dex2jar

dex2jar is a suite of tools designed to work with Android .dex and Java .class files. It includes components like dex-reader for parsing Dalvik Executable formats, dex-translator for converting dex to ASM-compatible .class format via dex-ir intermediate representation, and dex-tools for handling .class files. The primary use case is reverse engineering Android applications by converting obfuscated dex bytecode to readable Java JARs, enabling static analysis with tools like JD-GUI or IDA Pro.

Key utilities include d2j-dex2jar for dex-to-jar conversion, d2j-jar-remap and d2j-init-deobf for deobfuscation by renaming packages, classes, methods, and fields based on config files. Additional tools support APK signing (d2j-apk-sign), smali disassembly/assembly (d2j-baksmali, d2j-smali), string decryption (d2j-decrypt-string), and JAR-to-dex conversion (d2j-jar2dex). These are essential for malware analysis, vulnerability research, and understanding obfuscated Android apps.

The package supports workflows like dumping dex to JAR, cleaning up obfuscated names, verifying class integrity (d2j-asm-verify), and weaving modifications into dex or JAR files. It requires default-jre and is commonly used in cybersecurity for dissecting Android binaries extracted from APKs.

dex2jar's core dex-translator reads .dex/.odex instructions, converts them to dex-ir (an intermediate representation optimized for analysis), then translates to ASM format for .class output in JARs. dex-reader provides a lightweight API akin to ASM for parsing Dalvik bytecode. Deobfuscation tools like d2j-jar-remap apply renaming rules from config files to packages/classes/methods/fields. Smali tools disassemble dex to editable .smali text and reassemble to dex. Other components handle CRC/SHA1 recomputation, invoke replacement via weaving, access modifier changes, and static analysis for decrypting strings using method signatures and parameter types.