How to decompile DEX into Java source code?

Question

How can one decompile Android DEX (VM bytecode) files into corresponding Java source code?

Answer 1

A lot has changed since most of these answers were posted. Now-a-days there a are many easy tools with GUI's, like these:

• APK Easy Tool for Windows (GUI tool, friendly)
• Bytecode Viewer - APK/Java Reverse Engineering Suite
• URET Android Reverser Toolkit

Best place to find them is on the XDA Developers forum.

Answer 2

You might try JADX or Procyon, this is a perfect tool for DEX decompilation.

And yes, it is also available online on (my :0)) new site: http://www.javadecompilers.com/apk/

Answer 3

As others mentioned before, in 2 steps:

1. Dex2jar
2. Pick up a decompiler

I will focus on step 2.

Take a look at this research paper : The Strengths and Behavioral Quirks of Java Bytecode Decompilers

Understand the strength and weaknesses of each decompiler.

1. CFR: Considered by many as the absolute best decompiler, its specificity is that it takes a lot a liberty in graph transformations to maximise the chance of good results, at the expense of original code ordering, and has a lot of technical settings. The last version has a line number mapping but no line number realignment.
2. Procyon: This one has the best chances to produce well structured code, adds final keywords everywhere it can, but often adds unexpected illegal casts. It has also a GUI project Luyten.
3. Fernflower: It's the decompiler from the popular IDE Intellij Idea. It often decompiles right but code is sometimes not ideally structured and has very bad naming of exception variables var1..n.
4. Vineflower: It's a fork of fernflower which brings improvements and bug fixes, with a test suite borrowed to CFR.
5. JD-GUI: It's the GUI of the JD-CORE project. The new version of JD-CORE structures the code into a control flow graph and an abstract syntax tree. The previous version which was present until v1.4.2 of JD-GUI was another decompiler based on bytecode pattern matching like JAD. JD-CORE is focused on producing a recompilable output on many open source projects and also on getting line number realignment right for a debug-ready output.
6. JADX: This project looks actively maintained and promising, but for the time being, the results are not very solid.

The following GUI projects support several decompilers:

• Recaf: provides support for the following decompilers: CFR · FernFlower · Procyon
• Bytecodeviewer: A Java 8+ Jar & Android APK Reverse Engineering Suite (Editor, Debugger, decompilers like CFR, JD-GUI etc.)
• JD-GUI-DUO : this project uses forks of JD-CORE projects and revives the old algorithm in project named jd-core-v0 and brings improvements and bug fixes in a fork of jd-core v1. Also supports CFR, Procyon, Vineflower & JADX.

Also Eclipse plugins are worth mentioning:

• ECD and this fork
• JD-Eclipse and this fork

See also this answer

Answer 4

Since Dheeraj Bhaskar's answer is relatively old as many years past.

Here is my latest (2019 year) answer:

Main Logic

from dex to java sourcecode, currently has two kind of solution:

• One Step: directly convert dex to java sourcecode
• Two Step: first convert dex to jar, second convert jar to java sourcecode

---

One step solution: dex directly to java sourcecode

Tools

• jadx

Process

1. download jadx-0.9.0.zip, unzip it, in bin folder can see command line jadx or GUI version jadx-gui, double click to run GUI version: jadx-gui

2. open dex file

then can show java source code:

3. File -> save as gradle project

then got java sourcecode:

---

Two Step solution

Step1: dex to jar

Tools

• dex2jar

Process

download dex2jar zip, unzip got d2j-dex2jar.sh, then:

• apk to jar: sh d2j-dex2jar.sh -f ~/path/to/apk_to_decompile.apk
• dex to jar: sh d2j-dex2jar.sh -f ~/path/to/dex_to_decompile.dex

example:

➜  v3.4.8 /Users/crifan/dev/dev_tool/android/reverse_engineering/dex-tools/dex-tools-2.1-SNAPSHOT/d2j-dex2jar.sh -f com.huili.readingclub8825612.dex
dex2jar com.huili.readingclub8825612.dex -> ./com.huili.readingclub8825612-dex2jar.jar
➜  v3.4.8 ll
-rw-------  1 crifan  staff   9.5M  3 21 10:00 com.huili.readingclub8825612-dex2jar.jar
-rw-------  1 crifan  staff   8.4M  3 19 14:04 com.huili.readingclub8825612.dex

Step2: jar to java sourcecode

Tools

• jd-gui: most popular, but many code will decompile error
• CRF: popular, minor code will decompile error
• Procyon: popular, no code decompile error
  • GUI tool based on Procyon
    • Luyten:
    • Bytecode Viewer
• others
  • Krakatau
  • Fernflower
  • old one: AndroChef
  • etc.

