "Cipher|SecretKey|KeyStore" app-decompiled/sources/ | tee findings-crypto.txt
echo "[+] 检查加密实现..."
grep -r "Cipher|SecretKey|KeyStore" app-decompiled/sources/ | tee findings-crypto.txt
4. Check for insecure storage
4. 检查不安全存储
echo "[+] Checking storage mechanisms..."
grep -r "SharedPreferences|SQLite|openFileOutput" app-decompiled/sources/ | tee findings-storage.txt
echo "[+] 检查存储机制..."
grep -r "SharedPreferences|SQLite|openFileOutput" app-decompiled/sources/ | tee findings-storage.txt
echo "[+] Analysis complete. Check findings-*.txt files"
echo "[+] 分析完成,请查看findings-*.txt文件"
Workflow 2: IoT App Analysis
工作流程2:IoT应用分析
For IoT companion apps, find device communication:
jadx --deobf iot-app.apk -d iot-app-decompiled
jadx --deobf iot-app.apk -d iot-app-decompiled
2. Find device communication
2. 查找设备端点
echo "[+] Finding device endpoints..."
grep -rE "https?://[^"]+" iot-app-decompiled/sources/ |
grep -v "google|android|facebook" |
tee device-endpoints.txt
echo "[+] 查找设备端点..."
grep -rE "https?://[^"]+" iot-app-decompiled/sources/ |
grep -v "google|android|facebook" |
tee device-endpoints.txt
3. Find API structure
3. 查找API结构
echo "[+] Finding API definitions..."
grep -r "@GET|@POST|@PUT" iot-app-decompiled/sources/ | tee api-endpoints.txt
echo "[+] 查找API定义..."
grep -r "@GET|@POST|@PUT" iot-app-decompiled/sources/ | tee api-endpoints.txt
4. Find authentication
4. 查找认证机制
echo "[+] Finding auth mechanisms..."
grep -r "Authorization|authentication|apiKey" iot-app-decompiled/sources/ | tee auth-methods.txt
echo "[+] 查找认证机制..."
grep -r "Authorization|authentication|apiKey" iot-app-decompiled/sources/ | tee auth-methods.txt
5. Find device discovery
5. 查找设备发现
echo "[+] Finding device discovery..."
grep -r "discover|scan|broadcast|mdns" iot-app-decompiled/sources/ | tee device-discovery.txt
echo "[+] 查找设备发现机制..."
grep -r "discover|scan|broadcast|mdns" iot-app-decompiled/sources/ | tee device-discovery.txt
6. Check for certificate pinning
6. 检查证书固定
echo "[+] Checking certificate pinning..."
grep -r "CertificatePinner|TrustManager" iot-app-decompiled/sources/ | tee cert-pinning.txt
echo "[+] 检查证书固定..."
grep -r "CertificatePinner|TrustManager" iot-app-decompiled/sources/ | tee cert-pinning.txt
Workflow 3: Quick Credential Check
工作流程3:快速凭据检查
Fast decompilation without resources
不处理资源的快速反编译
jadx --no-res --deobf app.apk -d app-code
jadx --no-res --deobf app.apk -d app-code
Search for common credential patterns
搜索常见凭据模式
grep -r "username.*password|user.*pass" app-code/sources/
grep -r "admin|root|default.*password" app-code/sources/
grep -r "hardcoded|TODO.*password|FIXME.*password" app-code/sources/
grep -r "username.*password|user.*pass" app-code/sources/
grep -r "admin|root|default.*password" app-code/sources/
grep -r "hardcoded|TODO.*password|FIXME.*password" app-code/sources/
Workflow 4: API Endpoint Discovery
工作流程4:API端点发现
jadx app.apk -d app-decompiled
jadx app.apk -d app-decompiled
Find Retrofit/REST API definitions
查找Retrofit/REST API定义
find app-decompiled/sources -name "Api.java" -o -name "Service.java" -o -name "Client.java"
find app-decompiled/sources -name "Api.java" -o -name "Service.java" -o -name "Client.java"
Extract all endpoints
提取所有端点
grep -r "@GET|@POST|@PUT|@DELETE|@PATCH" app-decompiled/sources/ |
sed 's/.@(GET|POST|PUT|DELETE|PATCH)("([^"])".*/\1 \2/' |
sort -u
grep -r "@GET|@POST|@PUT|@DELETE|@PATCH" app-decompiled/sources/ |
sed 's/.@(GET|POST|PUT|DELETE|PATCH)("([^"])".*/\1 \2/' |
sort -u
grep -r "baseUrl|BASE_URL|API_BASE" app-decompiled/sources/
grep -r "baseUrl|BASE_URL|API_BASE" app-decompiled/sources/
Workflow 5: Batch Processing Multiple APKs
工作流程5:批量处理多个APK
Decompile multiple APKs
反编译多个APK
for apk in *.apk; do
name=$(basename "$apk" .apk)
echo "[+] Processing $apk..."
