GDA Android Reversing Tool

Here, a new Dalvik bytecode decompiler, GDA(this project started in 2013 and released its first version 1.0 in 2015 at www.gda.wiki:9090) , is proposed and implemented in C++ to provide more sophisticated, fast and convenient decompilation support. GDA is completely self-independent and very stable. It supports APK, DEX, ODEX, oat files, and run without installation and Java VM support.

GDA only takes up 2M of your disk space, and you can use it in any newly installed windows system and virtual machine system without additional configuration. In addition, GDA has more excellent features as follows:

  • Interactive operation:
    • cross-references for strings, classes, methods and fields;
    • searching for strings, classes methods and fields;
    • comments for java code;
    • rename for methods,fields and classes;
    • save the analysis results in gda db file.
  • Utilities for Assisted Analysis:
    • extracting DEX from ODEX;
    • extracting DEX from OAT;
    • XML Decoder;
    • algorithm tool;
    • device memory dump;
  • New features:
    • Brand new dalvik decompiler in c++ with friendly GUI;
    • Support python script
    • packers Recognition;
    • Multi-DEX supporting;
    • making and loading signature of the method
    • Malicious Behavior Scanning by API chains;
    • taint analysis to preview the behavior of variables;
    • taint analysis to trace the path of variables;
    • de-obfuscate;
    • API view with x-ref;
    • Association of permissions with modules;

Also Read – Application Inspector : A Source Code Analyzer Built For Surfacing Features Of Interest

shortcutdescription
F5Switch java to smali, pressing it again for back to java
FTrace the args and return value by dataflow analysis
XCross-referencing, locating callers (of strings, classes, methods, field, Smali, Java)
Esc/<-/BackspaceBack to the last visit
->Forward to the next visit
GJump to somewhere by you inputting offset
NRename the variable/method/class name
SSearch for all the elements by the given string
CComments. Only supports the Java code
DoubleClickThe cursor’s placed at the method/str/field/class, and double-click to access objects
Mthe cursor’s placed at the Smali line and pressing the key ‘M’ to edit the instruction
UPPress ‘up’ key to access the up-method in the tree control
DownPress “down” key to access the down-method in the tree control
DDump the binary data of methods, only supports the Smali window
EnterThe modification of edit boxes take effect
HShow data in Hex
Ctr+HPop searching history window
Ctr+ASelect all
Ctr+CCopy
Ctr+VPaste, only for editable boxes
Ctr+XCut
Ctr+FFind out the string of the current window
Ctr+SSave the modifications into the GDA database file

Shows

File loading and decompiling:

MalScan, API search, x-ref…

Url,Xml,string x-ref…

variable trace

R K

Recent Posts

Nmap cheat sheet for beginners

Nmap (Network Mapper) is a free tool that helps you find devices on a network,…

5 hours ago

Understanding the Model Context Protocol (MCP) and How It Works

Introduction to the Model Context Protocol (MCP) The Model Context Protocol (MCP) is an open…

1 week ago

The file Command – Quickly Identify File Contents in Linux

While file extensions in Linux are optional and often misleading, the file command helps decode what a…

1 week ago

How to Use the touch Command in Linux

The touch command is one of the quickest ways to create new empty files or update timestamps…

1 week ago

How to Search Files and Folders in Linux Using the find Command

Handling large numbers of files is routine for Linux users, and that’s where the find command shines.…

1 week ago

How to Move and Rename Files in Linux with the mv Command

Managing files and directories is foundational for Linux workflows, and the mv (“move”) command makes it easy…

1 week ago