-1

I have a sequence of bytes extracted from dex file, and I want to decompile it using androguard or any other python package

My sequence looks like:

b'\x17\x8a\\\x05{\x00p\x00\x00\x00xV4\x12\x00\x00\x00\x00\x00\x00\x00\x00\x80\x04'
Lukas
  • 403
  • 5
  • 11

1 Answers1

0

It's impossible to decompile or disassemble a random set of bytes from a dex file with no other context or info about the dex file.

For one thing, the tool wouldn't know what part of the dex file the bytes are from. Dex files have a number of different data structures in them, and without knowing what part of which data structure the bytes are from, a tool wouldn't know how to interpret it.

Additionally, the information about a given class or even method is spread out in multiple places in a dex file. As a basic example, let's look at the encoding of a const-string instruction. Taking a look at the same example I posted in my answer to your first question:

0001d8: 1a01 0000          |    const-string v1, "Hello World!"

In this case, 1a is the opcode for "const-string", 01 is the register to store the value in (e.g. v1), and 00 00 is, unsurprisingly, the little-endian encoding for the integer value 0, which is interpreted as an index into the global string pool for the dex file. If the tool doesn't have access to that global string pool, it has no way of knowing what string index 0 refers to.

JesusFreke
  • 19,784
  • 5
  • 65
  • 68
  • The tool can have access (and decompile) the dex file, but I need just the interpretation of some specific sequences of bytes. Your answer was helpful, but since my program is in python, I have found that androguard can also decompile the dex file, but could'nt find in the doc what can solve my problem – Lukas Jul 23 '20 at 06:41
  • I would recommend using baksmali's dump functionality for that, as mentioned in my answer to your other question. You can use, e.g. python's subprocess module to execute a baksmali command and grab its output, and then look for the relevant byte ranges in the output. – JesusFreke Jul 23 '20 at 07:20
  • Great! How about the offset? I can use it to find the position of the sequence of bytes in the output of backsmali right? – Lukas Jul 23 '20 at 13:50
  • If so, is it always 6 bits length? (I have a lot of dex files and need to know the proper way to iterate over all of them) – Lukas Jul 23 '20 at 14:47
  • Just read from the start of the line to the colon? :) – JesusFreke Jul 23 '20 at 17:31
  • I will parse the output of backsmali, just wanted to make sure I am not missing any thing ;) – Lukas Jul 23 '20 at 18:10