jadx --no-res --deobf "$apk" -d "decompiled-$name"
Quick search for secrets
grep -r "api.*key|password|secret" "decompiled-$name/sources/" > "findings-$name.txt"
done
echo "[+] All APKs processed. Check findings-*.txt files"
for apk in *.apk; do
name=$(basename "$apk" .apk)
echo "[+] 处理$apk..."
jadx --no-res --deobf "$apk" -d "decompiled-$name"
快速搜索机密
grep -r "api.*key|password|secret" "decompiled-$name/sources/" > "findings-$name.txt"
done
echo "[+] 所有APK处理完成,请查看findings-*.txt文件"
1. Always Use Deobfuscation for Production Apps
1. 生产应用务必启用反混淆
Most production apps are obfuscated
大多数生产应用都经过混淆
jadx --deobf app.apk -d output
Without `--deobf`, you'll see code like:
```java
public class a {
public void b(String c) { ... }
}
With
, jadx attempts meaningful names:
java
public class NetworkClient {
public void sendRequest(String url) { ... }
}
jadx --deobf app.apk -d output
不使用`--deobf`,您会看到如下代码:
```java
public class a {
public void b(String c) { ... }
}
java
public class NetworkClient {
public void sendRequest(String url) { ... }
}
2. Use Multi-threading for Large Apps
2. 大型应用使用多线程
Faster decompilation
更快的反编译速度
jadx -j 8 large-app.apk -d output
jadx -j 8 large-app.apk -d output
3. Skip Resources for Code-Only Analysis
3. 仅分析代码时跳过资源
3-5x faster when you only need code
速度提升3-5倍,适用于仅需代码的场景
jadx --no-res app.apk -d output
jadx --no-res app.apk -d output
4. Search Systematically
4. 系统化搜索
Create a search checklist:
5. Use GUI for Deep Analysis
5. 深度分析使用GUI
For complex apps:
- Use CLI for initial decompilation
- Search for interesting patterns
- Open in GUI for detailed exploration
- Use cross-references to trace code flow
针对复杂应用:
- 使用CLI进行初始反编译
- 搜索感兴趣的模式
- 用GUI打开进行详细探索
- 使用交叉引用追踪代码流
6. Combine with Runtime Analysis
6. 结合运行时分析
Static analysis (jadx) + dynamic analysis:
- Use jadx to find API endpoints
- Test endpoints with curl/burp
- Use jadx to understand auth flow
- Test auth with runtime instrumentation (Frida)
静态分析(jadx)+ 动态分析:
- 使用jadx查找API端点
- 使用curl/burp测试端点
- 使用jadx理解认证流程
- 使用运行时插桩(Frida)测试认证
Problem: Decompilation fails with errors
问题:反编译失败并报错
Solution: Use fallback mode or show bad code:
bash
jadx --fallback --show-bad-code app.apk -d output
解决方案:使用fallback模式或显示有问题的代码:
bash
jadx --fallback --show-bad-code app.apk -d output
Problem: Code is unreadable (obfuscated)
问题:代码无法阅读(已混淆)
Solution: Enable deobfuscation:
bash
jadx --deobf app.apk -d output
解决方案:启用反混淆:
bash
jadx --deobf app.apk -d output
Problem: Out of memory error
问题:内存不足错误
Solution: Increase Java heap size:
bash
export JAVA_OPTS="-Xmx4096m"
jadx app.apk -d output
Or use the built-in option:
bash
jadx -Xmx4096m app.apk -d output
解决方案:增加Java堆内存:
bash
export JAVA_OPTS="-Xmx4096m"
jadx app.apk -d output
或使用内置选项:
bash
jadx -Xmx4096m app.apk -d output
Problem: Decompilation is very slow
问题:反编译速度极慢
Solution: Skip resources or use more threads:
bash
jadx --no-res -j 8 app.apk -d output
解决方案:跳过资源或使用更多线程:
bash
jadx --no-res -j 8 app.apk -d output
Problem: Some methods show "Can't load method"
问题:部分方法显示"Can't load method"
Solution: Use
to see partial decompilation:
bash
jadx --show-bad-code app.apk -d output
bash
jadx --show-bad-code app.apk -d output
Problem: GUI won't open APK
问题:GUI无法打开APK
Solution: Use CLI first to check for errors:
bash
jadx app.apk -d test-output
解决方案:先使用CLI检查错误:
bash
jadx app.apk -d test-output
If successful, try GUI again
若成功,再尝试打开GUI
Export as Gradle Project
导出为Gradle项目
bash
jadx --export-gradle app.apk -d app-project
cd app-project
./gradlew build
Creates a buildable Android Studio project.
