31
Jan
image

This week, we saw a new kid among Android decompilers hit the street - JEB. JEB is a full featured, commercial dalvik decompiler aimed at security researchers and reverse engineers. Although many other decompilers exist, such as DED, Androguard, baksmalidex2jar, undx, etc and most of them are free and work quite well, JEB comes with features not seen in most free tools:

  • Easy to use UI
  • Direct dalvik to java decompilation
  • Easy on the eyes bytecode
  • Easy cross referencing of items
  • Easy renaming of items
  • Inspection

The downside is mainly the price, weighing in at a hefty $1000. Because of that, JEB unfortunately remains out of reach for the average hobbyist developer.

http___www.android-decompiler_Page_1 http___www.android-decompiler_Page_2

1 2 3[4]

4[4] 5 6

Want to know more? Hop on over to JEB’s site, read their brochure (reproduced above), and request a demo.

Justin Case
Justin Case is a 30yr old father of four. He has an ever changing array of Android devices, and an eye for mobile security.
  • wheineman

    So can I use this to decompile my favorite apps, add in advertisements, change the name, and reupload to Google?

    • SAI

      Isn't that how they created Temple Run: Brave? :D

      • LiamBryant

        Ba-zing!

    • sssgadget

      Can't you decompile them now? dex2jar decompiles the dex classes.

    • http://twitter.com/cbruegg Christian Brüggemann

      Yes, but you can also use this for forensics, for example checking for security holes in apps.
      Or use it for educational purposes to check out how someone achieved a feature.

      There *IS* a legitimate use for decompilers.

    • http://twitter.com/TeamAndIRC Justin Case

      No you can not. Jeb offers little advantage to a pirate, it does not reassemble apps.

  • Pancake345

    Great, more pirated apps.. BOO!

    • http://twitter.com/TeamAndIRC Justin Case

      This has nothing to do with piracy. To be honest, if you want to pirate an app, your best bet is and always has been baksmali. Jeb offers little advantage to a pirate, it does not reassemble apps.

      • mgamerz

        If you can disassemble the code back into java it's really easy to recompile it.

        • http://twitter.com/TeamAndIRC Justin Case

          and 100 other free tools will do that job just fine, actually probably better since they can reassemble. Being familiar with JEB, I assure you it is not geared towards pirates.

          • Al

            Justin, no matter how close you are to the JEB guy, it is an invaluable tool for crackers (not the current crackers of course... right now there is no need to do a real crack for almost any android app, but an eventual new breed that would arise if need be). Just like firearms are invaluable tools for terrorists: that's the way things are, there is no need to disprove what's evident... Your "firearm-maker" JEB friend is not a terrorist. We get it.

          • http://twitter.com/TeamAndIRC Justin Case

            I am not close to him, I don't know him, never spoken to him, never emailed him until I wanted to try his software. It was nice, and I bought it. Stop acting like I am promoting my friend's software. I don't know the guy.

            It is no more enabling than anything else. If someone is going to complain about one, lets complain about them all. Lets got riot at google over dexdump!

            If you want to get on me about enabling pirates, go read my original breakdown on LVL, I'll give you room to complain about that.

        • Al

          Well, I have to say that no cracker would do it that way. They'd figure out what to do with JEB, then patch the few instructions in the classes.dex that would need patching. But of course, that doesn't mean JEB isn't SUPER-useful for a cracker.

          • Al

            I mean, just look at the video, how easy it is to spot an RC4 encryption function and rename symbols and so on, it's brilliant. Super-comfortable. Compare that with decompiled bytecode, royal pain in the ass!

          • http://twitter.com/TeamAndIRC Justin Case

            Indeed, this comment I agree with. I actually spend more time in the assembly tab, but it is the interactive renaming that does it for me.

      • Pancake345

        Alright, I take back the BOO then.

      • Al

        This is the mobile equivalent of IDA Pro. FYI, a very expensive disassembler that every cracker uses as an invaluable tool when they crack desktop software. Before you ask the stupid question (do they have access to very expensive software? do they buy it?) I'm going to answer with a question: do crackers pay for software??

        So while the antivirus makers will be happy to have it, crackers will be too, and every "respectable" one will have it eventually, probably quite soon. Seeing a dalvik disassembly is a bit like seeing perl code, instant headache - I'd rather see mips assembly. This tool might even be an inflection point in Android apps cracking, as app developers start defending themselves from generic tools like L****P**** or system mods, that might give way to the first "real" Android cracks circulating in the wild (as if developers weren't screwed enough already with current piracy and the forcibly low prices of a manipulated market (yes, Google can choose to have whatever app quality and price it wants just by modifying the ranking algorithms, so, by the way, stop blaming developers for that).

        By all means talk about this decompiler. It's not like you can keep it secret from the crackers! But know that it's going to be an enabler for even the most incompetent cracker. It's nobody's fault but that's the way it is.

  • mgamerz

    Surprised you're running this article AP, since this is how pirates recompile your app.

    • Guest

      Why do you thin it's only for pirates?
      This is for themers,modders,rom porters,etc

      • mgamerz

        When did I say it was only for pirates?

        • Jeff Fuentes

          because when you say "Surprised you're running this article AP, since this is how pirates recompile your app." you're implying that doing so is showing people how they pirate applications. instead of maybe "Surprised you're running this article AP, This is gonna be great to assist developers to help make better applications" as an example. Again just an example :)

          • mgamerz

            But I still don't say it was only for pirates, someone else said it and then said I said it.

          • http://twitter.com/TeamAndIRC Justin Case

            And obviously you didn't read the article. This doesn't reassemble.

