├── .gitignore ├── build.gradle ├── gradle └── wrapper │ └── gradle-wrapper.properties ├── gradlew ├── gradlew.bat ├── readme.md ├── settings.gradle └── src ├── main └── java │ └── com │ └── leadroyal │ └── dex │ ├── ClassFinder.java │ ├── CommandParser.java │ ├── Config.java │ ├── Main.java │ └── ScanResult.java └── test └── java └── com └── leadroyal └── dex └── ClassFinderTest.java /.gitignore: -------------------------------------------------------------------------------- 1 | .gradle/ 2 | .idea/ 3 | build/ 4 | *.class 5 | out/ 6 | *.jar 7 | *.iml 8 | -------------------------------------------------------------------------------- /build.gradle: -------------------------------------------------------------------------------- 1 | plugins { 2 | id 'java' 3 | id 'org.springframework.boot' version '2.1.6.RELEASE' 4 | } 5 | 6 | group 'com.leadroyal' 7 | version '1.0.0' 8 | 9 | sourceCompatibility = 1.8 10 | 11 | repositories { 12 | mavenCentral() 13 | maven { url "https://plugins.gradle.org/m2/" } 14 | } 15 | 16 | dependencies { 17 | // https://mvnrepository.com/artifact/org.smali/dexlib2 18 | implementation group: 'org.smali', name: 'dexlib2', version: '2.2.7' 19 | // https://mvnrepository.com/artifact/commons-cli/commons-cli 20 | implementation group: 'commons-cli', name: 'commons-cli', version: '1.4' 21 | // https://mvnrepository.com/artifact/org.slf4j/slf4j-api 22 | implementation group: 'org.slf4j', name: 'slf4j-api', version: '1.7.26' 23 | // https://mvnrepository.com/artifact/org.slf4j/slf4j-simple 24 | implementation group: 'org.slf4j', name: 'slf4j-simple', version: '1.7.26' 25 | 26 | testImplementation group: 'junit', name: 'junit', version: '4.12' 27 | } 28 | -------------------------------------------------------------------------------- /gradle/wrapper/gradle-wrapper.properties: -------------------------------------------------------------------------------- 1 | #Sun Jun 30 18:46:59 CST 2019 2 | distributionBase=GRADLE_USER_HOME 3 | distributionPath=wrapper/dists 4 | zipStoreBase=GRADLE_USER_HOME 5 | zipStorePath=wrapper/dists 6 | distributionUrl=https\://services.gradle.org/distributions/gradle-5.4.1-bin.zip 7 | -------------------------------------------------------------------------------- /gradlew: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env sh 2 | 3 | ############################################################################## 4 | ## 5 | ## Gradle start up script for UN*X 6 | ## 7 | ############################################################################## 8 | 9 | # Attempt to set APP_HOME 10 | # Resolve links: $0 may be a link 11 | PRG="$0" 12 | # Need this for relative symlinks. 13 | while [ -h "$PRG" ] ; do 14 | ls=`ls -ld "$PRG"` 15 | link=`expr "$ls" : '.*-> \(.*\)$'` 16 | if expr "$link" : '/.*' > /dev/null; then 17 | PRG="$link" 18 | else 19 | PRG=`dirname "$PRG"`"/$link" 20 | fi 21 | done 22 | SAVED="`pwd`" 23 | cd "`dirname \"$PRG\"`/" >/dev/null 24 | APP_HOME="`pwd -P`" 25 | cd "$SAVED" >/dev/null 26 | 27 | APP_NAME="Gradle" 28 | APP_BASE_NAME=`basename "$0"` 29 | 30 | # Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script. 31 | DEFAULT_JVM_OPTS="" 32 | 33 | # Use the maximum available, or set MAX_FD != -1 to use that value. 34 | MAX_FD="maximum" 35 | 36 | warn () { 37 | echo "$*" 38 | } 39 | 40 | die () { 41 | echo 42 | echo "$*" 43 | echo 44 | exit 1 45 | } 46 | 47 | # OS specific support (must be 'true' or 'false'). 