Android App Analysis¶
JEB is a well-known industry tool used to reverse-engineer and audit Android applications.
Using JEB, you can:
- Analyze APK files and their contents, including DEX files, Certificates, Resources, Assets, Native Library code, etc.
- Examine encoded resource files and manifests: JEB ships with its own resource decoder, with support for obfuscated resource names and locations.
- Examine certificates data (legacy, v2, and v3)
- Decompile DEX bytecode, with full-support for multi-DEX reconstruction.
- Analyze native library (.so) code: more on the Native code analysis section
- Debug Android applications (Dalvik and Native - x86, arm, mips - code) and transition seamlessly from Dalvik to Native, and vice-versa.
- API support for client scripts in Python, back-end plugins in Java, and client contributions (UI overlays).
Please head over to our Blog to learn more about specific features of our Android modules.
Java Types Naming Conventions¶
Java/Dalvik types and their various representations, and the one used by JEB: Reference Doc.
Using additional frameworks¶
When analyzing applications using resources located in other frameworks that the Android Framework (e.g. the Samsung framework), follow those steps:
- retrieve the framework archive, which is normally stored on the device; let's call it framework.zip
aapt2 dump framework.zipand retrieve the first line, which will be something like Package name=xxxxxxx id=N. Note the id, N
- navigate to the folder listed in your
.parsers.apk.FrameworksDirectoryengines property. Typically, it will be the
- copy framework.zip into this folder, and rename it to N.zip
- JEB should now be able to pick up that framework and use its resources when needed
Note: 1.zip in the FrameworksDirectory folder is the Android Framework itself, which has id 1
Random / FAQ¶
How to always display synthetic fields and methods in decompiled views?¶
In the vast majority of the cases, synthetic accessors used by inner classes need not be displayed as they are re-optimized into direct, seamless outer class field access or method invocation.
However, if you wish to display them: In a decompiled view, right-click, "Rendering Options" and tick the boxes "Generate synthetic fields" and "Generate synthetic methods". You may also change this setting once and for all in the Engines option (Edit, Options, Engines).