Process

here demo Procyon convert jar to java source code:

download procyon-decompiler-0.5.34.jar

then using syntax:

java -jar /path/to/procyon-decompiler-0.5.34.jar -jar your_to_decompile.jar -o outputFolderName

example:

java -jar /Users/crifan/dev/dev_tool/android/reverse_engineering/Procyon/procyon-decompiler-0.5.34.jar -jar com.huili.readingclub8825612-dex2jar.jar -o com.huili.readingclub8825612

using editor VSCode to open exported source code, look like this:

Conclusion

Conversion correctness : Jadx > Procyon > CRF > JD-GUI

Recommend use: (One step solution's) Jadx

---

for more detailed explanation, please refer my online Chinese ebook: 安卓应用的安全和破解

Answer 5

It's easy

Get these tools:

1. dex2jar to translate dex files to jar files

2. jd-gui to view the java files in the jar

The source code is quite readable as dex2jar makes some optimizations.

Procedure:

And here's the procedure on how to decompile:

Step 1:

Convert classes.dex in test_apk-debug.apk to test_apk-debug_dex2jar.jar

d2j-dex2jar.sh -f -o output_jar.jar apk_to_decompile.apk
d2j-dex2jar.sh -f -o output_jar.jar dex_to_decompile.dex

Note 1: In the Windows machines all the .sh scripts are replaced by .bat scripts

Note 2: On linux/mac don't forget about sh or bash. The full command should be:

sh d2j-dex2jar.sh -f -o output_jar.jar apk_to_decompile.apk 

Note 3: Also, remember to add execute permission to dex2jar-X.X directory e.g. sudo chmod -R +x dex2jar-2.0

dex2jar documentation

Step 2:

Open the jar in JD-GUI

Answer 6

I have used

1. dex2jar + jd-gui
2. javadecompilers.com
3. enjarify
4. Apktool

But none beats google's own tools

1)Android Studio 2.x: build> analyze apk

2)Android Studio 3.0: Profile or Debug APK

Answer 7

Easiest method to decompile an android app is to download an app named ShowJava from playstore . Just select the application that needs to be decompiled from the list of applications. There are three different decompiler you can use to decompile an app namely -

CFR 0.110, JaDX 0.6.1 or FernFlower (analytical decompiler) .

Answer 8

Recent Debian have Python package androguard:

Description-en: full Python tool to play with Android files
 Androguard is a full Python tool to play with Android files.
  * DEX, ODEX
  * APK
  * Android's binary xml
  * Android resources
  * Disassemble DEX/ODEX bytecodes
  * Decompiler for DEX/ODEX files

Install corresponding packages:

sudo apt-get install androguard python-networkx

Decompile DEX file:

$ androdd -i classes.dex -o ./dir-for-output

Extract classes.dex from Apk + Decompile:

$ androdd -i app.apk -o ./dir-for-output

Apk file is nothing more that Java archive (JAR), you may extract files from archive via:

$ unzip app.apk -d ./dir-for-output

Answer 9

To clarify somewhat, there are two major paths you might take here depending on what you want to accomplish:

Decompile the Dalvik bytecode (dex) into readable Java source. You can do this easily with dex2jar and jd-gui, as fred mentions. The resulting source is useful to read and understand the functionality of an app, but will likely not produce 100% usable code. In other words, you can read the source, but you can't really modify and repackage it. Note that if the source has been obfuscated with proguard, the resulting source code will be substantially more difficult to untangle.

The other major alternative is to disassemble the bytecode to smali, an assembly language designed for precisely this purpose. I've found that the easiest way to do this is with apktool. Once you've got apktool installed, you can just point it at an apk file, and you'll get back a smali file for each class contained in the application. You can read and modify the smali or even replace classes entirely by generating smali from new Java source (to do this, you could compile your .java source to .class files with javac, then convert your .class files to .dex files with Android's dx compiler, and then use baksmali (smali disassembler) to convert the .dex to .smali files, as described in this question. There might be a shortcut here). Once you're done, you can easily package the apk back up with apktool again. Note that apktool does not sign the resulting apk, so you'll need to take care of that just like any other Android application.

