Android decompilation - smali syntax

Android decompilation - smali syntax

Preface

We have talked about the tools for android decompilation and how to decompile. After decompilation, you can get a jar or smali file. Android is developed in Java, but the Android system has its own virtual machine Dalvik. The code is not compiled in Java, but in Smali. If we decompile the code in jar, many parts may not be correctly explained. If we decompile smali, we can correctly understand the meaning of the program. Therefore, it is necessary for us to be familiar with the smali syntax.

Type Representation

There are two types in Java, primitive types and reference types (including objects), and these two types are also mapped to Smali.

Primitive Types

  1.  V void (can only be used for return value types)
  2.  Z boolean  
  3.  B byte  
  4.  S short  
  5.  C char  
  6.  I int  
  7.  J long  
  8.  F float  
  9.  D Double

Object Type

  1.  Lpackage/ name /ObjectName; equivalent to package.name.ObjectName in Java

L indicates that this is an object type

package/name The package where the object is located

ObjectName object name

; Marks the end of the object name

Array Representation

[I represents a one-dimensional array of int type, equivalent to int[];

To add a dimension, add a [, such as [[I represents int[][]

Each dimension of the array has a maximum of 255;

The representation of object arrays is similar, such as the representation of String arrays is [Ljava/lang/String

Registers and variables

In Java, variables are stored in memory. In order to improve performance, Android stores variables in registers. Registers are 32 bits and can support any type. Long and double are 64 bits and need to be stored in two registers.

Registers are named with v and p

v represents the local register, p represents the parameter register, and the relationship is as follows

If a method has two local variables and three parameters

  1.  v0 first local register
  2.  v1 second local register
  3.  v2 p0 ( this )
  4.  v3 p1 first parameter
  5.  v4 p2 second parameter
  6.  v5 p3 The third parameter

Of course, if it is a static method, there are only 5 registers, and there is no need to store this.

.registers Use this directive to specify the total number of registers in the method

.locals Use this directive to indicate the total number of non-parameter registers in a method, placed on the first line of the method.

Method and field representation

Method signature

  1.  methodName(III)Lpackage/name/ObjectName;

If you have done NDK development, you should be familiar with this kind of signature. This is how a method is identified.

In the above, methodName identifies the method name, III represents three integer parameters, and Lpackage/name/ObjectName; represents the type of the return value.

Method Representation

Lpackage/name/ObjectName;——>methodName(III)Z

That is, function boolean methondName(int a, int b, int c) in package.name.ObjectName is similar to this

Field Representation

  1.  Lpackage/name/ObjectName;——>FieldName:Ljava/lang/String;

That means: package name, field name and field type

Definition of method

For example, the following method

  1.  private   static   int sum( int a, int b) {
  2.  return a+b;
  3.  }

After using the compilation

  1.  .method private   static sum(II)I
  2.  .locals 4 # indicates that 4 local registers need to be applied for
  3.  .parameter
  4.  .parameter #This indicates that there are two parameters
  5.  .prologue
  6.  .line 27  
  7.  move v0, p0
  8.  .local v0, a:I
  9.  move v1, p1
  10.  .local v1, b:I
  11.  move v2, v0
  12.  move v3, v1
  13.  add- int /2addr v2, v3
  14.  move v0, v2
  15.  .end local v0 #a:I
  16.  return v0
  17.  .end method

From the above, we can see that the function declaration starts with .method and ends with .end method. The Java keywords private, static, etc. can be used. At the same time, the signature is used to represent the only method, here is sum(II)I.