bash
jadx --export-gradle app.apk -d app-project
cd app-project
./gradlew build
创建可构建的Android Studio项目。
Generate Deobfuscation Map
生成反混淆映射
bash
jadx --deobf --deobf-use-sourcename app.apk -d output
bash
jadx --deobf --deobf-use-sourcename app.apk -d output
Check output/mapping.txt for name mappings
查看output/mapping.txt获取名称映射
Custom Decompilation Options
自定义反编译选项
All options combined
组合所有选项
jadx
--deobf
--deobf-use-sourcename
--show-bad-code
--no-imports
--no-inline-anonymous
--no-replace-consts
app.apk -d output
jadx
--deobf
--deobf-use-sourcename
--show-bad-code
--no-imports
--no-inline-anonymous
--no-replace-consts
app.apk -d output
Integration with IoTHackBot Tools
与IoTHackBot工具集成
Jadx fits into the IoTHackBot workflow:
-
APK → API Discovery:
- Decompile IoT app with jadx
- Extract API endpoints
- Test endpoints with network tools
-
APK → Credential Extraction:
- Find hardcoded credentials
- Test against IoT devices
- Use with onvifscan, telnetshell
-
APK → Protocol Analysis:
- Understand device communication protocol
- Capture traffic with iotnet
- Replay/modify with custom scripts
-
APK → Device Enumeration:
- Find device discovery mechanisms
- Use wsdiscovery for ONVIF devices
- Use nmap for network scanning
Jadx可融入IoTHackBot工作流程:
-
APK → API发现:
- 使用jadx反编译IoT应用
- 提取API端点
- 使用网络工具测试端点
-
APK → 凭据提取:
- 查找硬编码凭据
- 针对IoT设备测试
- 与onvifscan、telnetshell配合使用
-
APK → 协议分析:
- 理解设备通信协议
- 使用iotnet捕获流量
- 使用自定义脚本重放/修改流量
-
APK → 设备枚举:
- 查找设备发现机制
- 使用wsdiscovery扫描ONVIF设备
- 使用nmap进行网络扫描
jadx <apk> -d <output-dir>
jadx <apk> -d <output-dir>
With deobfuscation (recommended)
启用反混淆(推荐)
jadx --deobf <apk> -d <output-dir>
jadx --deobf <apk> -d <output-dir>
Fast (no resources)
快速模式(不处理资源)
jadx --no-res <apk> -d <output-dir>
jadx --no-res <apk> -d <output-dir>
jadx -j <threads> <apk> -d <output-dir>
jadx -j <threads> <apk> -d <output-dir>
Show problematic code
显示有问题的代码
jadx --show-bad-code <apk> -d <output-dir>
jadx --show-bad-code <apk> -d <output-dir>
Export as Gradle project
导出为Gradle项目
jadx --export-gradle <apk> -d <output-dir>
jadx --export-gradle <apk> -d <output-dir>
jadx --fallback <apk> -d <output-dir>
jadx --fallback <apk> -d <output-dir>
Security Analysis Checklist
安全分析清单
Use this checklist when analyzing APKs with jadx:
- Jadx produces Java source, which is approximate (not original)
- Some optimizations/obfuscations may produce uncompilable code
- Decompiled code may differ slightly from original source
- Always cross-check findings with runtime analysis
- Jadx works best with apps compiled with standard tools
- Heavily obfuscated/protected apps may have limited decompilation
- Some anti-tampering mechanisms detect decompilation
- Jadx生成的Java源代码是近似值(非原始代码)
- 部分优化/混淆可能导致代码无法编译
- 反编译代码可能与原始源代码略有差异
- 务必结合运行时分析交叉验证发现
- Jadx对使用标准工具编译的应用效果最佳
- 重度混淆/保护的应用反编译效果可能有限
- 部分反篡改机制会检测反编译行为
IMPORTANT: Only decompile APKs you own or have permission to analyze.
- Respect intellectual property and licensing
- Follow responsible disclosure for vulnerabilities
- Don't distribute decompiled source code
- Be aware of terms of service and EULAs
- Use for authorized security testing and research only
- Some jurisdictions have laws against reverse engineering
重要提示:仅反编译您拥有或获得分析许可的APK。
- 尊重知识产权和许可协议
- 遵循漏洞负责任披露原则
- 不要分发反编译后的源代码
- 注意服务条款和最终用户许可协议(EULA)
- 仅用于授权的安全测试和研究
- 部分司法管辖区禁止逆向工程
A successful jadx analysis includes:
- APK successfully decompiled to readable Java code
- Deobfuscation applied (if app was obfuscated)
- All source code searchable and readable
- Security-relevant findings documented
- API endpoints and URLs extracted
- Crypto and authentication logic understood
- Integration points with other systems identified
- Findings verified with runtime testing when possible
一次成功的jadx分析应包含:
- APK成功反编译为可读的Java代码
- 已应用反混淆(若应用已混淆)
- 所有源代码可搜索、可读
- 安全相关发现已记录
- API端点和URL已提取
- 加密和认证逻辑已理解
- 与其他系统的集成点已识别
- 尽可能结合运行时测试验证发现