Skip to content


pxb1988 edited this page Mar 9, 2015 · 4 revisions


dex-tools- add support to Decrypt Strings in a jar


in java we usually use the following code to use constant strings.

ldc "hello" // load the string to stack
invoke-virtual Lj/l/String;->toString() //use the string

and to prevent from reverse engineering, we encrypt the string and add add a static method to decrypt the string at runtime.

ldc "olleh"
invoke-static Ltest/Decrypt;->reverse(Lj/l/String;)Lj/l/String; // decrypt the string
invoke-virtual Lj/l/String;->toString()

now if we can figure out which method is the decrypt-method we can call -mo test.Decrypt -mn reverse path/to/the.jar will invoke the decrypt-method by reflection and replace the encrypted string with the original string.


The decrypt method is invoked on your machine. malicious code maybe trigged. Carefully selecting the decrypt method.






dex-tools-2.1 add support to invoke method with primitive arguments, like DashO Pro style and Dexguard style static String x(int, int, int) string encryption

# the Obad sample  E1064BFD836E4C895B569B2DE4700284-dex2jar.jar \
    --decrypt-method-name oCIlCll \
    --decrypt-method-owner \
    --arg-types int,int,int \
    -cp /opt/android-sdk-linux/platforms/android-19/android.jar
# '--parameters-descriptor III' is equals to '--arg-types int,int,int'

as reversion acfbe14 we add support to use dex2jar IR to static analyze more const arguments, and is able to decrypt jeb-style static String x(byte[], int, int) string encryption

# the jeb jar jeb.jar \
    --parameters-descriptor [BII \
    --deep-analyze \
    --decrypt-method-name ... \
    --decrypt-method-owner ...
You can’t perform that action at this time.