JAVA反编译引擎介绍
JAD http://www.kpdus.com/jad.html
元老级java反编译引擎。已过时不建议使用。
用C++开发,支持平台众多,缺点是不开源且不支持新java特性.不建议使用。
E:jad158g.win>jad.exe
Jad v1.5.8g. Copyright 2001 Pavel Kouznetsov (jad@kpdus.com).
Usage: jad [option(s)] <filename(s)>
Options: -a - generate JVM instructions as comments (annotate)
-af - output fully qualified names when annotating
-b - generate redundant braces (braces)
-clear - clear all prefixes, including the default ones
-d <dir> - directory for output files
-dead - try to decompile dead parts of code (if there are any)
-dis - disassembler only (disassembler)
-f - generate fully qualified names (fullnames)
-ff - output fields before methods (fieldsfirst)
-i - print default initializers for fields (definits)
-l<num> - split strings into pieces of max <num> chars (splitstr)
-lnc - output original line numbers as comments (lnc)
-lradix<num>- display long integers using the specified radix
-nl - split strings on newline characters (splitstr)
-noconv - don't convert Java identifiers into valid ones (noconv)
-nocast - don't generate auxiliary casts
-noclass - don't convert .class operators
-nocode - don't generate the source code for methods
-noctor - suppress the empty constructors
-nodos - turn off check for class files written in DOS mode
-nofd - don't disambiguate fields with the same names (nofldis)
-noinner - turn off the support of inner classes
-nolvt - ignore Local Variable Table entries (nolvt)
-nonlb - don't insert a newline before opening brace (nonlb)
-o - overwrite output files without confirmation
-p - send all output to STDOUT (for piping)
-pa <pfx>- prefix for all packages in generated source files
-pc <pfx>- prefix for classes with numerical names (default: _cls)
-pe <pfx>- prefix for unused exception names (default: _ex)
-pf <pfx>- prefix for fields with numerical names (default: _fld)
-pi<num> - pack imports into one line using .* (packimports)
-pl <pfx>- prefix for locals with numerical names (default: _lcl)
-pm <pfx>- prefix for methods with numerical names (default: _mth)
-pp <pfx>- prefix for method parms with numerical names (default:_prm)
-pv<num> - pack fields with the same types into one line (packfields)
-r - restore package directory structure
-radix<num>- display integers using the specified radix (8, 10, or 16)
-s <ext> - output file extension (default: .jad)
-safe - generate additional casts to disambiguate methods/fields
-space - output space between keyword (if, while, etc) and expression
-stat - show the total number of processed classes/methods/fields
-t<num> - use <num> spaces for indentation (default: 4)
-t - use tabs instead of spaces for indentation
-v - show method names while decompiling
-8 - convert Unicode strings into ANSI strings (ansi)
-& - redirect STDERR to STDOUT
uuDeJava https://uuware.com/st_l.en/st_p2.uw_dejava.html?st_m=24-6
jad的第三方图形化界面。已过时不建议使用。
DJ Java Decompiler http://www.neshkov.com/
jad的第三方图形化界面。已过时不建议使用。
Procyon https://bitbucket.org/mstrobel/procyon/src/master/一停摆 https://github.com/mstrobel/procyon
最接近源码的java反编译引擎
原来的bitbucket中的存储库里有jar,不知道为什么在新存储库中不提供可执行bin文件了只有源码,似乎要自己手动构建。https://web.archive.org/web/20190614092620/https://bitbucket.org/mstrobel/procyon/downloads/ 这里历史记录还可以下载到jar。能下载到的版本是0.5.34。
用法:
E:>java -jar procyon-decompiler-0.5.34.jar -jar E:88dca183e1bd41b889931f1cfe403205-dex2jar.jar -o E:22
帮助:
E:>java -jar procyon-decompiler-0.5.34.jar
Usage: <main class> [options] <type names or class/jar files>
Options:
-b, --bytecode-ast
Output Bytecode AST instead of Java.
Default: false
-ci, --collapse-imports
Collapse multiple imports from the same package into a single wildcard
import.
Default: false
-cp, --constant-pool
Includes the constant pool when displaying raw bytecode (unnecessary with
-v).
Default: false
-dl, --debug-line-numbers
For debugging, show Java line numbers as inline comments (implies -ln;
requires -o).
Default: false
--disable-foreach
Disable 'for each' loop transforms.
Default: false
-eml, --eager-method-loading
Enable eager loading of method bodies (may speed up decompilation of
larger archives).
Default: false
-ent, --exclude-nested
Exclude nested types when decompiling their enclosing types.
Default: false
-ei, --explicit-imports
[DEPRECATED] Explicit imports are now enabled by default. This option
will be removed in a future release.
Default: false
-eta, --explicit-type-arguments
Always print type arguments to generic methods.
