A high performance dex deobfuscator library
A high performance dex deobfuscator library(NDK).
Warning: The current project has been refactored,
1.1.0
and earlier APIs are deprecated. Please refer to the latest documentation for use.
API introduction
These two APIs can meet most of your usage scenarios:
DexKit::BatchFindClassesUsedStrings
DexKit::BatchFindMethodsUsedStrings
Note: In all cases you should avoid searching for keywords that contain duplicate content, eg: {“key_word”, “word”}, as this will cause tags to be overwritten, resulting in inaccurate search results. If there is such a need, open the advanced search mode as much as possible, and use the string to match the content exactly, for example, modify it to this: {“^key_word$”, “^word$”}
And there are many other APIs:
DexKit::FindMethodBeInvoked
: find caller for specified method.DexKit::FindMethodInvoking
: find the called methodDexKit::FindMethodUsedField
: find method getting specified field, access types(put/get) can be limited by settingused_flags
DexKit::FindMethodUsedString
: find method used utf8 stringDexKit::FindMethod
: find method by multiple conditionsDexKit::FindSubClasses
: find all direct subclasses of the specified classDexKit::FindMethodOpPrefixSeq
: find all method used opcode prefix sequence
For more detailed instructions, please refer to dex_kit.h.
Integration
Gradle:
implementation: com.github.LuckyPray:DexKit-Android:<version>
This library uses prefab, you should enable it in gradle (Android Gradle Plugin 4.1+):
android {
buildFeatures {
prefab true
}
}
Note: DexKit-Android uses the prefab package schema v2,
which is configured by default since Android Gradle Plugin 7.1.0.
If you are using Android Gradle Plugin earlier than 7.1.0, please add the following configuration to gradle.properties
:
android.prefabVersion=2.0.0
Usage
CMake
You can use find_package
in CMakeLists.txt
:
add_library(mylib SHARED main.cpp)
# Add two lines below
find_package(dexkit REQUIRED CONFIG)
target_link_libraries(mylib dexkit::dex_kit_static z)
Note: This header file was added since
1.1.0
At the same time, we also provide DexKitJniHelper.h
for the conversion of complex objects between java and c++. For example: HashMap<String, HashSet<String>>
-> std::map<std::string, std::set<std::string>>
JNI used example :
Example
Benchmark
qq-example.cpp in MacPro M1 to deobfuscate qq-8.9.3.apk
, the result is:
findClass count: 47
findMethod count: 29
used time: 207 ms
License
The slicer directory is partially copied from AOSP.
Modified parts are owed by LuckyPray Developers. If you would like to use it in an open source project, please submodule it.