dexdump

Extract classes and methods from an APK file

$ dexdump [path/to/file.apk]

$ dexdump -f [path/to/file.apk]

$ dexdump -d [path/to/file.apk]

$ dexdump -o [path/to/file] [path/to/file.apk]

dexdump [options] dexfile...

-c
    Continue on errors.

-d
    Dump file contents, usually in a human-readable form.

-f
    Full output. The default is brief output.

-h
    Show file header details.

-l layout
    Use specified bytecode layout. Default is 'compact'.

-m
    Dump method details.

-n
    Suppress output of bytecode instructions.

-o outputfile
    Send output to filename rather than standard output.

-s
    Disassemble strings.

-t
    Dump table of contents only. Useful for quick overview.

-v
    Verbose mode. Provides more detailed output.

-w
    Wide output. Useful for scripts.

-z
    Sort displayed strings in defined order.

-j threads
    Number of threads to use. Default is 1.

dexfile...
    One or more DEX files to disassemble.

The `dexdump` command is a utility used to disassemble DEX (Dalvik Executable) files, which are the executable files used by the Android Runtime (ART) on Android devices. It provides a human-readable representation of the bytecode instructions, classes, methods, and other metadata contained within the DEX file. This allows developers and security researchers to analyze the structure and functionality of Android applications, identify potential vulnerabilities, and understand the code's behavior. `dexdump` is crucial for reverse engineering, debugging, and understanding the inner workings of Android apps. The output is detailed and can be quite verbose, showing register usage, constant pool references, and other low-level details. It's often used in conjunction with other tools like `apktool` to decompile and analyze complete Android application packages (APKs).

The output of `dexdump` can be overwhelming for large DEX files. It requires a good understanding of Dalvik bytecode to effectively analyze the disassembled code. Some obfuscation techniques can make the output harder to interpret. Different versions of the Android SDK might have slightly different `dexdump` outputs.

The output includes sections for the file header, string identifiers, type identifiers, proto identifiers, field identifiers, method identifiers, class definitions, and finally the disassembled bytecode for each method. Each instruction is shown with its opcode and operands.
Understanding the Dalvik instruction set architecture (ISA) is key to interpreting the output.

Common use cases include:

• Analyzing application logic and control flow.
• Identifying potentially malicious or vulnerable code.
• Understanding the use of system APIs.
• Debugging application crashes and errors.
• Reverse engineering closed-source applications.

Android applications are often obfuscated to make reverse engineering more difficult. Obfuscation techniques can rename classes, methods, and fields to meaningless names, making the dexdump output harder to understand. Deobfuscation tools and techniques can sometimes be used to reverse these transformations.

The `dexdump` command has been part of the Android SDK since its early versions. It evolved alongside the Dalvik Virtual Machine and later ART. Its primary purpose has always been to provide developers with a tool to inspect the contents of DEX files, aiding in debugging, optimization, and security analysis. Over time, updates have been made to support new bytecode instructions and features introduced in newer Android versions. It is an essential tool for Android application development and security research.

apktool(1)