How to use the command dexdump (with examples)

dexdump is a command-line utility that displays information about Android DEX files. It can extract classes and methods, display header information, and provide the dis-assembled output of executable sections. dexdump is a useful tool for understanding the inner workings of Android apps and analyzing DEX files.

Use case 1: Extract classes and methods from an APK file

Code:

dexdump path/to/file.apk

Motivation: When analyzing an APK file, it can be helpful to extract the classes and methods contained within it. This can provide insights into the functionality and structure of the app.

Explanation: The command “dexdump” is followed by the path to the APK file to be analyzed. By running this command, dexdump will extract and display the classes and methods from the specified APK file.

Example output:

Class #0 header:
  class_idx           : 2
  access_flags        : 1 (public)
  superclass_idx      : 0
  interfaces_off      : 0 (none)
...

Use case 2: Display header information of DEX files contained in an APK file

Code:

dexdump -f path/to/file.apk

Motivation: When examining an APK file, it can be useful to understand the header information of the DEX files it contains. This can provide insights into the Android app’s structure and dependencies.

Explanation: The command “dexdump” is followed by the “-f” flag, which instructs dexdump to display the header information of the DEX files within the specified APK file. The path to the APK file itself is also provided.

Example output:

magic               : 'dex\n035'
checksum            : 4855047d
signature           : 0676eef5f63ce8b266a68e5cb31263b628fc9a80
file_size           : 428544
header_size         : 112
...

Use case 3: Display the dis-assembled output of executable sections

Code:

dexdump -d path/to/file.apk

Motivation: When reverse engineering an Android app, it can be helpful to analyze the dis-assembled output of executable sections. This can provide insights into the app’s logic, control flow, and possible vulnerabilities.

Explanation: The command “dexdump” is followed by the “-d” flag, which tells dexdump to display the dis-assembled output of the executable sections within the specified APK file. The path to the APK file itself is also provided.

Example output:

  ...
  invoke-virtual {v0}, Ljava/lang/Exception;->printStackTrace()V //method@0012
  .line 69
  sget-object v1, Lcom/example/MainActivity;->TAG:Ljava/lang/String; //field@0027
  const-string v2, "Exception: %s" //string@0033
  ...

Use case 4: Output results to a file

Code:

dexdump -o path/to/file path/to/file.apk

Motivation: Saving the results of dexdump to a file allows for easier analysis and sharing of the extracted information. This can be particularly useful when working on a project collaboratively or when needing to refer back to the extracted data later.

Explanation: The command “dexdump” is followed by the “-o” flag, which indicates that the output should be saved to a file. The path to the output file is provided, followed by the path to the APK file to be analyzed.

Example output:

Output saved to: path/to/file

Conclusion:

The command “dexdump” is a powerful tool for analyzing Android DEX files. It can extract classes and methods, display header information, provide dis-assembled output, and save results to a file. By using dexdump, developers and security analysts can gain a deeper understanding of the inner workings of Android apps and effectively analyze DEX files.