Dexter

The dexter utility is meant as an alternative to the AOSP's dexdump and dx --dump, both of which are rather basic, and produce copious, but unstructured output. In addition to all their features, it also supports various output modes, specific class, method and field lookup, as well as determining static field values. Experimental versions of this tool also support DEX and OAT file fuzzing, and I expect these features to make mainline in the next couple of weeks (probably by the time the book comes out, which is imminently).

The dexter tool is provided as one of the free downloads provided for the "Android Internals" book (http://newAndroidBook.com/). You are welcome to use it even if you don't buy the book (though naturally you're even more welcome to buy the book :-). Its method of operation and a lot more about Dalvik internals is covered in detail, in Chapter 10. Its latest version, as a tar file with binaries for OS X, Linux x86_64 or Linux/ARMv7, can always be obtained at this page right here

. For updates, you might want to check out the RSS feed.

morpheus@Zephyr (~)$ dexter
Usage: ./dexter [...] _file_
Where: _file_ = DEX or OAT file to open
And [...] can be any combination of:
       -c: Only process this class
       -m: show methods for processed classes (implies -c *)
       -f: show fields for processed classes (implies -c *)
       -p: Only process classes in this package
       -d: Disassemble DEX code sections (like dexdump does)

Or one of:
       -h: Just dump file header
       -M [_index_]: Dump Method at _index_, or dump all methods
       -F [_index_]: Dump Field at _index_, or dump all fields
       -S [_index_]: Dump String at _index_, or dump all strings
       -T [_index_]: Dump Type  at _index_, or dump all types

And you can always use any of these output Modifiers:
       -j: Java style output (default is JNI, but this is much better)
       -v: verbose output
       -color: Color output (can also set JCOLOR=1 environment variable)

Examples

dexter is designed to be fairly easy to use either independently or as a scriptable component. Some examples follow:

In its basic usage, dexter with just a DEX, ODEX, ART or OAT argument will display the classes:

morpheus@Zephyr (~)$ dexter dalvik-cache/data@app@com.skype.raider-1.apk@classes.dex  | more


        Class 0: abstract android.support.v4.accessibilityservice.AccessibilityServiceInfoCompat$AccessibilityServiceInfoVersionImpl            
           File: AccessibilityServiceInfoCompat.java
                5 Virtual Methods
        Class 1: android.support.v4.accessibilityservice.AccessibilityServiceInfoCompat$AccessibilityServiceInfoStubImpl
           implements Landroid/support/v4/accessibilityservice/AccessibilityServiceInfoCompat$AccessibilityServiceInfoVersionImpl;              
	  File: AccessibilityServiceInfoCompat.java
                1 Direct Methods
                5 Virtual Methods
		..

Things get more interesting when you use -m (to display methods), -f (to display fields) and -j (for Java-style output). -v (verbose) is optional, and will print out class, field, method and string indices as Java comments. Since classes.dex normally contains hundreds of classes, a good idea is to use "-c ..." to filter for the class you want.

morpheus@Zephyr (~)$ dexter  -v -j -m -c android.support.v4.content.IntentCompat -f  data@app@com.skype.raider-1.apk@classes.dex
/* 112 */ public class   android.support.v4.content.IntentCompat        {
         /** 8 Static Fields  **/
 /* 360:497 */ public final static  java.lang.String     ACTION_EXTERNAL_APPLICATIONS_AVAILABLE= "android.intent.action.EXTERNAL_APPLICATIONS_AVAILABLE" // (String #17188);
 /* 360:498 */ public final static  java.lang.String     ACTION_EXTERNAL_APPLICATIONS_UNAVAILABLE= "android.intent.action.EXTERNAL_APPLICATIONS_UNAVAILABLE" // (String #17189);
 /* 360:499 */ public final static  java.lang.String     EXTRA_CHANGED_PACKAGE_LIST= "android.intent.extra.changed_package_list" // (String #17212);
 /* 360:500 */ public final static  java.lang.String     EXTRA_CHANGED_UID_LIST= "android.intent.extra.changed_uid_list" // (String #17213);
 /* 360:501 */ public final static  java.lang.String     EXTRA_HTML_TEXT= "android.intent.extra.HTML_TEXT" // (String #17206);
 /* 360:502 */ public final static  int  FLAG_ACTIVITY_CLEAR_TASK = 32768 // 0x8000;
 /* 360:503 */ public final static  int  FLAG_ACTIVITY_TASK_ON_HOME = 16384 // 0x4000;
 /* 360:504 */ private final static  android.support.v4.content.IntentCompat$IntentCompatImpl    IMPL;
         /** 5 Direct Methods  **/
 /* 360:2125 */   static  void  (); // Class Constructor
 /* 360:2126 */   private  void  (); // Constructor
 /* 360:2127 */   public static  android.content.Intent makeMainActivity (android.content.ComponentName);
 /* 360:2128 */   public static  android.content.Intent makeMainSelectorActivity (java.lang.String, java.lang.String);
 /* 360:2129 */   public static  android.content.Intent makeRestartActivityTask (android.content.ComponentName);
        }  // end class android.support.v4.content.IntentCompat

The x:y notation is for the class index and field/method index. As the above shows, dexter will automatically determine static values for Java primitive types, if found in the static values of the class.

-F

-M

-S

morpheus@Zephyr (~)$ dexter -S 17213  data@app@com.skype.raider-1.apk@classes.dex            
android.intent.extra.changed_uid_list

Dexter shares no code with any other sources, open or closed, Android's, Google's or otherwise, save for the DEX structure definitions, which were ported from libdex.h

If you find this useful, pointing your browser to http://NewAndroidBook.com/tools/counter?dexter - if I can ask you to cut/paste this (so bots don't auto-follow and I get a human count :-). would be appreciated. Likewise, feel free to drop me a line if you have any specific requests - or - if you find any bugs..