D2j-dex2jar Windows

[Rosetta Ockman]

Ihad the same problem and I have solved it, the file which you download from the GitHub isn't actually compiled so you would have to compile it first, rather than compiling, download this zip file from -2.0.zip/download and do the exact same process told(in the answer you are referring in your question) and you will get a jar file as your output. This file has already compiled all the resources for you so you wouldn't have to do this work manually!

I solved it by first downloading dex2jar-0.0.9.1 jar file and not the latest one. Then i used the following commandd2j-dex2jar.bat classes.dex and make sure that you open the command window in the dex2jar-0.0.9.15 directory. A shortcut to open the cmd there is to open the directory and then press shift and right click anywhere inside the directory window. Then go to open command window here.

Dex2Jar is a freely available tool to work with Android ".dex" and Java ".class" files. As you may aware that ".dex" files are compiled Android application code file. Android programs are compiled into ".dex" (Dalvik Executable) files, which are in turn zipped into a single ".apk" file on the device. The ".dex" files can be created automatically by Android, by translating the compiled applications written in the Java programming language.

The core feature of Dex2Jar is to convert the classes.dex file of an APK to classes.jar or vice versa. So, it is possible to view the source code of an Android application using any Java decompiler, and it is completely readable. Here, we get .class files and not the actual Java source code that was written by the application developer.

JD-GUI is a standalone graphical utility that displays Java source codes of ".class" files. You can browse the reconstructed source code with the JD-GUI for instant access to methods and fields. (From the official website)

Smali/Baksmali is an assembler/disassembler for the dex format used by Dalvik, Android's Java VM implementation. The syntax is loosely based on Jasmin's/dedexer's syntax and supports the full functionality of the dex format (annotations, debug info, line info, etc.) (From the official website).

You can download the latest version of Dex2Jar from here. The installation process is quite straightforward; you just must unzip the package in a folder of your choice and then add Environment Variables System "PATH." That is it; you are ready to start using dex2jar!

You can download the JD-GUI from the official website. Download the respective flavor available (for Unix, Mac and Windows systems). For Windows system you can download the executable or JAR of JD-GUI, we would be using JAR file for this exercise.

I am using the latest version available for JD-GUI, i.e., jd-gui-1.4.0.jar. Once you download the JAR file, simply double-click on the JAR file or enter the command (java -jar jd-gui-1.4.0.jar) in command prompt in windows directory where you have saved the JD-GUI.jar

You can download the latest versions of the Smali and Baksmali form the official website. These files come in JAR format; I am using the latest available versions, i.e., smali-2.2.2.jar and baksmali-2.2.2.jar. You can download these files and keep in windows directory of your choice. To invoke these JAR files, we need to enter the below commands:

We can extract the executable code of the Android application in JAR format. We can simply give the ".apk" file to Dex2Jar or extract the ".apk" file and give classes.dex to Dex2Jar with one of the below commands.

It is very easy to read and navigate through the code with Java decompiler JD-GUI. Pen testers can use this utility to understand APK code, identify security and business logic flows in the APK code. JD-GUI has a search feature that can be utilized to search the keywords (passwords, keys, etc.) in the source code, note that this search is case-sensitive. Illustration below

Jar2dex has created the classes.dex file that can be used to build the APK file. This relatively simple to use the tool, we can extract or put back a lot of information from and to an APK file, but currently, it does not have support for XML resources which are an important file of APK.

So, as we know that it is possible to get ".smali" files directly from the classes.dex file with the help of Baksmali. We already have the classes.dex file that we have extracted from the diva-beta.apk file, we would disassemble this ".dex" file into ".smali" code with below command.

We can see the ".smali" files; we can view and edit this ".smali" code with any simple editor such as (Notepad++), illustrated above. That means you can change the source code of an application directly working with this format, start your tinkering and make the necessary modifications to the Smali code, once finished we can assemble ".smali" code into classes.dex with the help of smali.jar.