If you go the smali route, you might want to try APK Studio, an IDE that automates some of the above steps to assist you with decompiling and recompiling an apk and installing it on a device.

In short, your choices are pretty much either to decompile into Java, which is more readable but likely irreversible, or to disassemble to smali, which is harder to read but much more flexible to make changes and repackage a modified app. Which approach you choose would depend on what you're looking to achieve.

Lastly, the suggestion of dare is also of note. It's a retargeting tool to convert .dex and .apk files to java .class files, so that they can be analyzed using typical java static analysis tools.

Answer 10

^{A more complete version of fred's answer:}

Manual way

First you need a tool to extract all the (compiled) classes on the DEX to a JAR.
There's one called dex2jar, which is made by a chinese student.

Then, you can use jd-gui to decompile the classes on the JAR to source code.
The resulting source should be quite readable, as dex2jar applies some optimizations.

Automatic way

You can use APKTool. It will automatically extract all the classes (.dex), resources (.asrc), then it will convert binary XML to human-readable XML, and it will also dissassemble the classes for you.
Disassembly will always be more robust than decompiling, especially with
JARs obfuscated with Pro Guard!

Just tell APKTool to decode the APK into a directory, then modify what you want,
and finally encode it back to an APK. That's all.

Important: APKTool dissassembles. It doesn't decompile.
The generated code won't be Java source.
But you should be able to read it, and even edit it if you're familiar with jasmin.
If you want Java source, please go over the Manual way.

Answer 11

I'd actually recommend going here: https://github.com/JesusFreke/smali

It provides BAKSMALI, which is a most excellent reverse-engineering tool for DEX files. It's made by JesusFreke, the guy who created the fameous ROMs for Android.

Answer 12

This can be done in following five steps:

This gem does these things for you automatically even the installation of required tools

1. convert apk file to zip
2. unzip the file
3. extract classes.dex from it
4. use dex to jar to convert classes.dex into jar file
5. use jadx gui to open the jar file as java source code

Answer 13

If you're not looking to download dex2jar, then just use the apk_grabber python script to decompile any apk into jar files. Then you read them with jd-gui.

Answer 14

Sometimes you get broken code, when using dex2jar/apktool, most notably in loops. To avoid this, use jadx, which decompiles dalvik bytecode into java source code, without creating a .jar/.class file first as dex2jar does (apktool uses dex2jar I think). It is also open-source and in active development. It even has a GUI, for GUI-fanatics. Try it!

Answer 15

Once you downloaded your APK file , You need to do the following steps to get a editable java code/document.

1. Convert your apk file to zip (while start your download don't go with "save" option , just go with "save as" and mention your extension as .zip) by doing like this you may avoid APKTOOL...
2. Extract the zip file , there you can find somefilename.dex. so now we need to convert dex -> .class
3. To do that, you need "dex2jar"(you can download it from http://code.google.com/p/dex2jar/ , after extracted, in command prompt you have to mention like, [D:\dex2jar-0.09>dex2jar somefilename.dex] (Keep in mind that your somefilename.dex must be inside the same folder where you have keep your dex2jar.)
4. Download jad from http://www.viralpatel.net/blogs/download/jad/jad.zip and extract it. Once extracted you can see two files like "jad.exe" and "Readme.txt" (sometimes "jad.txt" may there instead of "jad.exe", so just rename its extension as.exe to run)
5. Finally, in command prompt you have to mention like [D:\jad>jad -sjava yourfilename.class] it will parse your class file into editable java document.

Answer 16

Android Reverse Engineering is possible . Follow these steps to get .java file from apk file.

Step1 . Using dex2jar

• Generate .jar file from .apk file
• command : dex2jar sampleApp.apk

Step2 . Decompiling .jar using JD-GUI

• it decompiles the .class files i.e., we'll get obfuscated .java back from the apk.

Answer 17

With Dedexer, you can disassemble the .dex file into dalvik bytecode (.ddx).

Decompiling towards Java isn't possible as far as I know.
You can read about dalvik bytecode here.

Answer 18

Since no one mentioned this, there's one more tool: DED homepage

Install how-to and some explanations: Installation.

It was used in a quite interesting study of the security of top market apps(not really related, just if you're curious): A Survey of Android Application Security