A PHP-based tool for extracting, analyzing, and restoring DEX files from DPT-shell protected Android applications. This API allows you to process protected DEX files and code.bin files to recover original method implementations.
- Extract embedded ZIP archives from DEX files
- Parse multi-dex code.bin structures
- Restore method bytecode from code.bin to DEX files
- Generate JSON dumps of recovered method signatures
- Fix DEX headers and checksums after patching
- Support for multi-dex applications (classes.dex, classes2.dex, etc.)
- PHP 7.4 or higher
- ZipArchive extension
- JSON extension
For Website and Php
git clone https://github.com/yourusername/dpt-shell-dump-api.git
cd dpt-shell-dump-api
cd webapiFor csharp and win only
git clone https://github.com/yourusername/dpt-shell-dump-api.git
cd dpt-shell-dump-api
cd cs-dptshell
dotnet run - Ensure the required PHP extensions are enabled in your
php.ini:
extension=zip
extension=json- Place the files on your web server or use PHP built-in server:
php -S localhost:8000POST /api.php
Send a multipart/form-data POST request with two files:
dex: The protected DEX file (e.g., classes.dex)code: The code.bin file extracted from the APK
curl -X POST "https://your-server.com/api.php" \
-F "dex=@classes.dex" \
-F "code=@code.bin"curl.exe -X POST "https://your-server.com/api.php" `
-F "dex=@classes.dex" `
-F "code=@code.bin"import requests
url = "https://your-server.com/api.php"
files = {
'dex': open('classes.dex', 'rb'),
'code': open('code.bin', 'rb')
}
response = requests.post(url, files=files)
result = response.json()
print(result)The API returns a JSON response with the following structure:
{
"status": "success",
"summary": {
"extractedFiles": ["classes.dex", "classes2.dex", ...],
"dexFiles": ["classes.dex", "classes2.dex", ...],
"jsonFiles": ["classes.dex.json", "classes2.dex.json", ...],
"restored": [
{
"dexIndex": 0,
"dexFile": "classes.dex",
"restoredMethods": 42
}
],
"elapsedSeconds": 1.234,
"multidex": {
"version": 1,
"dexCount": 2
},
"notes": []
},
"patchedDex": [
{
"fileName": "classes.dex",
"sizeBytes": 524288,
"base64": "UEsDBBQAAAAA..."
}
],
"jsonDump": [
{
"fileName": "classes.dex.json",
"sizeBytes": 1024,
"content": [
{
"Lcom/example/MainActivity;": [
{
"methodId": 0,
"code": "[6e,20,01,00,0e,00]"
}
]
}
]
}
]
}{
"status": "error",
"message": "Error description"
}The main class that handles all DEX manipulation operations.
- runFullPipeline($dexInput, $codeInput): Complete processing pipeline that extracts, patches, and generates JSON dumps
- restoreDexFromCodeFile($dex, $codeBlob): Restore a single DEX file using code.bin data
- restoreDexFromEmbeddedZip($dex): Restore DEX using embedded ZIP from another DEX
- extractEmbeddedZipFromDex($dex): Extract embedded ZIP signature from DEX
- readMultiDexCode($buf): Parse code.bin structure
- parseDex($dex): Parse DEX file structure
- patchDexInsns($dex, $insnsOff, $codeBytes): Patch method instructions at specific offset
- fixDexHeaders($dex): Recalculate and fix DEX headers (checksum, SHA1, file size)
- DPT-Shell Protection Analysis: Extract protected method implementations
- Malware Analysis: Recover hidden or encrypted DEX code
- Security Research: Study Android protection mechanisms
- Forensics: Extract embedded DEX files from protected applications
- Requires valid DEX and code.bin files from DPT-shell protected apps
- Maximum file size depends on PHP memory limits
- Some heavily obfuscated methods may not be recoverable
Contributions are welcome! Please feel free to submit a Pull Request.
This project is licensed under the MIT License - see the LICENSE file for details.
@aantik_mods @AbhikrX
This tool is for educational and security research purposes only. Users are responsible for complying with applicable laws and regulations. The authors are not responsible for any misuse of this software.
For issues, questions, or contributions, please open an issue on GitHub.