when analysing an APK in reverse process, we usually use apktool(http://ibotpeaches.github.io/Apktool/) to decompile the APK and then get smali codes. Although some tools,such as dex-to-jar, can convert smali codes to java codes which is more readable, those tools may not work if the method is complicate enough or confused. In this case, you can use this project to draw the basic flow diagram of method to understand the execution flow quickly.
The flow diagram is based on unconditional jump(goto) and conditional jump(if) instructions.
##Dependency
- python2.7
- Graphviz(http://www.graphviz.org/)
##Platform
- You can run this program on Linux.
- As for windows, you can change the variable DOT_PATH in drawFlowDiagramOfSmaliMethods.py.
Since output file name is named by method's name correspondingly, if method's name contains illegal characters of file name, the flow diagram of this method will not be generated.
##Usage (Make sure you install python2.7 and Graphviz before running this program)
- -s smali_file_path is indispensable, it specifies which smali file you want to parse.
- -f {png,jpg,svg} specifies the format of output picture file containing flow diagram generated
- -m methods_to_draw specifies the methods which you want to draw flow diagrams of. Different methods split with #, such as func#func1\(I\)Z. If you doesn't specify this parameter,it will draw all methods' flow diagrams.
- -o output_dir specifies the directory of output flow diagrams. Defult is current directory.
Example:
- python drawFlowDiagramOfSmaliMethods.py -s Check.smali //generate flow diagrams of all methods in Check.smali
- python drawFlowDiagramOfSmaliMethods.py -s Check.smali -f png -m check -o /home/cpf/output
##Output Flow Diagrams
1.example 1
2.example 2
Note:
- The numbers in the diagram increasing from top to bottom are the line numbers of instructions.
Figure legends:
1.Yellow rectangle indicates return instruction.
2.Orange edge indicates unconditional jump
3.Red edge indicates conditional jump if condition is false. That means it will execute all instructions between from node and end node
4.Green edge indicates conditional jump if condition is true