An easy-to-use, high-performance dex deobfuscation library. Easy to use your CMAKE/Android projects.

These two APIs can meet most of your usage scenarios:

• DexKit::BatchFindClassesUsingStrings
• DexKit::BatchFindMethodsUsingStrings

Note: In all cases you should avoid searching for keywords that contain duplicate content, eg: {"key_word", "word"}, as this will cause tags to be overwritten, resulting in inaccurate search results. If there is such a need, open the advanced search mode as much as possible, and use the string to match the content exactly, for example, modify it to this: {"^key_word$", "^word$"}

And there are many other APIs:

• DexKit::FindMethodCaller: find caller for specified method.
• DexKit::FindMethodInvoking: find the called method
• DexKit::FindMethodUsingField: Find method to get/set specified field
• DexKit::FindMethodUsingString: find method used utf8 string
• DexKit::FindMethod: find method by multiple conditions
• DexKit::FindSubClasses: find all direct subclasses of the specified class
• DexKit::FindMethodOpPrefixSeq: find all method using opcode prefix sequence(op range: 0x00-0xFF)
• DexKit::FindMethodUsingOpCodeSeq: find all method using opcode sequence(op range: 0x00-0xFF)
• DexKit::GetMethodOpCodeSeq: get method opcode sequence(op range: 0x00-0xFF)

For more detailed instructions, please refer to dex_kit.h.

However, this approach introduces an extra so file. If you don't want to introduce an extra so file, you can use the second/third method.

${project}/build.gradle:

allprojects {
    repositories {
        ...
        maven { url 'https://jitpack.io' }
    }
}

${project}/app/build.gradle:

dependencies {
    implementation 'com.github.LuckyPray:DexKit:<version>'
}

java:

import io.luckypry.dexkit.DexKitBridge;
// ...

public class DexUtil {

    static {
        System.loadLibrary("dexkit");
    }

    public static void findMethod() {
        // try-with-resources, auto close DexKitBridge, no need to call DexKitBridge.close()
        // if you don't use try-with-resources, be sure to manually call DexKitBridge.close() to release the jni memory
        try (DexKitBridge dexKitBridge = DexKitBridge.create(hostClassLoader)) {
            if (dexKitBridge == null) {
                Log.e("DexUtil", "DexKitBridge create failed");
                return;
            }
            List<DexClassDescriptor> classes = dexKitBridge.findSubClasses("android.app.Activity", null);
            for (DexClassDescriptor clazz : classes) {
                String name = clazz.getName();
                String simpleName = clazz.getSimpleName();
                Class<?> clz = clazz.getClassInstance(hostClassLoader);
                Log.i("DexUtil", "findSubClasses: " + clz);
            }
        } catch (Throwable e) {
            Log.e("DexUtil", Log.getStackTraceString(e));
        }
    }
}

${project}/app/build.gradle

android {
    buildFeatures {
        prefab true
    }
}

Note: DexKit-Android uses the prefab package schema v2, which is configured by default since Android Gradle Plugin 7.1.0. If you are using Android Gradle Plugin earlier than 7.1.0, please add the following configuration to gradle.properties:

android.prefabVersion=2.0.0

Also avoid libdexkit.so being added to the apk, you can add the following configuration to app/build.gradle:

android {
    packagingOptions {
        jniLibs.excludes.add("lib/**/libdexkit.so")
    }
}

CMake:

You can use find_package in CMakeLists.txt:

add_library(my_lib SHARED native.cpp)

# Add two lines below, must contain libz!!
find_package(dexkit REQUIRED CONFIG)
target_link_libraries(my_lib dexkit::dex_kit_static z)

At the same time, we also provide dex_kit_jni_helper.h, Convenient conversion between java/c++ data objects:

#include <jni.h>
#include <dex_kit.h>
#include "dex_kit_jni_helper.h"

#define DEXKIT_JNI extern "C" JNIEXPORT JNICALL

DEXKIT_JNI jobjectArray
Java_io_luckypray_dexkit_DexKitBridge_nativeFindMethodUsingString(JNIEnv *env, jclass clazz,
                                                                  jlong native_ptr,
                                                                  jstring used_string,
                                                                  jboolean advanced_match,
                                                                  jstring method_declare_class,
                                                                  jstring method_name,
                                                                  jstring method_return_type,
                                                                  jobjectArray method_param_types,
                                                                  jintArray dex_priority) {
    return FindMethodUsingString(env, native_ptr, used_string, advanced_match, method_declare_class,
                                 method_name, method_return_type, method_param_types, dex_priority);
}

reference: https://github.com/LuckyPray/XAutoDaily/tree/master/dexkit

• main.cpp
• qq-example.cpp

qq-example.cpp in MacPro M1 to deobfuscate qq-8.9.3.apk, the result is:

findClass count: 47
findMethod count: 29
used time: 207 ms

The slicer directory is partially copied from AOSP.

Modified parts are owed by LuckyPray Developers. If you would like to use it in an open source project, please submodule it.