48 | cygwin=false 49 | msys=false 50 | darwin=false 51 | nonstop=false 52 | case "`uname`" in 53 | CYGWIN* ) 54 | cygwin=true 55 | ;; 56 | Darwin* ) 57 | darwin=true 58 | ;; 59 | MINGW* ) 60 | msys=true 61 | ;; 62 | NONSTOP* ) 63 | nonstop=true 64 | ;; 65 | esac 66 | 67 | CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar 68 | 69 | # Determine the Java command to use to start the JVM. 70 | if [ -n "$JAVA_HOME" ] ; then 71 | if [ -x "$JAVA_HOME/jre/sh/java" ] ; then 72 | # IBM's JDK on AIX uses strange locations for the executables 73 | JAVACMD="$JAVA_HOME/jre/sh/java" 74 | else 75 | JAVACMD="$JAVA_HOME/bin/java" 76 | fi 77 | if [ ! -x "$JAVACMD" ] ; then 78 | die "ERROR: JAVA_HOME is set to an invalid directory: $JAVA_HOME 79 | 80 | Please set the JAVA_HOME variable in your environment to match the 81 | location of your Java installation." 82 | fi 83 | else 84 | JAVACMD="java" 85 | which java >/dev/null 2>&1 || die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. 86 | 87 | Please set the JAVA_HOME variable in your environment to match the 88 | location of your Java installation." 89 | fi 90 | 91 | # Increase the maximum file descriptors if we can. 92 | if [ "$cygwin" = "false" -a "$darwin" = "false" -a "$nonstop" = "false" ] ; then 93 | MAX_FD_LIMIT=`ulimit -H -n` 94 | if [ $? -eq 0 ] ; then 95 | if [ "$MAX_FD" = "maximum" -o "$MAX_FD" = "max" ] ; then 96 | MAX_FD="$MAX_FD_LIMIT" 97 | fi 98 | ulimit -n $MAX_FD 99 | if [ $? -ne 0 ] ; then 100 | warn "Could not set maximum file descriptor limit: $MAX_FD" 101 | fi 102 | else 103 | warn "Could not query maximum file descriptor limit: $MAX_FD_LIMIT" 104 | fi 105 | fi 106 | 107 | # For Darwin, add options to specify how the application appears in the dock 108 | if $darwin; then 109 | GRADLE_OPTS="$GRADLE_OPTS \"-Xdock:name=$APP_NAME\" \"-Xdock:icon=$APP_HOME/media/gradle.icns\"" 110 | fi 111 | 112 | # For Cygwin, switch paths to Windows format before running java 113 | if $cygwin ; then 114 | APP_HOME=`cygpath --path --mixed "$APP_HOME"` 115 | CLASSPATH=`cygpath --path --mixed "$CLASSPATH"` 116 | JAVACMD=`cygpath --unix "$JAVACMD"` 117 | 118 | # We build the pattern for arguments to be converted via cygpath 119 | ROOTDIRSRAW=`find -L / -maxdepth 1 -mindepth 1 -type d 2>/dev/null` 120 | SEP="" 121 | for dir in $ROOTDIRSRAW ; do 122 | ROOTDIRS="$ROOTDIRS$SEP$dir" 123 | SEP="|" 124 | done 125 | OURCYGPATTERN="(^($ROOTDIRS))" 126 | # Add a user-defined pattern to the cygpath arguments 127 | if [ "$GRADLE_CYGPATTERN" != "" ] ; then 128 | OURCYGPATTERN="$OURCYGPATTERN|($GRADLE_CYGPATTERN)" 129 | fi 130 | # Now convert the arguments - kludge to limit ourselves to /bin/sh 131 | i=0 132 | for arg in "$@" ; do 133 | CHECK=`echo "$arg"|egrep -c "$OURCYGPATTERN" -` 134 | CHECK2=`echo "$arg"|egrep -c "^-"` ### Determine if an option 135 | 136 | if [ $CHECK -ne 0 ] && [ $CHECK2 -eq 0 ] ; then ### Added a condition 137 | eval `echo args$i`=`cygpath --path --ignore --mixed "$arg"` 138 | else 139 | eval `echo args$i`="\"$arg\"" 140 | fi 141 | i=$((i+1)) 142 | done 143 | case $i in 144 | (0) set -- ;; 145 | (1) set -- "$args0" ;; 146 | (2) set -- "$args0" "$args1" ;; 147 | (3) set -- "$args0" "$args1" "$args2" ;; 148 | (4) set -- "$args0" "$args1" "$args2" "$args3" ;; 149 | (5) set -- "$args0" "$args1" "$args2" "$args3" "$args4" ;; 150 | (6) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" ;; 151 | (7) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" ;; 152 | (8) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" ;; 153 | (9) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" "$args8" ;; 154 | esac 155 | fi 156 | 157 | # Escape application args 158 | save () { 159 | for i do printf %s\\n "$i" | sed "s/'/'\\\\''/g;1s/^/'/;\$s/\$/' \\\\/" ; done 160 | echo " " 161 | } 162 | APP_ARGS=$(save "$@") 163 | 164 | # Collect all arguments for the java command, following the shell quoting and substitution rules 165 | eval set -- $DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS "\"-Dorg.gradle.appname=$APP_BASE_NAME\"" -classpath "\"$CLASSPATH\"" org.gradle.wrapper.GradleWrapperMain "$APP_ARGS" 166 | 167 | # by default we should be in the correct project dir, but when run from Finder on Mac, the cwd is wrong 168 | if [ "$(uname)" = "Darwin" ] && [ "$HOME" = "$PWD" ]; then 169 | cd "$(dirname "$0")" 170 | fi 171 | 172 | exec "$JAVACMD" "$@" 173 | -------------------------------------------------------------------------------- /gradlew.bat: -------------------------------------------------------------------------------- 1 | @if "%DEBUG%" == "" @echo off 2 | @rem ########################################################################## 3 | @rem 4 | @rem Gradle startup script for Windows 5 | @rem 6 | @rem ########################################################################## 7 | 8 | @rem Set local scope for the variables with windows NT shell 9 | if "%OS%"=="Windows_NT" setlocal 10 | 11 | set DIRNAME=%~dp0 12 | if "%DIRNAME%" == "" set DIRNAME=. 13 | set APP_BASE_NAME=%~n0 14 | set APP_HOME=%DIRNAME% 15 | 16 | @rem Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script. 17 | set DEFAULT_JVM_OPTS= 18 | 19 | @rem Find java.exe 20 | if defined JAVA_HOME goto findJavaFromJavaHome 21 | 22 | set JAVA_EXE=java.exe 23 | %JAVA_EXE% -version >NUL 2>&1 24 | if "%ERRORLEVEL%" == "0" goto init 25 | 26 | echo. 27 | echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. 28 | echo. 29 | echo Please set the JAVA_HOME variable in your environment to match the 30 | echo location of your Java installation. 31 | 32 | goto fail 33 | 34 | :findJavaFromJavaHome 35 | set JAVA_HOME=%JAVA_HOME:"=% 36 | set JAVA_EXE=%JAVA_HOME%/bin/java.exe 37 | 38 | if exist "%JAVA_EXE%" goto init 39 | 40 | echo. 41 | echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME% 42 | echo. 43 | echo Please set the JAVA_HOME variable in your environment to match the 44 | echo location of your Java installation. 45 | 46 | goto fail 47 | 48 | :init 49 | @rem Get command-line arguments, handling Windows variants 50 | 51 | if not "%OS%" == "Windows_NT" goto win9xME_args 52 | 53 | :win9xME_args 54 | @rem Slurp the command line arguments. 55 | set CMD_LINE_ARGS= 56 | set _SKIP=2 57 | 58 | :win9xME_args_slurp 59 | if "x%~1" == "x" goto execute 60 | 61 | set CMD_LINE_ARGS=%* 62 | 63 | :execute 64 | @rem Setup the command line 65 | 66 | set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar 67 | 68 | @rem Execute Gradle 69 | "%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %CMD_LINE_ARGS% 70 | 71 | :end 72 | @rem End local scope for the variables with windows NT shell 73 | if "%ERRORLEVEL%"=="0" goto mainEnd 74 | 75 | :fail 76 | rem Set variable GRADLE_EXIT_CONSOLE if you need the _script_ return code instead of 77 | rem the _cmd.exe /c_ return code! 78 | if not "" == "%GRADLE_EXIT_CONSOLE%" exit 1 79 | exit /b 1 80 | 81 | :mainEnd 82 | if "%OS%"=="Windows_NT" endlocal 83 | 84 | :omega 85 | -------------------------------------------------------------------------------- /readme.md: -------------------------------------------------------------------------------- 1 | # dex-finder 2 | 3 | ## 简介 4 | 5 | `dex-finder` 是一个基于 dexlib2 实现的简单脚本,用于确认一个类所在的 dex 的位置,设计时是为了以下两种情况使用的: 6 | 7 | 1. 现在的 apk 大部分都已经是 multi-dex 格式了,使用 JEB 打开整个 apk 很慢,使用 `dex-finder` 可以快速定位到目标 8 | 9 | 2. 应用程序使用的类,可能来自动态加载的其他 dex,我们只需要把整个目录都拖出来,逐个文件运行一遍就可以找到它 10 | 11 | 站在巨人的肩膀上,作为一个小工具,还是比较好用的。 12 | 13 | ## 下载地址 14 | 15 | [https://github.com/LeadroyaL/dex-finder/releases/](https://github.com/LeadroyaL/dex-finder/releases/) 16 | 17 | ## 用法 18 | ``` 19 | usage: java -jar [-d] [-r] [-us] [-f file/directory] [-c classname] 20 | -c,--class Class you want to find. 21 | -d,--debug Enable debug log. 22 | -f,--file File or directory to be scanned. 23 | -h,--help Show help. 24 | -r,--recursive Recursive scan files. 