Declaring Members

.field private name:Lpackage/name/ObjectName;

For example: private TextView mTextView; means

.field private mTextView:Landroid/widget/TextView;

private int mCount;

.field private mCount:I

Instruction Execution

Smali bytecode is similar to assembly. If you have a basic understanding of assembly, it is very easy to understand.

for example:

move v0, v3 #Move the value of register v3 to register v0.

const v0, 0x1 #Assign the value 0x1 to register v0.

invoke-static {v4, v5}, Lme/isming/myapplication/MainActivity;->sum(II)I #Execute the method sum(), the values ​​of v4 and v5 are used as the parameters of sum respectively.

other

As we can see above, smali is similar to assembly language. For many commands, we can check its manual to find the corresponding commands. When learning, we can write a simple java file and then convert it into a smali file for reference.

Below, I post a relatively simple java file I wrote and its corresponding smali, which contains if judgment and for loop.

java file:

  1.  package me.isming.myapplication;
  2.  import android.support.v7.app.ActionBarActivity;
  3.  import android.os.Bundle;
  4.  import android.view.Menu;
  5.  import android.view.MenuItem;
  6.  import android.widget.TextView;
  7.  public   class MainActivity extends ActionBarActivity {
  8.  private TextView mTextView;
  9.  @Override  
  10.  protected   void onCreate(Bundle savedInstanceState) {
  11.  super .onCreate(savedInstanceState);
  12.  setContentView(R.layout.activity_main);
  13.  mTextView = (TextView) findViewById(R.id.text);
  14.  mTextView.setText( "a+b=" + sum( 1 , 2 ) + "a>b?" + max( 1 , 2 ) + "5 accumulate:" + accumulate( 5 ));
  15.  }
  16.  private   static   int sum( int a, int b) {
  17.  return a+b;
  18.  }
  19.  private   boolean max( int a, int b) {
  20.  if (a > b) {
  21.  return   true ;
  22.  } else {
  23.  return   false ;
  24.  }
  25.  }
  26.  private   int accumulate( int a) {
  27.  if (a <= 0 ) {
  28.  return   0 ;
  29.  }
  30.  int sum = 0 ;
  31.  for ( int i = 0 ; i <= a; i++) {
  32.  sum += a;
  33.  }
  34.  return sum;
  35.  }
  36.  }

Corresponding smali:

