Pablo Guides

# Course #109: dex2jar for Pentesting

## Section 1: Introduction to dex2jar

### Overview

In the realm of cybersecurity, particularly in pentesting, understanding how to analyze mobile applications is crucial. Many mobile apps are developed for the Android platform, and these apps are packaged in APK (Android Package) files. Within these APKs lie DEX (Dalvik Executable) files that contain the compiled code. To analyze this code for security vulnerabilities, malware detection, or reverse engineering, we often need to convert these DEX files into a more readable format, like Java bytecode. This is where `dex2jar` comes into play.

`dex2jar` is a popular tool that enables pentesters and security professionals to convert DEX files into JAR (Java Archive) files, which can then be analyzed using Java decompilers such as JD-GUI or JADX. In this section, we will cover the installation, configuration, and practical usage of `dex2jar`, along with real-world use cases and detailed explanations.

## Installation and Configuration on Kali Linux

### Prerequisites

Before we proceed, ensure that you have the following prerequisites installed on your Kali Linux system:

1. **Java Development Kit (JDK)**: `dex2jar` relies on Java for its functionality. Make sure you have the JDK installed.

Install the JDK using the following command:

   sudo apt update

   sudo apt install default-jdk

 

2. **wget**: This is typically pre-installed on Kali, but you can check by running `wget –version`.

3. **Git**: If you plan to clone the `dex2jar` repository, ensure you have Git installed:

   sudo apt install git

 

### Installation Steps

1. **Download dex2jar**: The first step is to download the latest version of `dex2jar`. You can do this using `wget` or by visiting the official GitHub repository.

Using `wget`:

   wget https://github.com/chenjunming/dex2jar/releases/download/v2.1-20190927-0945/dex2jar-2.1-20190927-0945.zip

 

Alternatively, clone the repository:

   git clone https://github.com/pxb1988/dex2jar.git

 

Navigate into the directory:

   cd dex2jar

 

2. **Extract the ZIP file**: If you downloaded the ZIP file, extract it using:

   unzip dex2jar-2.1-20190927-0945.zip

 

3. **Set Environment Variables**: For ease of use, you can add `dex2jar` to your PATH. Open your `.bashrc` file:

   nano ~/.bashrc

 

Add the following line at the end (adjust the path as necessary):

   export PATH="$PATH:/path/to/dex2jar/dex2jar-2.1-20190927-0945"

 

Save and close the file, then apply the changes:

   source ~/.bashrc

 

4. **Verify Installation**: To ensure `dex2jar` is installed correctly, run:

   d2j-dex2jar.sh -h

 

You should see the help menu for the tool, confirming it's ready for use.

### Configuration

No specific configuration is required for `dex2jar`, but ensure that your system meets the Java requirement, as stated earlier. You may also want to configure additional tools for analysis, such as:

– **JD-GUI**: A standalone graphical utility that displays Java source codes of `.class` files. Download it from the [JD-GUI website](http://java-decompiler.github.io/).

– **JADX**: An open-source decompiler that can convert DEX files into Java code. It can be installed from the [JADX GitHub](https://github.com/skylot/jadx).

## Step-by-Step Usage and Real-World Use Cases

### Step 1: Converting DEX to JAR

Once installed, using `dex2jar` is straightforward. The basic command format for converting a DEX file to a JAR file is:

"`bash
d2j-dex2jar.sh /path/to/file.apk
"`

#### Example Usage:

Assume we have an APK file named `example.apk` located in the current directory. To convert it, run:

"`bash
d2j-dex2jar.sh example.apk
"`

Once the command executes, you will see an output similar to:

"`
dex2jar v2.1-20190927-0945 (C) 2019 Chen Junming
…
[INFO] d2j-dex2jar.sh finished
"`

A new JAR file will be created in the directory named `example-dex2jar.jar`.

### Step 2: Analyzing the JAR File

With the JAR file created, you can now analyze it using your preferred decompiler. For instance, to analyze with JD-GUI, execute:

"`bash
jd-gui example-dex2jar.jar
"`

You can also use JADX as follows:

"`bash
jadx-gui example-dex2jar.jar
"`

Both tools will allow you to view the Java source code and explore the structure of the app.

### Real-World Use Cases

1. **Malware Analysis**: `dex2jar` is widely used in malware analysis. Security researchers often convert malicious APKs to JAR files to understand their behavior, payloads, and potential vulnerabilities.

2. **Vulnerability Assessments**: Pentesters may utilize `dex2jar` to analyze Android applications for security loopholes, such as hardcoded credentials, insecure data storage, and excessive permissions.

3. **Reverse Engineering**: Developers and security professionals often reverse engineer APKs to understand the logic of the application, especially in cases of unauthorized use or licensing violations.

### Detailed Technical Explanations

#### The Importance of DEX and JAR Files

– **DEX files**: DEX files are optimized for the Android runtime and contain bytecode that runs on the Dalvik Virtual Machine (DVM).

– **JAR files**: JAR files are packages that aggregate multiple files into one, typically containing Java class files and associated metadata. Converting DEX to JAR makes it easier to read and analyze Android applications using existing Java tools.

#### Internals of dex2jar

`dex2jar` utilizes a combination of open-source libraries to parse DEX files and convert them into a format compatible with Java. Among these libraries, you might encounter:

– **smali/baksmali**: These tools are used for assembly and disassembly of DEX files, providing a low-level view.
– **javaparser**: This library is used to generate Java code from the converted DEX structure.

### External Reference Links

– [dex2jar GitHub Repository](https://github.com/pxb1988/dex2jar)
– [JD-GUI Official Page](http://java-decompiler.github.io/)
– [JADX GitHub Repository](https://github.com/skylot/jadx)
– [Android Developers Documentation](https://developer.android.com/reference)

## Conclusion

In this section, we covered the essential aspects of installing, configuring, and using `dex2jar` in Kali Linux. By following the outlined steps, you now have the tools necessary to convert and analyze Android applications effectively. In subsequent sections, we will dive deeper into advanced usage scenarios and further explore the intersection of dex2jar with other pentesting tools and methodologies.

—

Made by pablo rotem / פבלו רותם