25 | -us,--use-sig Use class signature. If enable, use Ljava/lang/String; . 26 | java -jar dex-finder.jar -f demo.apk -c com.example.Activity 27 | java -jar dex-finder.jar -f classed.dex -c com.example.Activity 28 | java -jar dex-finder.jar -f /path/unzip_result/ -c com.example.Activity 29 | ``` 30 | 31 | `-c` 指定想要查的类(可以同时指定多个) 32 | 33 | `-f` 指定搜索的文件或文件夹(可以同时指定多个) 34 | 35 | 可以是 dex 36 | 可以是 apk 37 | 可以是 apk 直接解压后的文件夹 38 | 39 | `-r` 如果是文件夹,进行递归搜索 40 | 41 | `-us` 使用类的签名。例如:默认情况输入 java.lang.String,开启 use-sig 后,需要输入 Ljava/lang/String; 42 | 43 | `-d` 开启详细日志(其实也没多详细) 44 | 45 | ## 示例 46 | 47 | 以微博国际版为例,它有两个 dex 文件,无需解压,直接调用,我们随便挑 3 个类 48 | 49 | ``` 50 | ➜ dex-finder java -jar dex-finder-1.0.0.jar -c com.weico.international.activity.MainFragmentActivity -c de.greenrobot.event.EventBus -c com.weico.international.utility.LogUtil -f /tmp/weico-no-ads/weico.apk -r 51 | [main] INFO com.leadroyal.dex.CommandParser - parse command success 52 | [main] INFO com.leadroyal.dex.ClassFinder - Check /tmp/weico-no-ads/weico.apk->classes.dex finished 53 | [main] INFO com.leadroyal.dex.ClassFinder - Check /tmp/weico-no-ads/weico.apk->classes2.dex finished 54 | This is report! 55 | ====Known classes==== 56 | Lde/greenrobot/event/EventBus; found @ /tmp/weico-no-ads/weico.apk->classes2.dex 57 | Lcom/weico/international/activity/MainFragmentActivity; found @ /tmp/weico-no-ads/weico.apk->classes2.dex 58 | Lcom/weico/international/utility/LogUtil; found @ /tmp/weico-no-ads/weico.apk->classes.dex 59 | ====Unknown classes==== 60 | ``` 61 | 62 | 再找一个大型的 APP,例如淘宝的 apk,它会动态加载 `libsgmain.so` 这个 dex 文件 63 | 64 | 使用指定单独 apk 的方式,有一个找不到的类 65 | 66 | ``` 67 | ➜ dex-finder java -jar dex-finder-1.0.0.jar -c c8.STqg -c com.alibaba.wireless.security.framework.IRouterComponent -c com.alibaba.wireless.security.mainplugin.SecurityGuardMainPlugin -f /tmp/tb.apk -r 68 | [main] INFO com.leadroyal.dex.CommandParser - parse command success 69 | [main] INFO com.leadroyal.dex.ClassFinder - Check /tmp/tb.apk->classes.dex finished 70 | [main] INFO com.leadroyal.dex.ClassFinder - Check /tmp/tb.apk->classes2.dex finished 71 | [main] INFO com.leadroyal.dex.ClassFinder - Check /tmp/tb.apk->classes3.dex finished 72 | [main] INFO com.leadroyal.dex.ClassFinder - Check /tmp/tb.apk->classes4.dex finished 73 | [main] INFO com.leadroyal.dex.ClassFinder - Check /tmp/tb.apk->classes5.dex finished 74 | [main] INFO com.leadroyal.dex.ClassFinder - Check /tmp/tb.apk->classes6.dex finished 75 | [main] INFO com.leadroyal.dex.ClassFinder - Check /tmp/tb.apk->classes7.dex finished 76 | [main] INFO com.leadroyal.dex.ClassFinder - Check /tmp/tb.apk->classes8.dex finished 77 | [main] INFO com.leadroyal.dex.ClassFinder - Check /tmp/tb.apk->classes9.dex finished 78 | [main] INFO com.leadroyal.dex.ClassFinder - Check /tmp/tb.apk->classes10.dex finished 79 | [main] INFO com.leadroyal.dex.ClassFinder - Check /tmp/tb.apk->classes11.dex finished 80 | [main] INFO com.leadroyal.dex.ClassFinder - Check /tmp/tb.apk->classes12.dex finished 81 | [main] INFO com.leadroyal.dex.ClassFinder - Check /tmp/tb.apk->classes13.dex finished 82 | [main] INFO com.leadroyal.dex.ClassFinder - Check /tmp/tb.apk->classes14.dex finished 83 | This is report! 