research in Dex, OAT, ELF, .class, APK

Decoder

research for .class, oat, elf & oat format file for compiler.

Usage

• papk: unpack apk
• poat: unpack oat
• pelf: unpack elf
• pdex: unpack dex
• pclass: unpack class

decoder --papk _fixtures/apk/app-release-unsigned.apk

Library

Apktool is A tool for reverse engineering Android apk files.

Dalvik

Documents:

• Creating a Dalvik parser in Rust
• Reverse engineering and penetration testing on Android apps: my own list of tools

Library:

• https://github.com/mdeg/dexparser A Rust library for parsing Android's DEX file format with parser combinators.
• https://github.com/letmutx/dex-parser Rust parser for Android's dex format.
• https://github.com/SUPERAndroidAnalyzer/dalvik Dalvik parser in pure Rust.

Converter

• dex2jar Tools to work with android .dex and java .class files.

ELF

• Falcon is a formal binary analysis framework in Rust.
• panopticon A libre program analysis library for machine code.
• libgoblin An impish, cross-platform binary parsing crate, written in Rust.
• https://github.com/aep/elfkit An elf read and manipulation library in pure Rust (written from scratch, no bfd, no gnu code, no license infections), intended to be used in binary manipulation utils such as strip, chrpath, objcopy and ld. The end goal is to build a well designed library that facilitates all sorts of binary manipulation magic.

Core

panopticon is a libre program analysis library for machine code.

• Disassemble AMD64/x86, AVR, MOS 6502 and MIPS (WIP).
• Open PE and ELF files.
• Translate code to RREIL, a reverse engineering focused intermediate language in Single Static Assignment form (including memory operations).
• Construct control flow graphs and compute liveness information for each basic block.
• Interpolate stack pointer values using Guilfanov's method.
• Compute function summaries and substitute call sites with them.
• Run Abstract Interpretation analysis with fixed cardinality sets, strided intervals and Value Sets.
• Propagate constants, recover local variables and resolve indirect jumps.

Falcon is a formal binary analysis framework in Rust.

• Expression-based IL with strong influences from RREIL and Binary Ninja's LLIL.
• Semantically-equivalent binary translators for 32/64-bit x86, Mips, and Mipsel.
• Lifters for ELF and PE via goblin.
• Fixed-point engine for data-flow analysis and abstract interpretation.
• Performant memory models for analysis.
• A concrete executor over Falcon IL.

Proguard

• Rust Proguard Parser

APK

• https://github.com/avast/apkparser is a APK manifest & resources parsing in Golang.

Resources

• https://github.com/imager-io/imager Automated image compression for efficiently distributing images on the web.
• https://github.com/LiweiGogoing/resourcesParse

Documents

• Android 手把手分析resources.arsc

Class

• smali/baksmali is an assembler/disassembler for the dex format used by dalvik, Android's Java VM implementation.
• https://github.com/ollide/intellij-java2smali Simple plugin for IntelliJ IDEA & Android Studio to easily compile Java & Kotlin files to smali.

Documents

• linux -> Smallest x86 ELF Hello World
• ELF Hello World Tutorial

Video:

• The Teensy ELF Executable

Videos Tools

script, scriptreplay, recordmydesktop, audacity, pitivi, and ffmpeg.

Specification

• Dalvik Executable format

Logs

apktool d _fixtures/apk/app-release-unsigned.apk

I: Using Apktool 2.4.1 on app-release-unsigned.apk
I: Loading resource table...
I: Decoding AndroidManifest.xml with resources...
I: Loading resource table from file: /Users/fdhuang/Library/apktool/framework/1.apk
I: Regular manifest package...
I: Decoding file-resources...
I: Decoding values */* XMLs...
I: Baksmaling classes.dex...
I: Copying assets and libs...
I: Copying unknown files...
I: Copying original files...

License

@ 2020 A Phodal Huang's Idea. This code is distributed under the MPL license. See LICENSE in this directory.