GDA-android-reversing-Tool v4.04 releases: decompiler written entirely in c++

GDA(GJoy Dex Analysizer)

Most reverse engineers mainly use Java decompiler, commercial Dalvik decompiler Jeb, and smali2java to analyze Android APPs. Java decompiler is based on Java bytecode, including JD, JD-GUI, jadx, and others. smali2java is a decompiler based on the Smali code. They have their own shortcomings, such as the Java decompiler depends on the conversion of dex2jar. For complex, obfuscated or packed apks, there is a problem of translation failure. smali2java decompiles Smali code which should be translated from DEX with apktool, so it increases the difficulty and error rate and decreases the speed of manual analysis. In addition, their interaction is poor, which increases the difficulty of manual analysis. Although the commercial Jeb has better interactivity, it is easy to death when analyzing a large-sized APP with the Multidex, and it is very expensive for me…

Here, a new decompiler based on Dalvik bytecode, GDA（this project started in 2013 and released its first version 1.0 in 2015 at www.gda.com: 9090), is proposed and implemented in C++ language to provide more sophisticated, fast, and convenient decompilation support. GDA is completely self-independent. It supports APK, DEX, ODEX, oat files, and run without installation and Java VM support. GDA only takes up 2M of your disk space, and you can use it in any newly installed windows system and virtual machine system. In addition, GDA has more features as follows:

Interactive operation:
1.cross-references for strings, classes, methods and fields;
2.searching for strings, classes methods and fields;
3.comments for java code;
4.rename for methods,fields and classes;
5.save the analysis results in gda db file.
…

Utilities for Assisted Analysis:
1.extracting DEX from ODEX;
2.extracting DEX from OAT;
3.XML Decoder;
4.algorithm tool;
5.device memory dump;
…

New features:
1.Brand new dalvik decompiler in c++ with friendly GUI;
2.Support python script
3.packers Recognition;
4.Multi-DEX supporting;
5.making and loading signature of the method
6.Malicious Behavior Scanning by API chains;
7.taint analysis to preview the behavior of variables;
8.taint analysis to trace the path of variables;
9.de-obfuscate;
10.API view with x-ref;
11.Association of permissions with modules;
…

Changelog v4.04

1. Optimize the taint propagation analysis engine, the analysis speed has been improved, and the stuck problem has been fixed.
2. Fix the error that privacy-leaking cannot be output on the tree.
3. Fixed the problem that could not display the colorful header.
4. Fixed the jamming problem caused by the introduction of new features in version 4.03.
5. Updated vulnerability scanning rules.
6. Improve the toolbar and menu bar icons, and adjust the display of analysis results.
7. Fix the problem caused by the invalid ‘– no-pause’ parameter in the higher version of Frida. #110
8. Fix the de-obfuscation bug. #117
9. Add the attach by pid to the Frida hook. #116
10. Improve the dex checker. #114 #115

Download & Use

Copyright [2019] [charles2gan/gjden/GANJIE]