Getting Started

This document is a usage manual for JEB3.

The latest version of this manual can be found online on the PNF Software web site.

JEB is a reverse-engineering platform to perform disassembly, decompilation, debugging, and analysis of code and document files, manually or as part of an analysis pipeline.

Installation

Software Package

The software package is distributed as a zip archive, custom-generated for each registered user. It contains the back-end components as well as the reference front-end implementation for desktop platforms, referred to as the "UI client". This manual focuses mostly on using JEB through the UI client.

The UI client client runs on Windows 64-bit, Linux/GTK 64-bit, and macOS 64-bit.

Requirements

Java

JEB requires a Java Runtime Environment (JRE) or Java Development Kit (JDK) version 8 or above (8.191+).

Setup

Make sure you have a JRE or JDK installed.

64-bit OS with 32-bit JRE: A common source of problems are 64-bit systems having a 32-bit JRE accessible from the PATH. You may have different versions of Java installed, but always make sure that your PATH or JAVA_HOME refers to one that matches your system specifications.

Startup

Next, execute the startup script appropriate for your environment:

The startup script will locate and decrypt the JEB binary file. It may prompt the user and ask for the decryption password, which can be found within your software delivery email received from PNF Software. Enter the password to allow the startup script to finish the installation process.

JEB will start.

Registration

If it is the first time you are running a non-floating JEB client, you will be asked accept the end-user license agreement, and generate a license key:

If your machine is connected to the Internet, the license key can be automatically generated by clicking "Generate a Key". If need be, you may also configure your Proxy settings.

If your machine is not connected to the Internet, you will need to generate a manual key. Click "Manual Key Generation" and follow the instruction. You will be asked to visit the key generation portal on a separate machine (connected to the Internet), and provide your license data.

The license key will be stored in the bin/jeb-client.cfg file, under the .LicenseKey key entry. A key is specific to the user-account and machine configuration on which JEB is running. Do not attempt to reuse a key on another system.

Note: If you need to deprecate an older key (eg, because of a machine replacement, user departure, or else), email Licensing.

First use

Congratulation! JEB is now running.

Workspace

You should be greeted by an empty workspace, using a default three-part layout:

Starting an Analysis

Let's open our first file in JEB. Go ahead and download Raasta.apk, a sample (clean) Android application that will serve as our testing ground for the next couple of chapters.

Open it via the File menu. A new project will be created with a single artifact, Raasta.apk.

The application is processed by various Android analysis plugins:

Note: JEB performs recursive analysis on input artifacts and units, using the loaded parser plugins.

The project explorer tree should display a Bytecode node, representing the DEX unit (more on the concept of units later). The DEX views should be opened automatically by the UI client, as they are detected as the principal views of an APK artifact.

Your workspace should look like:

The workspace can be customized by the user:

Terminology

The Project Explorer contains three types of nodes:

In the next section, we will show what actions can be performed to make the analysis of code interactive.