  1.  . class   public Lme/isming/myapplication/MainActivity;
  2.  . super Landroid/support/v7/app/ActionBarActivity;
  3.  .source "MainActivity.java"  
  4.  # instance fields
  5.  .field private mTextView:Landroid/widget/TextView;
  6.  # direct methods
  7.  .method public constructor <init>()V
  8.  .locals 2  
  9.  .prologue
  10.  .line 10  
  11.  move-object v0, p0
  12.  .local v0, this :Lme/isming/myapplication/MainActivity;
  13.  move-object v1, v0
  14.  invoke-direct {v1}, Landroid/support/v7/app/ActionBarActivity;-><init>()V
  15.  return - void  
  16.  .end method
  17.  .method private accumulate(I)I
  18.  .locals 6  
  19.  .parameter
  20.  .prologue
  21.  .line 39  
  22.  move-object v0, p0
  23.  .local v0, this :Lme/isming/myapplication/MainActivity;
  24.  move v1, p1
  25.  .local v1, a:I
  26.  move v4, v1
  27.  if -gtz v4, :cond_0
  28.  .line 40  
  29.  const / 4 v4, 0x0  
  30.  move v0, v4
  31.  .line 46  
  32.  .end local v0 # this :Lme/isming/myapplication/MainActivity;
  33.  :goto_0
  34.  return v0
  35.  .line 42  
  36.  .restart local v0 # this :Lme/isming/myapplication/MainActivity;
  37.  :cond_0
  38.  const / 4 v4, 0x0  
  39.  move v2, v4
  40.  .line 43  
  41.  .local v2, sum:I
  42.  const / 4 v4, 0x0  
  43.  move v3, v4
  44.  .local v3, i:I
  45.  :goto_1
  46.  move v4, v3
  47.  move v5, v1
  48.  if -gt v4, v5, :cond_1
  49.  .line 44  
  50.  move v4, v2
  51.  move v5, v1
  52.  add- int /2addr v4, v5
  53.  move v2, v4
  54.  .line 43  
  55.  add- int /lit8 v3, v3, 0x1  
  56.  goto :goto_1
  57.  .line 46  
  58.  :cond_1
  59.  move v4, v2
  60.  move v0, v4
  61.  goto :goto_0
  62.  .end method
  63.  .method private max(II)Z
  64.  .locals 5  
  65.  .parameter
  66.  .parameter
  67.  .prologue
  68.  .line 31  
  69.  move-object v0, p0
  70.  .local v0, this :Lme/isming/myapplication/MainActivity;
  71.  move v1, p1
  72.  .local v1, a:I
  73.  move v2, p2
  74.  .local v2, b:I
  75.  move v3, v1
  76.  move v4, v2
  77.  if -le v3, v4, :cond_0
  78.  .line 32  
  79.  const / 4 v3, 0x1  
  80.  move v0, v3
  81.  .line 34  
  82.  .end local v0 # this :Lme/isming/myapplication/MainActivity;
  83.  :goto_0
  84.  return v0
  85.  .restart local v0 # this :Lme/isming/myapplication/MainActivity;
  86.  :cond_0
  87.  const / 4 v3, 0x0  
  88.  move v0, v3
  89.  goto :goto_0
  90.  .end method
  91.  .method private   static sum(II)I
  92.  .locals 4  
  93.  .parameter
  94.  .parameter
  95.  .prologue
  96.  .line 27  
  97.  move v0, p0
  98.  .local v0, a:I
  99.  move v1, p1
  100.  .local v1, b:I
  101.  move v2, v0
  102.  move v3, v1
  103.  add- int /2addr v2, v3
  104.  move v0, v2
  105.  .end local v0 #a:I
  106.  return v0
  107.  .end method
  108.  # virtual methods
  109.  .method protected onCreate(Landroid/os/Bundle;)V
  110.  .locals 8  
  111.  .parameter
  112.  .prologue
  113.  .line 16  
  114.  move-object v0, p0
  115.  .local v0, this :Lme/isming/myapplication/MainActivity;
  116.  move-object v1, p1
  117.  .local v1, savedInstanceState:Landroid/os/Bundle;
  118.  move-object v2, v0
  119.  move-object v3, v1
  120.  invoke- super {v2, v3}, Landroid/support/v7/app/ActionBarActivity;->onCreate(Landroid/os/Bundle;)V
  121.  .line 17  
  122.  move-object v2, v0
  123.  const v3, 0x7f030017  
  124.  invoke-virtual {v2, v3}, Lme/isming/myapplication/MainActivity;->setContentView(I)V
  125.  .line 19  
  126.  move-object v2, v0
  127.  move-object v3, v0
  128.  const v4, 0x7f08003f  
  129.  invoke-virtual {v3, v4}, Lme/isming/myapplication/MainActivity;->findViewById(I)Landroid/view/View;
  130.  move-result-object v3
  131.  check-cast v3, Landroid/widget/TextView;
  132.  iput-object v3, v2, Lme/isming/myapplication/MainActivity;->mTextView:Landroid/widget/TextView;
  133.  .line 21  
  134.  move-object v2, v0
  135.  iget-object v2, v2, Lme/isming/myapplication/MainActivity;->mTextView:Landroid/widget/TextView;
  136.  new -instance v3, Ljava/lang/StringBuilder;
  137.  move-object v7, v3
  138.  move-object v3, v7
  139.  move-object v4, v7
  140.  invoke-direct {v4}, Ljava/lang/StringBuilder;-><init>()V
  141.  const -string v4, "a+b="  
  142.  invoke-virtual {v3, v4}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
  143.  move-result-object v3
  144.  const / 4 v4, 0x1  
  145.  const / 4 v5, 0x2  
  146.  invoke- static {v4, v5}, Lme/isming/myapplication/MainActivity;->sum(II)I
  147.  move-result v4
  148.  invoke-virtual {v3, v4}, Ljava/lang/StringBuilder;->append(I)Ljava/lang/StringBuilder;
  149.  move-result-object v3
  150.  const -string v4, "a>b?"  
  151.  invoke-virtual {v3, v4}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
  152.  move-result-object v3
  153.  move-object v4, v0
  154.  const / 4 v5, 0x1  
  155.  const / 4 v6, 0x2  
  156.  invoke-direct {v4, v5, v6}, Lme/isming/myapplication/MainActivity;->max(II)Z
  157.  move-result v4
  158.  invoke-virtual {v3, v4}, Ljava/lang/StringBuilder;->append(Z)Ljava/lang/StringBuilder;
  159.  move-result-object v3
  160.  const -string v4, "5 accumulate:"  
  161.  invoke-virtual {v3, v4}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
  162.  move-result-object v3
  163.  move-object v4, v0
  164.  const / 4 v5, 0x5  
  165.  invoke-direct {v4, v5}, Lme/isming/myapplication/MainActivity;->accumulate(I)I
  166.  move-result v4
  167.  invoke-virtual {v3, v4}, Ljava/lang/StringBuilder;->append(I)Ljava/lang/StringBuilder;
  168.  move-result-object v3
  169.  invoke-virtual {v3}, Ljava/lang/StringBuilder;->toString()Ljava/lang/String;
  170.  move-result-object v3
  171.  invoke-virtual {v2, v3}, Landroid/widget/TextView;->setText(Ljava/lang/CharSequence;)V
  172.  .line 23  
  173.  return - void  
  174.  .end method