84 | ====Known classes==== 85 | Lcom/alibaba/wireless/security/framework/IRouterComponent; found @ /tmp/tb.apk->classes.dex 86 | Lc8/STqg; found @ /tmp/tb.apk->classes.dex 87 | ====Unknown classes==== 88 | Lcom/alibaba/wireless/security/mainplugin/SecurityGuardMainPlugin; 89 | ``` 90 | 91 | 解压后,指定目录,全部都找到了 92 | 93 | ``` 94 | ➜ dex-finder java -jar dex-finder-1.0.0.jar -c c8.STqg -c com.alibaba.wireless.security.framework.IRouterComponent -c com.alibaba.wireless.security.mainplugin.SecurityGuardMainPlugin -f /tmp/tt -r 95 | [main] INFO com.leadroyal.dex.CommandParser - parse command success 96 | [main] INFO com.leadroyal.dex.ClassFinder - Check /tmp/tt/classes9.dex finished 97 | [main] INFO com.leadroyal.dex.ClassFinder - Check /tmp/tt/classes8.dex finished 98 | [main] INFO com.leadroyal.dex.ClassFinder - Check /tmp/tt/classes11.dex finished 99 | [main] INFO com.leadroyal.dex.ClassFinder - Check /tmp/tt/classes10.dex finished 100 | [main] INFO com.leadroyal.dex.ClassFinder - Check /tmp/tt/classes12.dex finished 101 | [main] INFO com.leadroyal.dex.ClassFinder - Check /tmp/tt/classes3.dex finished 102 | [main] INFO com.leadroyal.dex.ClassFinder - Check /tmp/tt/classes2.dex finished 103 | [main] INFO com.leadroyal.dex.ClassFinder - Check /tmp/tt/classes13.dex finished 104 | [main] INFO com.leadroyal.dex.ClassFinder - Check /tmp/tt/classes.dex finished 105 | [main] INFO com.leadroyal.dex.ClassFinder - Check /tmp/tt/classes6.dex finished 106 | [main] INFO com.leadroyal.dex.ClassFinder - Check /tmp/tt/classes7.dex finished 107 | [main] INFO com.leadroyal.dex.ClassFinder - Check /tmp/tt/classes14.dex finished 108 | [main] INFO com.leadroyal.dex.ClassFinder - Check /tmp/tt/lib/armeabi/libsgmisc.so->classes.dex finished 109 | [main] INFO com.leadroyal.dex.ClassFinder - Check /tmp/tt/lib/armeabi/libsgavmp.so->classes.dex finished 110 | [main] INFO com.leadroyal.dex.ClassFinder - Check /tmp/tt/lib/armeabi/libservicefakedex.so->classes.dex finished 111 | [main] INFO com.leadroyal.dex.ClassFinder - Check /tmp/tt/lib/armeabi/libsgnocaptcha.so->classes.dex finished 112 | [main] INFO com.leadroyal.dex.ClassFinder - Check /tmp/tt/lib/armeabi/libpreverify.so finished 113 | [main] INFO com.leadroyal.dex.ClassFinder - Check /tmp/tt/lib/armeabi/libsgsecuritybody.so->classes.dex finished 114 | [main] INFO com.leadroyal.dex.ClassFinder - Check /tmp/tt/lib/armeabi/libsgmain.so->classes.dex finished 115 | This is report! 116 | ====Known classes==== 117 | Lcom/alibaba/wireless/security/mainplugin/SecurityGuardMainPlugin; found @ /tmp/tt/lib/armeabi/libsgmain.so->classes.dex 118 | Lc8/STqg; found @ /tmp/tt/classes.dex->./ 119 | Lcom/alibaba/wireless/security/framework/IRouterComponent; found @ /tmp/tt/classes.dex->./ 120 | ====Unknown classes==== 121 | ``` 122 | 123 | 124 | ## 编译 125 | 126 | ``` 127 | gradle build 128 | ``` 129 | 130 | 会在 `build/libs/` 下获得由 springboot 打包过的可独立运行的文件。 131 | 132 | -------------------------------------------------------------------------------- /settings.gradle: -------------------------------------------------------------------------------- 1 | rootProject.name = 'dex-finder' 2 | 3 | -------------------------------------------------------------------------------- /src/main/java/com/leadroyal/dex/ClassFinder.java: -------------------------------------------------------------------------------- 1 | package com.leadroyal.dex; 2 | 3 | import org.jf.dexlib2.DexFileFactory; 4 | import org.jf.dexlib2.Opcodes; 5 | import org.jf.dexlib2.dexbacked.DexBackedClassDef; 6 | import org.jf.dexlib2.dexbacked.DexBackedDexFile; 7 | import org.jf.dexlib2.dexbacked.raw.ClassDefItem; 8 | import org.slf4j.Logger; 9 | import org.slf4j.LoggerFactory; 10 | 11 | import java.io.*; 12 | import java.util.HashSet; 13 | import java.util.Set; 14 | 15 | public class ClassFinder { 16 | private static final Logger logger = LoggerFactory.getLogger(ClassFinder.class); 17 | 18 | private static Set checkBackend(DexBackedDexFile dexFile, Set target) { 19 | Set found = new HashSet<>(); 20 | for (DexBackedClassDef def : dexFile.getClasses()) { 21 | String type = def.getType(); 22 | if (target.contains(type)) { 23 | target.remove(type); 24 | found.add(type); 25 | } 26 | } 27 | return found; 28 | } 29 | 30 | public static String javaToDexName(String javaName) { 31 | if (javaName.charAt(0) == '[') { 32 | return javaName.replace('.', '/'); 33 | } 34 | return 'L' + javaName.replace('.', '/') + ';'; 35 | } 36 | 37 | public static String dexToJavaName(String dexName) { 38 | if (dexName.charAt(0) == '[') { 39 | return dexName.replace('/', '.'); 40 | } 41 | return dexName.replace('/', '.').substring(1, dexName.length() - 2); 42 | } 43 | 44 | public static void handleDex(String file, ScanResult result) { 45 | try (InputStream inputStream = new BufferedInputStream(new FileInputStream(file))) { 46 | DexBackedDexFile dexFile = DexBackedDexFile.fromInputStream(Opcodes.getDefault(), inputStream); 47 | for (String targetClass : checkBackend(dexFile, result.targetClasses)) 48 | result.results.add(new ScanResult.Position(targetClass, file, "./")); 49 | logger.info("Check {} finished", file); 50 | } catch (DexBackedDexFile.NotADexFile e) { 51 | logger.debug("{} isn't a dex file", file); 52 | } catch (IOException e) { 53 | e.printStackTrace(); 54 | } 55 | 56 | } 57 | 58 | public static void handleApk(String file, ScanResult result) { 59 | for (int i = 1; true; i++) { 60 | String innerPath = String.format("classes%d.dex", i); 61 | if (i == 1) 62 | innerPath = "classes.dex"; 63 | try { 64 | DexBackedDexFile dexFile = DexFileFactory.loadDexEntry(new File(file), innerPath, true, Opcodes.getDefault()); 65 | for (String targetClass : checkBackend(dexFile, result.targetClasses)) 66 | result.results.add(new ScanResult.Position(targetClass, file, innerPath)); 67 | logger.info("Check {}->{} finished", file, innerPath); 68 | } catch (DexFileFactory.DexFileNotFoundException e) { 69 | logger.debug("{} finished because it doesn't have {}", file, innerPath); 70 | break; 71 | } catch (IOException e) { 72 | e.printStackTrace(); 73 | } 74 | } 75 | } 76 | } 77 | -------------------------------------------------------------------------------- /src/main/java/com/leadroyal/dex/CommandParser.java: -------------------------------------------------------------------------------- 1 | package com.leadroyal.dex; 2 | 3 | import org.apache.commons.cli.*; 4 | import org.slf4j.Logger; 5 | import org.slf4j.LoggerFactory; 6 | import org.slf4j.impl.SimpleLogger; 7 | 8 | import java.io.File; 9 | import java.util.Arrays; 10 | 11 | public class CommandParser { 12 | private static final Logger logger = LoggerFactory.getLogger(CommandParser.class); 13 | 14 | public Config parse(String[] args) { 15 | logger.debug("parse command start"); 16 | Config config = new Config(); 17 | String cmdLineSyntax = "java -jar [-d] [-r] [-us] [-f file/directory] [-c classname]"; 18 | Options options = new Options(); 19 | options.addOption("c", "class", true, "Class you want to find."); 20 | options.addOption("f", "file", true, "File or directory to be scanned."); 21 | options.addOption("us", "use-sig", false, "Use class signature. If enable, use Ljava/lang/String; ."); 22 | options.addOption("r", "recursive", false, "Recursive scan files."); 23 | options.addOption("d", "debug", false, "Enable debug log."); 24 | options.addOption("h", "help", false, "Show help."); 25 | DefaultParser parser = new DefaultParser(); 26 | HelpFormatter formatter = new HelpFormatter(); 27 | formatter.setWidth(100); 28 | try { 29 | CommandLine commands = parser.parse(options, args); 30 | if (commands.hasOption("h") || !commands.hasOption("c") || !commands.hasOption("f")) { 31 | String footer = "java -jar dex-finder.jar -f demo.apk -c com.example.Activity\n" + 32 | "java -jar dex-finder.jar -f classed.dex -c com.example.Activity\n" + 33 | "java -jar dex-finder.jar -f /path/unzip_result/ -c com.example.Activity\n"; 34 | formatter.printHelp(cmdLineSyntax, null, options, footer); 35 | System.exit(0); 36 | } 37 | if (commands.hasOption("us")) { 38 | config.targetClasses.addAll(Arrays.asList(commands.getOptionValues("c"))); 39 | } else { 40 | for (String s : commands.getOptionValues("c")) { 41 | config.targetClasses.add(ClassFinder.javaToDexName(s)); 42 | } 43 | } 44 | for (String path : commands.getOptionValues("f")) { 45 | File f = new File(path); 46 | if (f.exists()) { 47 | if (f.isDirectory()) { 48 | config.directories.add(path); 49 | } else { 50 | config.files.add(path); 51 | } 52 | } else { 53 | logger.warn("No such file or directory {}", path); 54 | } 55 | } 56 | config.recursive = commands.hasOption("r"); 57 | if (commands.hasOption("d")) 58 | System.setProperty(SimpleLogger.DEFAULT_LOG_LEVEL_KEY, "debug"); 59 | if (config.targetClasses.isEmpty()) { 60 | logger.error("No class specified, abort scan."); 61 | System.exit(0); 62 | } 63 | if (config.files.isEmpty() && config.directories.isEmpty()) { 64 | logger.error("No files or directories specified, abort scan."); 65 | System.exit(0); 66 | } 67 | } catch (ParseException e) { 68 | e.printStackTrace(); 69 | logger.error("parse command success"); 70 | return null; 71 | } 72 | logger.info("parse command success"); 73 | return config; 74 | } 75 | } 76 | -------------------------------------------------------------------------------- /src/main/java/com/leadroyal/dex/Config.java: -------------------------------------------------------------------------------- 1 | package com.leadroyal.dex; 2 | 3 | import java.util.HashSet; 4 | import java.util.Set; 5 | 6 | public class Config { 7 | public Set targetClasses = new HashSet<>(); 8 | public Set files = new HashSet<>(); 9 | public Set directories = new HashSet<>(); 10 | public boolean recursive; 11 | } 12 | -------------------------------------------------------------------------------- /src/main/java/com/leadroyal/dex/Main.java: -------------------------------------------------------------------------------- 1 | package com.leadroyal.dex; 2 | 3 | import org.jf.dexlib2.dexbacked.ZipDexContainer; 4 | 5 | import java.io.File; 6 | import java.io.IOException; 7 | import java.util.ArrayList; 8 | import java.util.List; 9 | 10 | public class Main { 11 | public static void main(String[] args) throws IOException { 12 | 13 | Config config = new CommandParser().parse(args); 14 | ScanResult result = new ScanResult(config.targetClasses); 15 | // scan config.files 16 | for (String file : config.files) { 17 | if (result.shouldFinish()) 18 | break; 19 | processFile(file, result); 20 | } 21 | // scan config.directories 22 | for (String directory : config.directories) { 23 | if (config.recursive) { 24 | // when enable recursive 25 | for (String file : recursiveVisit(directory)) 26 | if (new File(file).isFile()) { 27 | if (result.shouldFinish()) 28 | break; 29 | processFile(file, result); 30 | } 31 | 32 | } else { 33 | String[] files = new File(directory).list(); 34 | for (String file : files) 35 | if (new File(directory + File.separator + file).isFile()) { 36 | if (result.shouldFinish()) 37 | break; 38 | processFile(directory + File.separator + file, result); 39 | } 40 | } 41 | } 42 | result.show(); 43 | } 44 | 45 | private static List recursiveVisit(String directory) { 46 | List ret = new ArrayList<>(); 47 | File[] fs = new File(directory).listFiles(); 48 | for (File f : fs) { 49 | if (f.isDirectory()) 50 | ret.addAll(recursiveVisit(directory + File.separator + f.getName())); 51 | if (f.isFile()) { 52 | if (!f.getName().endsWith(".png") 53 | && !f.getName().endsWith(".xml") 54 | && !f.getName().endsWith(".jpg")) 55 | ret.add(directory + File.separator + f.getName()); 56 | } 57 | } 58 | return ret; 59 | } 60 | 61 | private static void processFile(String file, ScanResult result) { 62 | ZipDexContainer container = new ZipDexContainer(new File(file), null); 63 | if (container.isZipFile()) { 64 | // case apk 65 | ClassFinder.handleApk(file, result); 66 | } else { 67 | // case dex 68 | ClassFinder.handleDex(file, result); 69 | } 70 | } 71 | } 72 | -------------------------------------------------------------------------------- /src/main/java/com/leadroyal/dex/ScanResult.java: -------------------------------------------------------------------------------- 1 | package com.leadroyal.dex; 2 | 3 | import java.util.HashSet; 4 | import java.util.Set; 5 | 6 | public class ScanResult { 7 | public ScanResult(Set targetClasses) { 8 | this.targetClasses = new HashSet<>(targetClasses); 9 | } 10 | 11 | public static class Position { 12 | public String targetClass; 13 | public String filePath; 14 | public String innerPath; 15 | 16 | public Position() { 17 | } 18 | 19 | public Position(String targetClass, String filePath, String innerPath) { 20 | this.targetClass = targetClass; 21 | this.filePath = filePath; 22 | this.innerPath = innerPath; 23 | } 24 | 25 | @Override 26 | public String toString() { 27 | return String.format("%s found @ %s->%s", targetClass, filePath, innerPath); 28 | } 29 | } 30 | 31 | public Set results = new HashSet<>(); 32 | public Set targetClasses; 33 | 34 | 35 | public boolean shouldFinish() { 36 | return targetClasses.isEmpty(); 37 | } 38 | 39 | 40 | public void show() { 41 | System.out.println("This is report!"); 42 | System.out.println("====Known classes===="); 43 | for (Position position : results) 44 | System.out.println(position); 45 | System.out.println("====Unknown classes===="); 46 | for (String targetClass : targetClasses) 47 | System.out.println(targetClass); 48 | } 49 | } 50 | 51 | -------------------------------------------------------------------------------- /src/test/java/com/leadroyal/dex/ClassFinderTest.java: -------------------------------------------------------------------------------- 1 | package com.leadroyal.dex; 2 | 3 | import org.jf.dexlib2.DexFileFactory; 4 | import org.jf.dexlib2.Opcodes; 5 | import org.jf.dexlib2.dexbacked.DexBackedDexFile; 6 | import org.jf.dexlib2.dexbacked.raw.ClassDefItem; 7 | import org.junit.Assert; 8 | import org.junit.Test; 9 | import org.slf4j.Logger; 10 | import org.slf4j.LoggerFactory; 11 | 12 | import java.io.File; 13 | import java.io.IOException; 14 | 15 | public class ClassFinderTest { 16 | private static final Logger logger = LoggerFactory.getLogger(ClassFinder.class); 17 | 18 | @Test 19 | public void simple() throws IOException { 20 | 21 | String file = "/tmp/weico-no-ads/weico.apk"; 22 | String t1 = ClassFinder.javaToDexName("de.greenrobot.event.EventBus"); 23 | String t2 = "Lcom/tencent/android/tpush/stat/a/b;"; 24 | for (int i = 1; true; i++) { 25 | String innerPath = String.format("classes%d.dex", i); 26 | if (i == 1) 27 | innerPath = "classes.dex"; 28 | logger.error("handle {}" , innerPath); 29 | try { 30 | DexBackedDexFile dexFile = DexFileFactory.loadDexEntry(new File(file), innerPath, true, Opcodes.getDefault()); 31 | for (int j = 0; j < dexFile.getClassCount(); j++) { 32 | int classDefOffset = dexFile.getClassDefItemOffset(j); 33 | int classDataOffset = dexFile.readSmallUint(classDefOffset + ClassDefItem.CLASS_DATA_OFFSET); 34 | String type = dexFile.getType(dexFile.readSmallUint(classDefOffset + ClassDefItem.CLASS_OFFSET)); 35 | if (type.equals(t1) || type.equals(t2)) 36 | logger.error("{} {} {} ", type, classDefOffset, classDataOffset); 37 | } 38 | } catch (DexFileFactory.DexFileNotFoundException e) { 39 | logger.info("{} finished because it doesn't have {}", file, innerPath); 40 | break; 41 | } catch (IOException e) { 42 | e.printStackTrace(); 43 | } 44 | } 45 | 46 | 47 | } 48 | } 49 | --------------------------------------------------------------------------------