This section focuses on writing JEB Python scripts specifically to aid in the analysis of Android applications.
Dex units#
Recall JEB analysis modules produce IUnits, visible in the Project Explorer view:
IDexUnit and associated classes#
The dex unit interface is your entry-point to access dex elements.
Drop the following file in your JEB scripts/ folder. Open JEB GUI, load a dex or APK file, and execute the script with F2.
File: SomeScript.py
from com.pnfsoftware.jeb.client.api import IScript
from com.pnfsoftware.jeb.core.units.code.android import IDexUnit, IApkUnit
class SomeScript(IScript):
def run(self, ctx):
prj = ctx.getMainProject() # current project; None if no project is opened
dex = prj.findUnit(IDexUnit) # find the first dex unit
#dexlist = prj.findUnits(IDexUnit) # retrieve a list of dex units
#apk = prj.findUnits(IApkUnit) # find the first dex unit
for m in dex.getMethods():
print m.getSignature() # print method reference descriptor
dex file representation#
The diagram below is a high-level view of JEB types holding dex file information. This structure mirrors the dex file format's. (Not all types are represented, refer to the API reference for a complete list.)
APK units#
Android APK are represented by IApkUnits.
File: SomeScript.py
from com.pnfsoftware.jeb.client.api import IScript
from com.pnfsoftware.jeb.core.units.code.android import IApkUnit
class SomeScript(IScript):
def run(self, ctx):
prj = ctx.getMainProject() # current project; None if no project is opened
apk = prj.findUnits(IApkUnit) # find the first apk unit
print(apk.isDebuggable())
# ...
UI client specifics#
When a script is run within the UI client, the ctx provided to the run() method is IGraphicalClientContext (extending IClientContext). Additional methods are provided to interact with workspace widgets (unit views, fragments, etc.).
The diagram below shows the connection between UI elements types and the document types they hold.
Reference type: IGraphicalClientContext
dexdec units#
The entry-point interface is IDexDecompilerUnit, usually a child of an underlying IDexUnit. dexdec units produce IJavaSourceUnit, holding decompiled elements (classes and methods).
Accessing the IR#
The Dex decompiler plugin can load external Intermediate Representation (IR) plugins that are called during the decompilation pipeline to further refine and optimize a method decompilation. Those plugins can be compiled as jar, and/or written in Java or Python.
See this tutorial for a complete step-by-step example on how to write a dexdec IR script plugin, in Python.
Accessing the Java AST#
Java AST generated by dexdec can be manipulated via the Java AST API.