    • Guest

      Why do you think it's only for pirates?
      This is for themers,modders,rom porters,etc

    • http://twitter.com/TeamAndIRC Justin Case

      Please read the article, this is not "how pirates recompile your app"

      • mgamerz

        Please stop replying to every single comment so I don't have to deal with you saying the same thing three times.

        • http://twitter.com/TeamAndIRC Justin Case

          Stop making incorrect statements over and over, so i dont have to deal with you complaining about something you do not understand

    • http://www.androidpolice.com/ Artem Russakovskii

      That's like asking why we are running a story about apktool http://www.androidpolice.com/2012/12/28/apktool-updated-to-1-5-1-brings-android-4-2-support-the-latest-smalibaksmali-bugfixes.

      I can draw the same parallel to guns. Or any other tool that can be used maliciously by bad people. There are plenty of legitimate use cases for JEB. Heck, apk teardowns for one, remember Ron Amadeo?

      • mgamerz

        It irritates me as an app developer though. I can write all this hard to put together code and have people semi easily decompile it and use it in their own projects.

        • http://www.androidpolice.com/ Artem Russakovskii

          There are plenty of tools that already do this and JEB even tries to remove features aimed at recompiling, as Justin said. Your anger should be directed at those who do it, not tool developers. Hell, might as well blame Java.

        • http://twitter.com/TeamAndIRC Justin Case

          A developer worried about it should invest time in anti-analysis and obfuscation.

        • http://codytoombs.wordpress.com/ Cody Toombs

          I'm not sure you really understand what's happening here. All software can be decompiled. When I was in college, we were shown a decompiler that could generate nearly perfect C++ code out of practically anything we threw at it. Obfuscation works, but only so much that it can add a few hours of work and a couple Tylenol to somebody else's efforts. Any language that only compiles down to byte codes, like Java, is all that much easier to decompile. That's the nature of the language, and there's truly nothing you can do about it.

          If this kind of thing really bothers you this much, stop developing apps for distribution and go work on web applications or enterprise software. That software never leaves the hands of the people who control it and it doesn't get pirated.

  • http://codytoombs.wordpress.com/ Cody Toombs

    Wow, so much trolling?!?!

    Can pirates use this...yes, just like several other decompilers (as mentioned in the article)
    Will pirates pay $1000 or pirate this app just so they can jack some Android apps...LOL, dumb

    Come on people, it's not the first tool of it's kind. This is the same thing that was said about Java ~17 years ago and .Net ~12 years ago, and piracy rates remained the same for software written on those platforms. This kind of software is for professional use in real businesses.

    • http://www.facebook.com/garrett.gregorsplaver Garrett Gregor-Splaver

      There is always an associated risk with trying to stop piracy in the software world anyway. If many people cared, there would be no software in the first place?

  • Elias

    As a developer, what can I do to avoid having my apps decompiled, or have them produce the most obfuscated, unuseful and messy code when decompiled? Can a decompiler e.g. reverse engineer some algorithm I made to sort-of-encrypt something?

    • Mike Reid

      I'm a dev & I think 99% of lone devs are better off spending their time improving and marketing their apps.

      Read everything on this site to start, if you're serious: http://androidcracking.blogspot.ca/p/way-of-android-cracker-lessons.html

      I did, and tried several "unique" tricks of my own, even in JNI, and those Chinese guys with their automated tools still cracked it no problem. Now I don't bother anymore. I view it as selling convenient updates, tech support, and "the warm feeling of supporting a good cause/app/dev", as opposed to the app itself.

      Protection schemes usually just hurt the devs and customers IMO.

      • http://codytoombs.wordpress.com/ Cody Toombs

        This, right here. This.

        It's usually worth a few hours to make sure there is some kind of protection, at least pinging the market for license checking, and possibly using an obfuscation package (if it doesn't interfere with the app functionality). Any more than that is usually wasting time that would be better spent on just making an app that more people want to buy.

      • Al

        Mike, there are ways you can protect yourself from the automated tools. Sadly most developers don't know how. If you want me to give you a few pointers leave your email address as a reply here. I've even thought of making automated protection tools or services in the past.. or publishing an ebook about it or setting up a forum where developers can share methods to protect themselves... I don't know, something at least.

        But the situation is disheartening really. I recently paid for Flurry AppCircle installations, and they counted the many pirate installations (in a few hours real installs (paid) from flurry were like 12, Flurry counted 99, total copies instlaled that day: 2300, paid copies 29). So 90 people clicked through only to then download a pirate copy. Fortunately my app has protection against the generic tools, but it's public knowledge that 99.9% of people just move on and don't buy something they can't crack anyway, so I don't know how much an advantage it is really. Would it be better to have a big user base that popularizes your app? I don't think so, you probably have a freemium model for that and anyway pirates recommend piracy to their friends so they're unlikely to spread the app to many paying customers anyway. Tip: don't advertise in non-first-world countries, they'll never pay.

    • Al

      Everything can be cracked more or less. What you can do is bake in the appropriate level of protection that will ensure most people willing to use your app without paying won't be able to. Right now there isn't a real threat of your Android app being cracked in a traditional way, it's really not worth it yet. It is so easy that there are automated tools to do it.

      By the way, I'm baffled that people/devs are so concerned with JEB being used for piracy. The more real and immediate concern they should have at this point is that JEB enables other people to pretty much copy critical features of your app effortlessly without much reimplementation (contrary to dalvik bytecode disassemblies, you can presumably use big chunks of java code from JEB directly with no special skills).

  • nick

    I do other way and it works also the same, for free. What's the story here?

  • Atanas Neshkov

    With AndroChef Java Decompiler you can decompile apk., dex, jar and java class-files. It's simple and easy. http://www.androiddecompiler.com/

Quantcast