Default: false
-fsb, --flatten-switch-blocks
Drop the braces statements around switch sections when possible.
Default: false
-fq, --force-qualified-references
Force fully qualified type and member references in Java output.
Default: false
-?, --help
Display this usage information and exit.
Default: false
-jar, --jar-file
[DEPRECATED] Decompile all classes in the specified jar file (disables
-ent and -s).
-lc, --light
Use a color scheme designed for consoles with light background colors.
Default: false
-lv, --local-variables
Includes the local variable tables when displaying raw bytecode
(unnecessary with -v).
Default: false
-ll, --log-level
Set the level of log verbosity (0-3). Level 0 disables logging.
Default: 0
-mv, --merge-variables
Attempt to merge as many variables as possible. This may lead to fewer
declarations, but at the expense of inlining and useful naming. This feature is
experimental and may be removed or become the standard behavior in future releases.
Default: false
-o, --output-directory
Write decompiled results to specified directory instead of the console.
-r, --raw-bytecode
Output Raw Bytecode instead of Java (to control the level of detail, see:
-cp, -lv, -ta, -v).
Default: false
-ec, --retain-explicit-casts
Do not remove redundant explicit casts.
Default: false
-ps, --retain-pointless-switches
Do not lift the contents of switches having only a default label.
Default: false
-ss, --show-synthetic
Show synthetic (compiler-generated) members.
Default: false
-sm, --simplify-member-references
Simplify type-qualified member references in Java output [EXPERIMENTAL].
Default: false
-sl, --stretch-lines
Stretch Java lines to match original line numbers (only in combination
with -o) [EXPERIMENTAL].
Default: false
-ta, --type-attributes
Includes type attributes when displaying raw bytecode (unnecessary with
-v).
Default: false
--unicode
Enable Unicode output (printable non-ASCII characters will not be
escaped).
Default: false
-u, --unoptimized
Show unoptimized code (only in combination with -b).
Default: false
-v, --verbose
Includes more detailed output depending on the output language (currently
only supported for raw bytecode).
Default: false
--version
Display the decompiler version and exit.
Default: false
-ln, --with-line-numbers
Include line numbers in raw bytecode mode; supports Java mode with -o
only.
Default: false
E:>
d4j http://www.secureteam.net/d4j
Procyon第三方图形化界面
Fernflower https://github.com/JetBrains/intellij-community/tree/master/plugins/java-decompiler/engine
Fernflower似乎是为intellij的IDE开发的一款开源反编译插件,但是没有找到官方下载链接,似乎要自己手动构建,构建方法 https://www.youtube.com/watch?v=YiaglbXbTbQ
CFR 官网:https://github.com/leibnitz27/cfr https://www.benf.org/other/cfr/
最具现代化的java反编译引擎
支持很多java新特性。用java6开发编写的开源软件,唯一缺点没有任何说明文档。支持win、linux、osx平台,输入可以是jar,class文件,也可以是在classpath里的类名
java -jar cfr_0_110.jar D:example.jar –outputdir D:dataexample
--help查看帮助 --help pullcodecase 查看命令详细帮助kali@kali:~$ java -jar cfr.jar --help Picked up _JAVA_OPTIONS: -Dawt.useSystemAAFontSettings=on -Dswing.aatext=true CFR 0.149 java -jar CFRJAR.jar class_or_jar_file [method] [options] --aexagg (boolean) 尝试更积极地扩展和合并异常 --aggressivesizethreshold (int >= 0) default: 15000 触发大幅减少的操作码数量 --allowcorrecting (boolean) default: true 允许纠正错误的转换,但可能要以改变发出的代码行为为代价。 一个例子是删除不可能的(在java中!)异常处理--如果这有任何影响,将发出警告。 --analyseas (One of [DETECT, JAR, WAR, CLASS]) 强制文件作为“jar”或“class”进行分析 --arrayiter (boolean) default: true if class file from version 49.0 (Java 5) or greater --caseinsensitivefs (boolean) default: false --clobber (boolean) --collectioniter (boolean) default: true if class file from version 49.0 (Java 5) or greater --commentmonitors (boolean) default: false --comments (boolean) default: true --decodeenumswitch (boolean) default: true if class file from version 49.0 (Java 5) or greater --decodefinally (boolean) default: true --decodelambdas (boolean) default: true if class file from version 52.0 (Java 8) or greater --decodestringswitch (boolean) default: true if class file from version 51.0 (Java 7) or greater --dumpclasspath (boolean) default: false --eclipse (boolean) default: true --elidescala (boolean) default: false --extraclasspath (string) --forcecondpropagate (boolean) --forceexceptionprune (boolean) --forcereturningifs (boolean) --forcetopsort (boolean) --forcetopsortaggress (boolean) --forloopaggcapture (boolean) --hidebridgemethods (boolean) default: true --hidelangimports (boolean) default: true --hidelongstrings (boolean) default: false --hideutf (boolean) default: true --ignoreexceptions (boolean) default: false --ignoreexceptionsalways (boolean) default: false --importfilter (string) --innerclasses (boolean) default: true --instanceofpattern (boolean) default: true if class file from version 58.0 (Java 14) or greater, or experimental in 58.0 (Java 14) --j14classobj (boolean) default: false if class file from version 49.0 (Java 5) or greater --jarfilter (string) --labelledblocks (boolean) default: true --lenient (boolean) default: false --liftconstructorinit (boolean) default: true --methodname (string) --obfuscationpath (string) --outputdir (string) --outputpath (string) --override (boolean) default: true if class file from version 50.0 (Java 6) or greater --previewfeatures (boolean) default: true --pullcodecase (boolean) default: false 主动将代码放入case语句 --recordtypes (boolean) default: true if class file from version 58.0 (Java 14) or greater, or experimental in 58.0 (Java 14) --recover (boolean) default: true --recovertypeclash (boolean) --recovertypehints (boolean) --relinkconststring (boolean) default: true --removebadgenerics (boolean) default: true --removeboilerplate (boolean) default: true --removedeadmethods (boolean) default: true --removeinnerclasssynthetics (boolean) default: true --rename (boolean) default: false --renamedupmembers (boolean) default: Value of option 'rename' --renameenumidents (boolean) default: Value of option 'rename' --renameillegalidents (boolean) default: Value of option 'rename' --renamesmallmembers (int >= 0) default: 0 --showinferrable (boolean) default: false if class file from version 51.0 (Java 7) or greater --showversion (boolean) default: true --silent (boolean) default: false --skipbatchinnerclasses (boolean) default: true --stringbuffer (boolean) default: false if class file from version 49.0 (Java 5) or greater --stringbuilder (boolean) default: true if class file from version 49.0 (Java 5) or greater --stringconcat (boolean) default: true if class file from version 53.0 (Java 9) or greater --sugarasserts (boolean) default: true --sugarboxing (boolean) default: true --sugarenums (boolean) default: true if class file from version 49.0 (Java 5) or greater --switchexpression (boolean) default: true if class file from version 57.0 (Java 13) or greater, or experimental in 56.0 (Java 12) --tidymonitors (boolean) default: true --tryresources (boolean) default: true if class file from version 51.0 (Java 7) or greater --usenametable (boolean) default: true --help (string) Please specify '--help optionname' for specifics, eg --help pullcodecase kali@kali:~$
Candle
JAVA反汇编引擎介绍
Krakatau https://github.com/Storyyeller/Krakatau
一款用python开发的java反汇编器
用法示例:
python Krakatau/disassemble.py -out temp RecordTest.class
python Krakatau/disassemble.py -out disassembled.zip -roundtrip r0lling-challenge.jarVolcano github.com/redking00/Volcano
Krakatau的第三方GUI
适用于Linux(x64)和Windows(x64),可以将java二进制文件反汇编成.j文件,将j文件汇编成二进制,使得修改java成为可能
java逆向工程集成化工具
Bytecode Viewer 官网:bytecodeviewer.com https://github.com/Konloch/bytecode-viewer konloch.me一停摆 api:https://the.bytecode.club/docs/bytecode-viewer/
具有多个java反编译引擎的开源图形化类java反编译器
六个不同的JAVA反编译器,两个BYTECODE编辑器,一个JAVA编译器。类java指定的是安卓的使用非标准java。它用java开发编写的开源软件。支持win、linux、osx平台,输入可以是apk、dex、jar,class文件
用法:
直接推拽,菜单栏中的view可以修改引擎
帮助:
无
JEB https://www.pnfsoftware.com/
旨在打造成反编译多种文件和cpu架构的全能工具
起初是专注安卓逆向,现在不仅仅支持java和dex可执行文件,还支持pdf和多种架构。它类似IDA pro工具,是商业化软件。发展迅速
专注于安卓apk的java逆向工具
JADX https://github.com/skylot/jadx
Dex、Apk文件直接生成Java伪码的命令行和图形化开源java反编译器
该工具可以直接将安卓可执行程序直接反编译成java代码,方便我们查看代码。无需用dex转jar,在用jd-gui将jar转java伪代码的繁琐步骤。而且jadx还原成java伪代码要优于jd。
AndroChef http://www.androiddecompiler.com/
apktool
GDA http://www.gda.wiki:9090/index.php
使用起来就是一个字快,支持apk、dex反编译
dex2jar
安卓的java可执行文件dex转java
enjarify
https://github.com/google/enjarify
来自于谷歌官方的dex转jar工具,类似于dex2jar工具
smali2java http://www.hensence.com/cn/smali2java/#Download
smali是dex的汇编代码表示方法,可以修改smali达到修改可执行文件的方法