skylot/jadx

## JADX      [](https://search.maven.org/search?q=g:io.github.skylot%20AND%20jadx)  [](http://www.apache.org/licenses/LICENSE-2.0.html) **jadx** - Dex 转 Java 反编译器 用于从 Android Dex 和 Apk 文件生成 Java 源代码的命令行和 GUI 工具 **主要功能：** - 从 APK、dex、aar、aab 和 zip 文件将 Dalvik 字节码反编译为 Java 代码 - 从 `resources.arsc` 解码 `AndroidManifest.xml` 和其他资源 - 内置反混淆器 **jadx-gui 功能：** - 查看带有语法高亮的反编译代码 - 跳转到声明 - 查找用法 - 全文搜索 - smali 调试器，请查看 [wiki 页面](https://github.com/skylot/jadx/wiki/Smali-debugger) 了解设置和用法 Jadx-gui 快捷键绑定可以在 [这里](https://github.com/skylot/jadx/wiki/JADX-GUI-Key-bindings) 找到 在此查看这些功能的实际演示：[jadx-gui 功能概览](https://github.com/skylot/jadx/wiki/jadx-gui-features-overview) ### 下载 - 发行版 来自 [github: ](https://github.com/skylot/jadx/releases/latest) - 最新 [不稳定构建 ](https://nightly.link/skylot/jadx/workflows/build-artifacts/master) 下载后解压 zip 文件，进入 `bin` 目录并运行： - `jadx` - 命令行版本 - `jadx-gui` - UI 版本 在 Windows 上双击运行 `.bat` 文件 **注意：** 请确保已安装 Java 11 或更高版本的 64 位版本。 对于 Windows，您可以从 [oracle.com](https://www.oracle.com/java/technologies/downloads/#jdk17-windows) 下载（选择 x64 Installer）。 ### 安装 - Arch Linux [](https://archlinux.org/packages/extra/any/jadx/) [](https://aur.archlinux.org/packages/jadx-git) sudo pacman -S jadx - macOS [](https://formulae.brew.sh/formula/jadx) brew install jadx - Flathub [](https://flathub.org/apps/com.github.skylot.jadx) flatpak install flathub com.github.skylot.jadx ### 将 jadx 用作库 您可以在 Java 项目中使用 jadx，详情请查看 [wiki 页面](https://github.com/skylot/jadx/wiki/Use-jadx-as-a-library) ### 从源码构建 必须安装 JDK 11 或更高版本： ``` git clone https://github.com/skylot/jadx.git cd jadx ./gradlew dist ``` （在 Windows 上，使用 `gradlew.bat` 代替 `./gradlew`） 用于运行 jadx 的脚本将放置在 `build/jadx/bin` 中 并且也会打包到 `build/jadx-.zip` ### 用法 ``` jadx[-gui] [command] [options] (.apk, .dex, .jar, .class, .smali, .zip, .aar, .arsc, .aab, .xapk, .apkm, .jadx.kts) commands (use ' --help' for command options): plugins - manage jadx plugins options: -d, --output-dir - output directory -ds, --output-dir-src - output directory for sources -dr, --output-dir-res - output directory for resources -r, --no-res - do not decode resources -s, --no-src - do not decompile source code -j, --threads-count - processing threads count, default: 16 --single-class - decompile a single class, full name, raw or alias --single-class-output - file or dir for write if decompile a single class --output-format - can be 'java' or 'json', default: java -e, --export-gradle - save as gradle project (set '--export-gradle-type' to 'auto') --export-gradle-type - Gradle project template for export: 'auto' - detect automatically 'android-app' - Android Application (apk) 'android-library' - Android Library (aar) 'simple-java' - simple Java -m, --decompilation-mode - code output mode: 'auto' - trying best options (default) 'restructure' - restore code structure (normal java code) 'simple' - simplified instructions (linear, with goto's) 'fallback' - raw instructions without modifications --show-bad-code - show inconsistent code (incorrectly decompiled) --no-xml-pretty-print - do not prettify XML --no-imports - disable use of imports, always write entire package name --no-debug-info - disable debug info parsing and processing --add-debug-lines - add comments with debug line numbers if available --no-inline-anonymous - disable anonymous classes inline --no-inline-methods - disable methods inline --no-move-inner-classes - disable move inner classes into parent --no-inline-kotlin-lambda - disable inline for Kotlin lambdas --no-finally - don't extract finally block --no-restore-switch-over-string - don't restore switch over string --no-replace-consts - don't replace constant value with matching constant field --escape-unicode - escape non latin characters in strings (with \u) --respect-bytecode-access-modifiers - don't