Vdex Extractor
一款命令行工具,可以将Vdex文件转换为dex文件,以便于转化为jar文件。
依赖关系
主机系统中应安装以下外部库: zlib
- macOS with homebrew:
brew install zlib-devel
- macOS with macports:
port install zlib
- Linux with apt:
apt install libz-dev
- Other Linux/Unix systems: Check available package manager or compile from sources
Windows with cygwin: Install
zlib-devel
from cygwin installer## 使用方法
$ bin/vdexExtractor -h
vdexExtractor ver. 0.5.2
Anestis Bechtsoudis <anestis@census-labs.com>
Copyright 2017 - 2018 by CENSUS S.A. All Rights Reserved.
-i, --input=<path> : input dir (search recursively) or single file
-o, --output=<path> : output path (default is same as input)
-f, --file-override : allow output file override if already exists (default: false)
--no-unquicken : disable unquicken bytecode decompiler (don't de-odex)
--deps : dump verified dependencies information
--dis : enable bytecode disassembler
--ignore-crc-error : decompiled Dex CRC errors are ignored (see issue #3)
--new-crc=<path> : text file with extracted Apk or Dex file location checksum(s)
--get-api : get Android API level based on Vdex version (expects single Vdex file)
-v, --debug=LEVEL : log level (0 - FATAL ... 4 - DEBUG), default: '3' (INFO)
-l, --log-file=<path>: save disassembler and/or verified dependencies output to log file (default is STDOUT)
-h, --help : this help
实用脚本
### 1、extract-apps-from-device.sh
从连接的Android设备中提取安装包(用户和系统)的ART编译器输出资源(oat、ART、vdex)。还支持提取APK档案的安装包。由于应用了DAC权限,一些系统应用程序数据在没有根访问的情况下可能无法提取。
$ scripts/extract-apps-from-device.sh -h
Usage: extract-apps-from-device.sh [options]
options:
-o|--output <dir> : Output directory to save extracted data (default is '.')
-d|--device <devID>: Device serial to use instead of default interactive selection
--system-apps : Extract system apps too (default is user apps only)
--apks : Extract apks (default is optimized files only)
-h|--help : This help message
$ scripts/extract-apps-from-device.sh --system-apps -o /tmp/art_data --apks
[INFO]: Enumerating connected Android devices
[INFO]: Trying to extract data from '163' packages
[INFO]: Extracted data stored under '/tmp/art_data'
2、update-vdex-location-checksums.sh
使用从输入Apk存档文件中提取的CRCs更新Vdex文件位置校验和。有关如何使用该特性欺骗ART和绕过SafetyNet应用程序完整性检查的更多信息,请参阅此处。
$ scripts/update-vdex-location-checksums.sh -h
Usage: update-vdex-location-checksums.sh [options]
options:
-i|--input <file> : Input Vdex file to repair location checksum(s) within
-a|--app <file> : Input Apk file to extract location checksum(s) from
-o|--output <dir> : Directory to save updated Vdex file (default is '.')
-h|--help : This help message
### 3、tools/deodex/run.sh
帮助工具,以批量方式将(deodex) Vdex资源反编译回标准Dex文件。该工具自动处理CompactDex文件(如Android Pie中介绍的),并使用compact_dex_converter工具(更多信息在这里)转换回StandardDex。由于转换器是作为AOSP源代码的一部分进行编译的,为了方便起见,开发人员维护了一组用于Linux和macOS的二进制文件。
$ tools/deodex/run.sh -h
Usage: run.sh [options]
options:
-i|--input <path> : Directory with Vdex files or single file
-o|--output <dir> : Directory to save deodex'ed resources (default is '.')
-k|--keep : Keep intermediate files (default 'false')
-h|--help : This help message
$ tools/deodex/run.sh -i /tmp/vdex_samples -o /tmp/deodexed_samples
[INFO]: Processing 140 input Vdex files
[INFO]: 140 binaries have been successfully deodexed
感谢anestisb开发此工具并开源,github链接:https://github.com/anestisb/vdexExtractor