Reproduced 2. Jebapi's Jeb.api.dex

This article was reproduced from: https://www.zybuluo.com/oro-oro/note/142842

1. Jeb.api.dex.Dex

This class represents the Dex file that is being processed by Jeb.
To better understand the method of this class definition, you can read the description of the Dex file format.

The class/method/variable format here is the same as Smali:

Class:lcom/foo/bar/blob;
Method:lcom/foo/bar/blob;->methodx ([biljava/lang/string;) V
Field:lcom/foo/bar/blob;->var:j

List of methods of interest

Method	Description
GetClass (int index)	Get class object by ordinal
GetClass (java.lang.String name)	Get a Class object by name
Getclasscount ()	Gets the number of classes defined within the Dex file
GetField (int index)	Get a variable by ordinal (Dexfield)
GetFieldCount ()	Get the number of variables defined in the Dex file
GetFieldData (java.lang.String name)	Get a variable by name (Dexfielddata)
GetMethod (int index)	Get a method by index ()
Getmethodcount ()	Get the number of methods in Dex
Getmethoddata (java.lang.String name)	Get a method by name ()
Getstrings ()	Get all strings from the Dex string pool
GetType (int index)	return type string
Gettypecount ()	Get the number of type strings

• GetType
  Type contains all the types that appear in Dex, including built-in types and custom classes.

#Coding:utf-8 fromJeb.apiImportIscriptclassTestdexgettype (iscript):defrun (self, Jeb): Dex=Jeb.getdex () Jeb.Print("Type Number:"+Str (Dex.gettypecount ())) Jeb.Print("Type 1:"+ Dex.gettype (1)) Jeb.Print("Type:"+ Dex.gettype (20)) Jeb.Print("Type:"+ Dex.gettype (30))

2. Jeb.api.dex.DexClass

This class represents the object of Dex class_def_item .
The GetClass method of Jeb.api.dex.Dex can get Dexclass object.

Method	Description
Getclasstypeindex ()	Get the type index of the class
GetData ()	Get the Dexclassdata object for this class
Getinterfaceindexes ()	Gets the index of the implemented interface
Getsuperclassindex ()	Get Parent Class Index

#Coding:utf-8 fromJeb.apiImportIscriptclassTestdexclass (iscript):defrun (self, Jeb): Dex=Jeb.getdex () Jeb.Print("class Number:"+Str (Dex.getclasscount ())) CLS= Dex.getclass (10) Cls_type_index=Cls.getclasstypeindex () Jeb.Print(str (CLS_TYPE_INDEX)) Jeb.Print("class Name:"+Dex.gettype (cls_type_index)) Super_cls_idx=Cls.getsuperclassindex ()ifSuper_cls_idx! =-1: Jeb.Print("Super class Name:"+Dex.gettype (SUPER_CLS_IDX)) If_idx=cls.getinterfaceindexes () forjd[inchIf_idx:jeb.Print("inerface Name:"+ dex.gettype (IDX))

3. Jeb.api.dex.DexField

This class corresponds to the object of Dex field_id_item .

#Coding:utf-8 fromJeb.apiImportIscriptclassTestdexfield (iscript):defrun (self, Jeb): Dex=Jeb.getdex () Dex_field= Dex.getfield (110) IDX=Dex_field.getindex () Jeb.Print("Field Index:"+str (IDX)) Cls_type_idx=Dex_field.getclasstypeindex () Jeb.Print("Class Type:"+Dex.gettype (CLS_TYPE_IDX)) Jeb.Print("Field Name:"+dex_field.getname ()) Jeb.Print("Field Type:"+Dex.gettype (Dex_field.gettypeindex ())) Jeb.Print("field SIG:"+ dex_field.getsignature (True))

4. Jeb.api.dex.DexMethod

Refer to the usage of Dexclass and Dexfield.

5. Instances of confrontation confusion

Sometimes the analysis will encounter some confusing class name, method name, variable name, if it is ABC good, there are some simply not people look at the character.

With the API we know earlier, we can get the class name, method name, variable name, and rename series method, then we can rename these confusing names.

Jeb's script example:
Https://www.pnfsoftware.com/jeb1/downloads

One of them is simply a script that renames the confusing class name:
https://github.com/SecureBrain/JEB-sample-scripts/blob/master/RenameObfuscatedClasses.py

This is just an example, to be fully practical, you have to modify it yourself.

Reproduced 2. Jebapi's Jeb.api.dex