Getting Started

This document is a usage manual for JEB version 2. Last revision: October 25, 2017. The latest version of this manual can be found online on the PNF Software web site.

JEB is a reverse-engineering platform to perform disassembly, decompilation, debugging, and analysis of code and document files, manually or as part of an analysis pipeline.

Note to JEB 1.x users: JEB2 also ships with modules to analyze Android applications. Generally, JEB2 can be seen as a superset of JEB1.

Installation

Software Package

The software package is distributed as a zip archive, custom-generated for each registered user. It contains the back-end components as well as the reference front-end implementation for desktop platforms, referred to as the "RCP client". This manual focuses mostly on using JEB through the RCP client.

The RCP client client runs on Windows, Linux, and macOS (formerly OS X) operating systems, 32-bit and 64-bit versions.

Requirements

Java

JEB requires a Java Runtime Environment (JRE) or Java Development Kit (JDK) version 8. (Note that jeb.jar works with older JRE 7, or newer JRE 9; however, the UI desktop client requires a JRE 8.)

UI Support Package

The RCP client requires a support package. The support package contains common graphical framework components based on the Eclipse Rich Client Platform framework.

Setup

Make sure you have a JRE or JDK installed.

64-bit or 32-bit: if you are running on a 64-bit system, we recommend you install and use a 64-bit Java environment. A common source of problems are 64-bit systems having a 32-bit JRE accessible from the PATH. You may have different versions of Java installed, but always make sure that the PATH refers to one that matches your system specifications.

Then, unpack your JEB zip archive into the folder of your choice. Make sure that the folder and its contents are recursively user-writeable.

Optional step: If you are running JEB within a limited connectivity environment, you must download a support package manually:

Startup

Next, execute the startup script appropriate for your environment:

If a support package was not found in the bin/ folder, an appropriate one will be downloaded automatically. If your system is not connected to the Internet, you must download one manually! Please read the section above before proceeding.

The startup script will then locate and decrypt the JEB binary file. It may prompt the user and ask for the decryption password, which can be found within your software delivery note, such as update emails received from PNF Software. Enter the password to allow the startup script to finish the installation process. JEB will start and the software logo should pop up:

Registration

Upon first run of a JEB, or the controller part of floating build, the user is required to generate a license key:

The possibility to generate a key is conditioned by the number of licenses attached to a given build. The key will be stored in the bin/jeb-client.cfg file, under the .LicenseKey key entry. A key is specific to the user-account and machine configuration on which JEB is running! Do not attempt to reuse a key on another system.

Note: If you need to deprecate an older key (eg, because of a machine replacement, user departure, or else), email support. We handle those queries as quickly as we can, generally within minutes of processing your email.

First use

Congratulation! JEB is now running.

Workspace

You should be greeted by an empty workspace, using the default 3-part layout:

Starting an Analysis

Let's open our first file in JEB. Go ahead and download Raasta.apk, a sample (clean) Android application that will serve as our testing ground for the next couple of chapters.

Open it via the File menu. A new project will be created with a single artifact, Raasta.apk.

The application is processed by various Android analysis plugins:

Note: JEB performs recursive analysis on input artifacts and units, using the loaded parser plugins.

The project explorer tree should display a Bytecode node, representing the DEX unit (more on the concept of units later). The DEX views should be opened automatically by the RCP client, as they are detected as the principal views of an APK artifact.

Your workspace should look like:

The workspace can be customized by the user:

Terminology

The Project Explorer contains three types of nodes:

In the next section, we will show what actions can be performed to make the analysis of code interactive.