dexdump

Extract classes and methods from an APK file

$ dexdump [path/to/file.apk]

$ dexdump -f [path/to/file.apk]

$ dexdump -d [path/to/file.apk]

$ dexdump -o [path/to/file] [path/to/file.apk]

dexdump [options] <DEX_FILE>

-d
    (Optional) Dumps the detailed disassembled bytecode for methods. This is often the default behavior or the primary reason for using the command.

-h
    (Optional) Displays a brief help message and usage instructions for the command.

dexdump is a command-line utility designed to analyze Android Dalvik Executable (DEX) files. DEX files contain the bytecode format used by the Android operating system for applications, compiled to run on the Dalvik or ART virtual machines. dexdump takes a DEX file as input and outputs a human-readable representation of its contents. This output typically includes detailed information about classes, methods, fields, and the Dalvik bytecode instructions within each method.

It is an essential tool for Android developers and security researchers for tasks like reverse engineering, debugging, security analysis, and understanding how an Android application is structured and functions at a low level. It helps in inspecting the application's logic, identifying specific functionalities, and understanding compiled code behavior without needing to decompile to Java source code.

The output of dexdump can be extremely verbose, making it challenging to parse programmatically without additional scripting. It provides bytecode disassembly, not direct Java source code; for full decompilation, other tools like Jadx are required. The command is typically found within the Android SDK build tools, meaning its availability depends on a proper Android SDK installation. Exact behavior and available options may vary slightly across different versions of the Android build tools. It does not perform deobfuscation, so obfuscated DEX files will still yield obfuscated bytecode.

The output of dexdump typically includes:
- Header Information: Details about the DEX file itself (version, checksums, etc.).
- String Literals: All strings used within the DEX file.
- Type List: All referenced types (classes, interfaces, primitive types).
- Field List: Static and instance fields declared within classes.
- Method List: All methods (constructors, regular methods) with their signatures.
- Disassembled Bytecode: The core of the output, showing the Dalvik bytecode instructions for each method, including registers, constants, and method calls.

The dexdump executable is typically found within the Android SDK's build-tools/<version>/ directory (e.g., ~/Android/sdk/build-tools/30.0.3/dexdump). It is often invoked by directly specifying its full path or by adding the build-tools directory to the system's PATH environment variable.

dexdump has been an integral part of the Android SDK build tools since the early stages of Android development. Its evolution is closely tied to the needs of the Dalvik (and later ART) virtual machines and the necessity for low-level analysis of compiled Android applications. Initially conceived as a basic utility for internal debugging by Google, it quickly became invaluable for third-party developers, security researchers, and reverse engineers seeking to understand the inner workings of Android Application Packages (APKs). While more sophisticated tools like baksmali (for Smali assembly/disassembly) and Jadx (for Java decompilation) have emerged, dexdump remains a quick and direct method for inspecting the raw bytecode of a DEX file. Its continued presence underscores Android's commitment to providing tools for developers to inspect the compiled output of their applications.

objdump(1), apktool(1), smali(1), baksmali(1), aapt2(1)