change original access modifiers --mappings-path - deobfuscation mappings file or directory. Allowed formats: Tiny and Tiny v2 (both '.tiny'), Enigma (.mapping) or Enigma directory --mappings-mode - set mode for handling the deobfuscation mapping file: 'read' - just read, user can always save manually (default) 'read-and-autosave-every-change' - read and autosave after every change 'read-and-autosave-before-closing' - read and autosave before exiting the app or closing the project 'ignore' - don't read or save (can be used to skip loading mapping files referenced in the project file) --deobf - activate deobfuscation --deobf-min - min length of name, renamed if shorter, default: 3 --deobf-max - max length of name, renamed if longer, default: 64 --deobf-whitelist - space separated list of classes (full name) and packages (ends with '.*') to exclude from deobfuscation, default: android.support.v4.* android.support.v7.* android.support.v4.os.* android.support.annotation.Px androidx.core.os.* androidx.annotation.Px --deobf-cfg-file - deobfuscation mappings file used for JADX auto-generated names (in the JOBF file format), default: same dir and name as input file with '.jobf' extension --deobf-cfg-file-mode - set mode for handling the JADX auto-generated names' deobfuscation map file: 'read' - read if found, don't save (default) 'read-or-save' - read if found, save otherwise (don't overwrite) 'overwrite' - don't read, always save 'ignore' - don't read and don't save --deobf-res-name-source - better name source for resources: 'auto' - automatically select best name (default) 'resources' - use resources names 'code' - use R class fields names --use-source-name-as-class-name-alias - use source name as class name alias: 'always' - always use source name if it's available 'if-better' - use source name if it seems better than the current one 'never' - never use source name, even if it's available --source-name-repeat-limit - allow using source name if it appears less than a limit number, default: 10 --use-kotlin-methods-for-var-names - use kotlin intrinsic methods to rename variables, values: disable, apply, apply-and-hide, default: apply --use-headers-for-detect-resource-extensions - Use headers for detect resource extensions if resource obfuscated --rename-flags - fix options (comma-separated list of): 'case' - fix case sensitivity issues (according to --fs-case-sensitive option), 'valid' - rename java identifiers to make them valid, 'printable' - remove non-printable chars from identifiers, or single 'none' - to disable all renames or single 'all' - to enable all (default) --integer-format - how integers are displayed: 'auto' - automatically select (default) 'decimal' - use decimal 'hexadecimal' - use hexadecimal --type-update-limit - type update limit count (per one instruction), default: 10 --fs-case-sensitive - treat filesystem as case sensitive, false by default --cfg - save methods control flow graph to dot file --raw-cfg - save methods control flow graph (use raw instructions) -f, --fallback - set '--decompilation-mode' to 'fallback' (deprecated) --use-dx - use dx/d8 to convert java bytecode --comments-level - set code comments level, values: error, warn, info, debug, user-only, none, default: info --log-level - set log level, values: quiet, progress, error, warn, info, debug, default: progress -v, --verbose - verbose output (set --log-level to DEBUG) -q, --quiet - turn off output (set --log-level to QUIET) --disable-plugins - comma separated list of plugin ids to disable --config - load configuration from file, can be: path to '.json' file short name - uses file with this name from config directory 'none' - to disable config loading --save-config - save current options into configuration file and exit, can be: empty - for default