References

Finally, some references:

http://pallergabor.uw.hu/androidblog/dalvik_opcodes.html

https://code.google.com/p/smali/w/list

http://www.miui.com/thread-409543-1-1.html

Original URL: http://blog.isming.me/2015/01/14/android-decompile-smali/

<<:  Everything about Bitcoin in 2014 is in this report

>>:  Google won't fix vulnerability affecting 60% of Android phones

Recommend

During a total solar eclipse, while others were watching "the dog eating the sun", he was watching the chromosphere

Editor’s Note: If you had the opportunity to watc...

The latest lockdown policy in Shanghai in 2022: What are the differences between lockdown areas, control areas, and prevention areas? When will the blockade be lifted?

Since March, Shanghai has reported more than 73,0...

From 0 to 100,000+, a practical review of the entire process of B2B community operation

For B-side customer acquisition, the WeChat ecosy...

Tips for creating Facebook homepage promotion ads!

Although Facebook ads look very tempting, the mon...

Baidu bidding promotion SEM data analysis and account optimization, how to optimize the bidding account?

1. Data Acquisition Baidu account post-merge data...

Contemporary young people grow up and start wearing long johns

In the past, there was a kind of cold called &quo...

In order to control salinization, they actually raise shrimps on the Loess Plateau?

Salinization refers to the process of accumulatio...

Xiaoyu Yilian announced the completion of 125 million B round of financing

On the morning of March 22, Xiaoyu Yilian held a ...

Microsoft GitHub releases Android Beta version with support for dark mode

According to foreign media reports, GitHub offici...

How to create exclusive brand day operation activities?

How to design a good operation plan ? It is essen...

How to shoot alcohol brand advertisements?

Recently, Budweiser beer became a hot topic becau...

How to write the Double 12 event plan? This universal solution is for you!

It feels like everyone is busy and exhausted from...

New Media Operations: Thoughts on the cancellation of Mi Meng’s multiple accounts!

Today, the guillotine fell, and many new media ac...

A complete set of APP message push mechanism!

How does the app implement a push mechanism? Whic...

The traffic pool of post-90s generation is getting bigger and bigger. How can advertisers seize the traffic trend?

Recently, Dior announced its brand ambassador for...