Tool for deobfuscating memory dump files
Java
Switch branches/tags
Nothing to show
Clone or download
erikandre Merge pull request #11 from mwdevine/array-fix
Fix deobfuscation of array types
Latest commit 5e5408e Jan 10, 2017

README.md

Badoo HPROF Tools

Badoo HPROF Tools are a collection of libraries and tools with the goal of making memory dumps more than just a tool for analyzing OutOfMemoryErrors.

Modules

  • hprof-viewer: Java application for visualizing and analyzing HPROF files.
  • Android example: contains an sample application showing how to use the cruncher library in an Android app
  • bmd-lib: Library for reading and writing BMD files
  • cruncher: Library (and Java application) for converting HPROF files to BMD format
  • decruncher: Library (and Java application) for converting BMD files to HPROF format
  • deobfuscator: Java application for deobfuscating ProGuard/DexGuard obfuscated HPROF files
  • hprof-lib: Library for reading and writing HPROF files
  • hprof-validator: Simple Java application that reads in a HPROF files and checks that it contains valid data

JavaDoc describing the APIs provided by the modules can be generated using the following gradle task:

./gradlew javaDoc

The generated documentation will be located under /build/docs.

hprof-viewer

Hprof-viewer is a Java application for visualizing and analyzing HPROF files. It contains features that are specifically targeting certain data included in HPROF files created on Android devices (such as recreating View hierarchies, activity Intent parameters, loocation data and more)

Building

HprofCruncher is built by executing the following command from the command line, with the root of the git as your current directory.

./gradlew hprof-viewer:jarWithDependencies

If the build is successful you will find the output jar file in the following location:

./hprof-viewer/build/libs/hprof-viewer-all-1.0.jar

Usage

After building the application jar-file you can execute it with the following command:

java -jar ./hprof-viewer/build/libs/hprof-viewer-all-1.0.jar \

HPROF Deobfuscator

Hprof-deobfuscator is a tool for deobfuscating HPROF memory dump files that are created from builds obfuscated with either ProGuard or DexGuard.

Before and after
Before and after running hprof-deobfuscator

Building

The application can be built by executing the following Gradle command in the root of the git:

./gradlew deobfuscator:jarWithDependencies

This will create a jar file containing the application and its external dependencies in the following location:

./deobfuscator/build/libs/deobfuscator-all-1.0.jar

Usage

After building the application you can execute it with the following command:

java -jar ./deobfuscator/build/libs/deobfuscator-all-1.0.jar \ \ \

HprofCruncher

HprofCruncher is a tool that converts HPROF memory dump files to the much more compact BMD file format. A size reduction of up to 97% can be achieved, however some data is lost in the process (including primitive fields and primitive arrays).

A description of the BMD file format can be found [here](BMD file format.md).

Building

HprofCruncher is built by executing the following command from the command line, with the root of the git as your current directory.

./gradlew cruncher:jarWithDependencies

If the build is successful you will find the output jar file in the following location:

./cruncher/build/libs/cruncher-all-1.0.jar

Usage

After building the application jar-file you can execute it with the following command:

java -jar ./cruncher/build/libs/cruncher-all-1.0.jar \ \

HprofDecruncher

HprofDecruncher is a tool that converts BMD files (created by HprofCruncher) back to HPROF memory dump files. Since some data is discarded when the BMD file is created not all HPROF data is recovered. However, if you have access the the.jaror.apkfile of the application from which the memory dump was taken you can recover some additional data (strings used for class and field names).

Building

HprofDecruncher is built by executing the following command from the command line, with the root of the git as your current directory.

./gradlew decruncher:jarWithDependencies

If the build is successful you will find the output jar file in the following location:

./decruncher/build/libs/decruncher-all-1.0.jar

Usage

After building the application jar-file you can execute it with the following command:

java -jar ./decruncher/build/libs/decruncher-all-1.0.jar \ \ [string source 1] ... [string source n]

Where the string source input files can be either.jar,.dexor.apkfiles.

Android Examples

The Android Examples module contains a sample app that makes use the cruncher library to collect and convert HPROF files to BMD format, on the device.

Building

The app can be built as a regular Android app in Android Studio but before doing so you need to make sure that the library dependencies are published to your local Maven repo. This is done by executing the following command while position in the root of the git:

./gradlw publishToMavenLocal

Credits

Hprof-obfuscator, HprofCruncher and HprofDecruncher are brought to you by Badoo Trading Limited and are released under the MIT License.

Created by Erik Andre

##Blog Read more on our tech blog or explore our other open source projects