How to use the command dexdump (with examples)
dexdump is a command-line utility that displays information about Android DEX files. It can extract classes and methods, display header information, and provide the dis-assembled output of executable sections. dexdump is a useful tool for understanding the inner workings of Android apps and analyzing DEX files.
Use case 1: Extract classes and methods from an APK file
Code:
dexdump path/to/file.apk
Motivation: When analyzing an APK file, it can be helpful to extract the classes and methods contained within it. This can provide insights into the functionality and structure of the app.
Explanation: The command “dexdump” is followed by the path to the APK file to be analyzed. By running this command, dexdump will extract and display the classes and methods from the specified APK file.
Example output:
Class #0 header:
class_idx : 2
access_flags : 1 (public)
superclass_idx : 0
interfaces_off : 0 (none)
...
Use case 2: Display header information of DEX files contained in an APK file
Code:
dexdump -f path/to/file.apk
Motivation: When examining an APK file, it can be useful to understand the header information of the DEX files it contains. This can provide insights into the Android app’s structure and dependencies.
Explanation: The command “dexdump” is followed by the “-f” flag, which instructs dexdump to display the header information of the DEX files within the specified APK file. The path to the APK file itself is also provided.
Example output:
magic : 'dex\n035'
checksum : 4855047d
signature : 0676eef5f63ce8b266a68e5cb31263b628fc9a80
file_size : 428544
header_size : 112
...
Use case 3: Display the dis-assembled output of executable sections
Code:
dexdump -d path/to/file.apk
Motivation: When reverse engineering an Android app, it can be helpful to analyze the dis-assembled output of executable sections. This can provide insights into the app’s logic, control flow, and possible vulnerabilities.
Explanation: The command “dexdump” is followed by the “-d” flag, which tells dexdump to display the dis-assembled output of the executable sections within the specified APK file. The path to the APK file itself is also provided.
Example output:
...
invoke-virtual {v0}, Ljava/lang/Exception;->printStackTrace()V //method@0012
.line 69
sget-object v1, Lcom/example/MainActivity;->TAG:Ljava/lang/String; //field@0027
const-string v2, "Exception: %s" //string@0033
...
Use case 4: Output results to a file
Code:
dexdump -o path/to/file path/to/file.apk
Motivation: Saving the results of dexdump to a file allows for easier analysis and sharing of the extracted information. This can be particularly useful when working on a project collaboratively or when needing to refer back to the extracted data later.
Explanation: The command “dexdump” is followed by the “-o” flag, which indicates that the output should be saved to a file. The path to the output file is provided, followed by the path to the APK file to be analyzed.
Example output:
Output saved to: path/to/file
Conclusion:
The command “dexdump” is a powerful tool for analyzing Android DEX files. It can extract classes and methods, display header information, provide dis-assembled output, and save results to a file. By using dexdump, developers and security analysts can gain a deeper understanding of the inner workings of Android apps and effectively analyze DEX files.