Here, we can see that out.dex file has been created with ".smali" resources under out folder. You can rename the dex file to something like classes.dex and put back into APK zip and reuse.

So, we understand that there are many reasons we should take into consideration these reverse engineering tools. We may leverage these tools to look at specific business logic and security implementations in the Android application code such as API keys, authentication tokens or unused resources, etc. to identify the security flaws and suggest improvements.

Suresh Khutale is an information Security professional with over 6 years of experience in the field, currently working as Senior Consultant with Aujas Networks. He is a Certified Ethical Hacker and Certified Computer Hacking Forensic Investigator at EC-Council, specializing in application penetration testing (web/mobile), secure architecture review, network security and risk assessment. Interests include threat hunting/malware analysis and technical writing. Reach him at suresh....@gmail.com and LinkedIn at

Appie is a software package that has been pre-configured to function as an Android Pentesting Environment on any windows based machine without the need of a Virtual Machine(VM) or dualboot.

It is completely portable and can be carried on USB stick or your smartphone. It is one of its kind Android Security Analysis Tool and is a one stop answer for all the tools needed in Android Application Security Assessment, Android Forensics, Android Malware Analysis.

Your feedback is really important to me, without feedback of community Appie would have not existed. If you have any suggestion for tool, feature, or something which would make Appie more awesome, then please fill out the form below.

After pulling the APK there are a few different methods to decompile it to get the Java classes files and start working on them & you need a few tools Installed for it. These are available for both MacOS & windows.

After setting these up just simply put the Targeted android App APK file in a separate Directory, Then rename its extension to .zip from .apk, Then extract the zip file in the same directory you will find some files such as, xml docs, path files, resources like templates etc in the folder look for a classes.dex file, there can be one or more than one classes.dex files in the directory.

Digging further into it revealed that they are using a 2 Way & Bulk SMS Platform for Enterprises & Marketing so i used the disclosed SMS creds on the platform and got neat clean access to the SMS gateway.

Any Android app is made up with combination of bunch of resources,configuration files which constitutes one application just like any windows application or any platform which takes the name based on the platform for which its developed like in Android case its .apk file and for windows its .exe file as we know.

Ravi Yadav is an Android developer whose passion is to develop Android applications and sharing his work. He loves to post the tutorials which he created while learning any new latest technology topic.He loves to share about the latest technology happenings and other tricks that will be helpful for readers of Askfortricks.

For this blog I will be using Windows 8, Android Studio, and IntelliJ IDEA. The device I am using is a stock Nexus 4 running Android 4.4.4. I recommend that all the tools are added to your path environment variable so they can be easily accessed.

The first thing we need to do is make sure our Android device has USB debugging enabled. This is so we can communicate to it using the Android SDK tools. To do this we need to enable the Developer options. If you are running a stock Android device then this can be done by navigating to Settings > About Phone and tapping on the Build Number multiple times. Eventually it should say that the Developer options have been enabled.

If your device does not come up, the most likely reason is because the correct driver has not been installed (on Windows). Depending on the manufacturer, this can be obtained from the Android SDK or the manufacturer website.

The first way is to open the Android Device Monitor in the Android SDK under the tools directory. On Windows it will be called monitor.bat. When we open the Android Device Monitor, we can see our device listed in the Devices section.

The second way we can check for debuggability is by looking at the AndroidManifest.xml file from the APK of the application. An APK is essentially a zip file of all the information our application needs to run on an Android device.

If you do not have the APK for your application, then we have to pull it off of the Android device. Whenever an application is downloaded from the Google Play Store, it downloads the APK of the application and stores it on the device. The location of all the downloaded APK files are usually stored in /data/app on the device. If your device is not rooted, then you will not be able to list the files in the directory. However, if you know the name of the APK, then it can be pulled down using the adb tool. To find the name of the APK we want to pull down, open a shell and type:

3a8082e126