A set of JEB Python/Java scripts for reverse engineering Android obfuscated code

• HelloWorld.py
  • Display message box.
• ListingMethods.py
  • Print all methods in dex.
• InvokedMethods.py
  • Get caret position and print invoked methods from it.
• RenameObfuscatedClasses.py
  • Rename obfuscated class names by using super class name.
• AlertMarker.py
  • Set(unset) alert marker to focused method.
• getMethodSignatures.py
  • Get method signatures from an APK and store them into a text file for parsing it later on. (Use the Java version)
• getMethodsFromClass.py
  • Get method from a class and print them out.
• ASTRemoveDummySwitch.py
  • Remove dummy switches
• ObadDecrypt.py
  • Decrypt Obad strings before performing unreflection
• ObadUnreflect.py
  • Replace reflection calls by direct method calls
• fixObfousClass.py

  • Rename obfuscated class name with source name. (fr0zenrain)

    

    Recover android dex's class name obfouscator by proguard with "-keepattributes SourceFile". Most app need save the crash log, so the do not clear source name,maybe some nest class can not fix.

• DeCluster.java
  • Renaming obfuscated class/methods/fields names (@jcase)
• DeClusterMod.java
  • Renaming obfuscated class/methods/fields names with filter and string format added
• DexGuardStringDecoder.java
  • Decrypt DexGuard encrypted Strings (Anton Kosterin)
• getMethodSignatures.java
  • Get method signatures from an APK and store them into a text file for parsing it later on.

• grepDeobfuscationRoutines.py
  • Filter possible obfuscator routines from a method signatures list (First use getMethodSignatures.java)

Sample automation scripts for JEB(Android Interactive Decompiler).

Usage of JEB automation is here.

JEB API reference is here.