config path to '.json' file short name - file will be saved in config directory --print-files - print files and directories used by jadx (config, cache, temp) --version - print jadx version -h, --help - print this help Plugin options (-P=): dex-input: Load .dex and .apk files - dex-input.verify-checksum - verify dex file checksum before load, values: [yes, no], default: yes java-convert: Convert .class, .jar and .aar files to dex - java-convert.mode - convert mode, values: [dx, d8, both], default: both - java-convert.d8-desugar - use desugar in d8, values: [yes, no], default: no kotlin-metadata: Use kotlin.Metadata annotation for code generation - kotlin-metadata.class-alias - rename class alias, values: [yes, no], default: yes - kotlin-metadata.method-args - rename function arguments, values: [yes, no], default: yes - kotlin-metadata.fields - rename fields, values: [yes, no], default: yes - kotlin-metadata.companion - rename companion object, values: [yes, no], default: yes - kotlin-metadata.data-class - add data class modifier, values: [yes, no], default: yes - kotlin-metadata.to-string - rename fields using toString, values: [yes, no], default: yes - kotlin-metadata.getters - rename simple getters to field names, values: [yes, no], default: yes kotlin-smap: Use kotlin.SourceDebugExtension annotation for rename class alias - kotlin-smap.class-alias-source-dbg - rename class alias from SourceDebugExtension, values: [yes, no], default: no rename-mappings: various mappings support - rename-mappings.format - mapping format, values: [AUTO, TINY_FILE, TINY_2_FILE, ENIGMA_FILE, ENIGMA_DIR, PROGUARD_FILE, SRG_FILE, XSRG_FILE, JAM_FILE, CSRG_FILE, TSRG_FILE, TSRG_2_FILE, INTELLIJ_MIGRATION_MAP_FILE, RECAF_SIMPLE_FILE, JOBF_FILE], default: AUTO - rename-mappings.invert - invert mapping on load, values: [yes, no], default: no smali-input: Load .smali files - smali-input.api-level - Android API level, default: 27 Environment variables: JADX_DISABLE_XML_SECURITY - set to 'true' to disable all security checks for XML files JADX_DISABLE_ZIP_SECURITY - set to 'true' to disable all security checks for zip files JADX_ZIP_MAX_ENTRIES_COUNT - maximum allowed number of entries in zip files (default: 100 000) JADX_CONFIG_DIR - custom config directory, using system by default JADX_CACHE_DIR - custom cache directory, using system by default JADX_TMP_DIR - custom temp directory, using system by default Examples: jadx -d out classes.dex jadx --rename-flags "none" classes.dex jadx --rename-flags "valid, printable" classes.dex jadx --log-level ERROR app.apk jadx -Pdex-input.verify-checksum=no app.apk ``` 这些选项也适用于从命令行运行的 jadx-gui，并会覆盖首选项对话框中的设置 `plugins` 命令的用法 ``` usage: plugins [options] options: -i, --install - install plugin with locationId -j, --install-jar - install plugin from jar file -l, --list - list installed plugins -a, --available - list available plugins from jadx-plugins-list (aka marketplace) -u, --update - update installed plugins --uninstall - uninstall plugin with pluginId --disable - disable plugin with pluginId --enable - enable plugin with pluginId --list-all - list all plugins including bundled and dropins --list-versions - fetch latest versions of plugin from locationId (will download all artefacts, limited to 10) -h, --help - print this help ``` ### 故障排除 请查看 wiki 页面 [故障排除 Q&A](https://github.com/skylot/jadx/wiki/Troubleshooting-Q&A) ### 贡献 您可以通过以下方式支持本项目： - 发布您认为重要的新功能/优化想法 - 提交反编译问题，操作前请阅读：[创建 Issue](CONTRIBUTING.md#Open-Issue) - 发起 Pull Request，请遵循以下规则：[Pull Request 流程](CONTRIBUTING.md#Pull-Request-Process) *根据 Apache 2.0 许可证授权*

标签：AndroidManifest解析, Android安全, APK分析, Dalvik字节码, DEX转Java, GUI工具, JADX, JS文件枚举, Smali调试, 云安全监控, 云资产清单, 代码反混淆, 反编译工具, 后台面板检测, 域名枚举, 域名枚举, 安卓逆向, 漏洞分析, 目录枚举, 移动安全, 网络管理, 调试插件, 资源提取, 路径探测, 逆向工程, 静态分析