A high performance dex deobfuscator library

DexKit-Android

README|中文文档

A high performance dex deobfuscator library(NDK).

Warning: The current project has been refactored, 1.1.0 and earlier APIs are deprecated. Please refer to the latest documentation for use.

API introduction

These two APIs can meet most of your usage scenarios:

  • DexKit::BatchFindClassesUsedStrings
  • DexKit::BatchFindMethodsUsedStrings

Note: In all cases you should avoid searching for keywords that contain duplicate content, eg: {“key_word”, “word”}, as this will cause tags to be overwritten, resulting in inaccurate search results. If there is such a need, open the advanced search mode as much as possible, and use the string to match the content exactly, for example, modify it to this: {“^key_word$”, “^word$”}

And there are many other APIs:

  • DexKit::FindMethodBeInvoked: find caller for specified method.
  • DexKit::FindMethodInvoking: find the called method
  • DexKit::FindMethodUsedField: find method getting specified field, access types(put/get) can be limited by setting used_flags
  • DexKit::FindMethodUsedString: find method used utf8 string
  • DexKit::FindMethod: find method by multiple conditions
  • DexKit::FindSubClasses: find all direct subclasses of the specified class
  • DexKit::FindMethodOpPrefixSeq: find all method used opcode prefix sequence

For more detailed instructions, please refer to dex_kit.h.

Integration

Gradle:

implementation: com.github.LuckyPray:DexKit-Android:<version>

This library uses prefab, you should enable it in gradle (Android Gradle Plugin 4.1+):

android {
    buildFeatures {
        prefab true
    }
}

Note: DexKit-Android uses the prefab package schema v2, which is configured by default since Android Gradle Plugin 7.1.0. If you are using Android Gradle Plugin earlier than 7.1.0, please add the following configuration to gradle.properties:

android.prefabVersion=2.0.0

Usage

CMake

You can use find_package in CMakeLists.txt:

add_library(mylib SHARED main.cpp)

# Add two lines below
find_package(dexkit REQUIRED CONFIG)
target_link_libraries(mylib dexkit::dex_kit_static z)

Note: This header file was added since 1.1.0

At the same time, we also provide DexKitJniHelper.h for the conversion of complex objects between java and c++. For example: HashMap<String, HashSet<String>> -> std::map<std::string, std::set<std::string>>

JNI used example :

Example

Benchmark

qq-example.cpp in MacPro M1 to deobfuscate qq-8.9.3.apk, the result is:

findClass count: 47
findMethod count: 29
used time: 207 ms

License

The slicer directory is partially copied from AOSP.

Modified parts are owed by LuckyPray Developers. If you would like to use it in an open source project, please submodule it.

GitHub

View Github