Jadx - Android APK Decompiler
You are helping the user decompile Android APK files using jadx to convert DEX bytecode into readable Java source code for security analysis, vulnerability discovery, and understanding app internals.
Tool Overview
Jadx is a dex to Java decompiler that produces clean, readable Java source code from Android APK files. Unlike apktool (which produces smali), jadx generates actual Java code that's much easier to read and analyze. It's essential for:
- Converting DEX bytecode to readable Java source
- Understanding app logic and control flow
- Finding security vulnerabilities in code
- Discovering hardcoded credentials, API keys, URLs
- Analyzing encryption/authentication implementations
- Searching through code with familiar Java syntax
Prerequisites
- jadx (and optionally jadx-gui) must be installed
- Java Runtime Environment (JRE) required
- Sufficient disk space (decompiled output is typically 3-10x APK size)
- Write permissions in output directory
GUI vs CLI
Jadx provides two interfaces:
CLI (jadx): Command-line interface
- Best for automation and scripting
- Batch processing multiple APKs
- Integration with other tools
- Headless server environments
GUI (jadx-gui): Graphical interface
- Interactive code browsing
- Built-in search functionality
- Cross-references and navigation
- Easier for manual analysis
- Syntax highlighting
When to use each:
- Use CLI for automated analysis, scripting, CI/CD pipelines
- Use GUI for interactive exploration and deep-dive analysis
Instructions
1. Basic APK Decompilation (Most Common)
Standard decompile command:
jadx <apk-file> -d <output-directory>
Example:
jadx app.apk -d app-decompiled
With deobfuscation (recommended for obfuscated apps):
jadx --deobf app.apk -d app-decompiled
2. Understanding Output Structure
After decompilation, the output directory contains:
app-decompiled/
├── sources/ # Java source code
│ └── com/company/app/ # Package structure
│ ├── MainActivity.java
│ ├── utils/
│ ├── network/
│ └── ...
└── resources/ # Decoded resources
├── AndroidManifest.xml # Readable manifest
├── res/ # Resources
│ ├── layout/ # XML layouts
│ ├── values/ # Strings, colors
│ ├── drawable/ # Images
│ └── ...
└── assets/ # App assets
3. Decompilation Options
A. Performance Options
Multi-threaded decompilation (faster):
jadx -j 4 app.apk -d output
# -j specifies number of threads (default: CPU cores)
Skip resources (code only, much faster):
jadx --no-res app.apk -d output
Skip source code (resources only):
jadx --no-src app.apk -d output
B. Deobfuscation Options
Enable deobfuscation:
jadx --deobf app.apk -d output
- Renames obfuscated classes (a.b.c → meaningful names)
- Attempts to recover original names
- Makes code much more readable
- Essential for obfuscated/minified apps
Deobfuscation map output:
jadx --deobf --deobf-rewrite-cfg --deobf-use-sourcename app.apk -d output
- More aggressive deobfuscation
- Uses source file names as hints
- Rewrites control flow graphs
C. Output Control
Show inconsistent/bad code:
jadx --show-bad-code app.apk -d output
- Shows code that couldn't be decompiled cleanly
- Useful for finding obfuscation or anti-decompilation tricks
- May contain syntax errors but reveals structure
Export as Gradle project:
jadx --export-gradle app.apk -d output
- Creates buildable Gradle Android project
- Useful for rebuilding/modifying app
- Includes build.gradle files
Fallback mode (when decompilation fails):
jadx --fallback app.apk -d output
- Uses alternative decompilation strategy
- Produces less clean code but handles edge cases
4. Common Analysis Tasks
A. Searching for Sensitive Information
After decompilation, search for common security issues:
# Search for API keys
grep -r "api.*key\|apikey\|API_KEY" app-decompiled/sources/
# Search for passwords and credentials
grep -r "password\|credential\|secret" app-decompiled/sources/
# Search for hardcoded URLs
grep -rE "https?://[^\"]+" app-decompiled/sources/
# Search for encryption keys
grep -r "AES\|DES\|RSA\|encryption.*key" app-decompiled/sources/
# Search for tokens
grep -r "token\|auth.*token\|bearer" app-decompiled/sources/
# Search for database passwords
grep -r "jdbc\|database\|db.*password" app-decompiled/sources/
B. Finding Security Vulnerabilities
SQL Injection:
grep -r "SELECT.*FROM.*WHERE" app-decompiled/sources/ | grep -v "PreparedStatement"
grep -r "rawQuery\|execSQL" app-decompiled/sources/
Insecure Crypto:
grep -r "DES\|MD5\|SHA1" app-decompiled/sources/
grep -r "SecureRandom.*setSeed" app-decompiled/sources/
grep -r "Cipher.getInstance" app-decompiled/sources/ | grep -v "AES/GCM"
Insecure Storage:
grep -r "SharedPreferences" app-decompiled/sources/
grep -r "MODE_WORLD_READABLE\|MODE_WORLD_WRITABLE" app-decompiled/sources/
grep -r "openFileOutput" app-decompiled/sources/
WebView vulnerabilities:
grep -r "setJavaScriptEnabled.*true" app-decompiled/sources/
grep -r "addJavascriptInterface" app-decompiled/sources/
grep -r "WebView.*loadUrl" app-decompiled/sources/
Certificate pinning bypass:
grep -r "TrustManager\|HostnameVerifier" app-decompiled/sources/
grep -r "checkServerTrusted" app-decompiled/sources/
C. Understanding App Logic
Find entry points:
# Main activities
grep -r "extends Activity\|extends AppCompatActivity" app-decompiled/sources/
# Application class
grep -r "extends Application" app-decompiled/sources/
# Services
grep -r "extends Service" app-decompiled/sources/
# Broadcast receivers
grep -r "extends BroadcastReceiver" app-decompiled/sources/
Trace network communication:
# Find HTTP client usage
grep -r "HttpURLConnection\|OkHttpClient\|Retrofit" app-decompiled/sources/
# Find API endpoints
grep -r "@GET\|@POST\|@PUT\|@DELETE" app-decompiled/sources/
# Find base URLs
grep -r "baseUrl\|BASE_URL\|API_URL" app-decompiled/sources/
Find authentication logic:
grep -r "login\|Login\|authenticate\|Authorization" app-decompiled/sources/
grep -r "jwt\|JWT\|bearer\|Bearer" app-decompiled/sources/
D. Analyzing Specific Classes
After identifying interesting classes, read them directly:
# View specific class
cat app-decompiled/sources/com/example/app/LoginActivity.java
# Use less for pagination
less app-decompiled/sources/com/example/app/network/ApiClient.java
# Search within specific class
grep "password" app-decompiled/sources/com/example/app/LoginActivity.java
5. GUI Mode (Interactive Analysis)
Launch GUI:
jadx-gui app.apk
GUI features:
- Full-text search: Ctrl+Shift+F (search all code)
- Find usage: Right-click on class/method → "Find usage"
- Go to declaration: Ctrl+Click on any class/method
- Decompilation: Click any class to see Java code
- Save decompiled code: File → Save all
- Export options: File → Export as Gradle project
GUI workflow:
- Open APK with jadx-gui
- Browse package structure in left panel
- Use search (Ctrl+Shift+F) to find keywords
- Click results to view code in context
- Follow cross-references with Ctrl+Click
- Save interesting findings
6. Integration with Other Tools
Combine Jadx with Apktool
Both tools complement each other:
Jadx strengths:
- Readable Java source code
- Easy to understand logic
- Fast searching through code
Apktool strengths:
- Accurate resource extraction
- Smali c