[Dexplore] Obfuscated code finder | Develop portable Xposed module for obfuscated apps

Search This thread

NeonOrbit

Senior Member
Jul 14, 2021
195
133
Library: Dexplore

[Develop Portable Xposed Module] - [For Any Obfuscated Apps]

About: Dexplore is a dex analyzing library for finding obfuscated classes and methods at runtime. There is also a command line tool for static analysis and app de-compilation.

Highlight: Now you can develop portable Xposed module for any obfuscated apps (eg: snapchat, youtube, whatsapp, facebook etc). You don't have to worry about updating the module every time they release new versions, Dexplore will take care of obfuscated classes based on your provided query.

Example: Disable 'msg seen' in messenger

A more detailed explanation and examples can be found at: Github Wiki

The library is available at maven central repository: Dexplore
Java:
repositories {
    mavenCentral()
}
dependencies {
    implementation 'io.github.neonorbit:dexplore:1.4.4'
}
Command Line tool: Download
Java:
java -jar Dexplore-1.4.4.jar --help

Changelogs:
Release v1.4.4:
- [LIB] Fix class loading issues
- [LIB] Fix de-serialization failure
- [LIB] Add constructor helper methods

Release v1.4.3:
- [LIB] Fix de-serialization failure

Release v1.4.2:
- [LIB] Minor improvements
- [CLI] Improvement: rewrite from scratch
- [CLI] New command: search [redesigned]
- [CLI] New command: decode [decompiler]

Release v1.4.0:
- [LIB] Make API thread-safe
- [LIB] Add support for batch operation
- [LIB] Add support for parallel execution
- [LIB] Add Filter conditions for annotaion
- [CLI] Fix @file expansion in arguments

Release v1.3.0:
- [LIB] Several enhancements
- [CLI] New option: specify classes (-c)
- [CLI] New option: generate source files (-s)
- [CLI] Improvement: show results in real-time

Release v1.2.0:
- [LIB] Add documentation
- [LIB] Improve search accuracy
- [LIB] Fix several known bugs
- [LIB] Improve performance

Release v1.0.1:
- [LIB] Support multiple preferred dexes
- [CLI] New option: print full details (-d)

Source Code: Github
API Overview: Javadoc
Implementation: Github Wiki

If you need any help with implementation, comment here.
For bugs and feature request, create an issue on the github repo.

Used by: ChatHeadEnabler
 
Last edited:

NeonOrbit

Senior Member
Jul 14, 2021
195
133
Xposed Implementation Sample:
- Find all the necessary classes/methods using Dexplore at runtime and save them to Preferences.
- Do your necessary hooking with Xposed.
- Next time simply load them from Preferences.
[Implement dexplore queries to re-fetch automatically whenever version code changes]
 
Last edited:

NeonOrbit

Senior Member
Jul 14, 2021
195
133
Example: Block 'msg seen status' in facebook messenger (check Github Wiki for documentation):

Java:
public class XposedModule implements IXposedHookLoadPackage {
  @Override public void handleLoadPackage(XC_LoadPackage.LoadPackageParam lpparam) {
    if (!lpparam.packageName.equals("com.facebook.orca")) return;

    // Create a class filter to find our target class
    ClassFilter classFilter = new ClassFilter.Builder()
            .setReferenceTypes(ReferenceTypes.builder().addString().build())
            .setReferenceFilter(pool ->
                    pool.contains("Montage thread ")
            ).build();

    // Create a method filter to find our target method from the class
    MethodFilter methodFilter = new MethodFilter.Builder()
            .setReferenceTypes(ReferenceTypes.builder().addString().build())
            .setReferenceFilter(pool ->
                    pool.contains("has_seen")
            ).setParamSize(3)
            .setModifiers(Modifier.PUBLIC)
            .build();

    // Load the base apk into Dexplore
    Dexplore dexplore = DexFactory.load(lpparam.appInfo.sourceDir);

    // Search method
    MethodData result = dexplore.findMethod(DexFilter.MATCH_ALL, classFilter, methodFilter);

    // Xposed hook: this will block Seen Status from being sent
    XposedBridge.hookMethod(result.loadMethod(lpparam.classLoader), XC_MethodReplacement.returnConstant(null)));
}
 
Last edited:

ranej700

Member
Sep 21, 2022
5
0
Hello, After reading github wiki, I could successfully track class name changes dynamically. But when I read back the result from preference and try to deserialize by library method, it throws an IllegalArgumerntException.
 

NeonOrbit

Senior Member
Jul 14, 2021
195
133
Hello, After reading github wiki, I could successfully track class name changes dynamically. But when I read back the result from preference and try to deserialize by library method, it throws an IllegalArgumerntException.
How exactly did you try to de-serialize it? Could you provide the class name that you are trying to de-serialize?
 

NeonOrbit

Senior Member
Jul 14, 2021
195
133
Update: v1.4.4

Changelog:
- Fix class loading issues
- Fix de-serialization failure
- Add constructor helper methods
 
  • Like
Reactions: Stillhard

Blue cat

Senior Member
Aug 16, 2012
115
149
This library will be able to load dex files if they are extracted from apk and placed in a separate folder in /data/data/com.example.apk/files?
 

Top Liked Posts

  • There are no posts matching your filters.
  • 4
    Library: Dexplore

    [Develop Portable Xposed Module] - [For Any Obfuscated Apps]

    About: Dexplore is a dex analyzing library for finding obfuscated classes and methods at runtime. There is also a command line tool for static analysis and app de-compilation.

    Highlight: Now you can develop portable Xposed module for any obfuscated apps (eg: snapchat, youtube, whatsapp, facebook etc). You don't have to worry about updating the module every time they release new versions, Dexplore will take care of obfuscated classes based on your provided query.

    Example: Disable 'msg seen' in messenger

    A more detailed explanation and examples can be found at: Github Wiki

    The library is available at maven central repository: Dexplore
    Java:
    repositories {
        mavenCentral()
    }
    dependencies {
        implementation 'io.github.neonorbit:dexplore:1.4.4'
    }
    Command Line tool: Download
    Java:
    java -jar Dexplore-1.4.4.jar --help

    Changelogs:
    Release v1.4.4:
    - [LIB] Fix class loading issues
    - [LIB] Fix de-serialization failure
    - [LIB] Add constructor helper methods

    Release v1.4.3:
    - [LIB] Fix de-serialization failure

    Release v1.4.2:
    - [LIB] Minor improvements
    - [CLI] Improvement: rewrite from scratch
    - [CLI] New command: search [redesigned]
    - [CLI] New command: decode [decompiler]

    Release v1.4.0:
    - [LIB] Make API thread-safe
    - [LIB] Add support for batch operation
    - [LIB] Add support for parallel execution
    - [LIB] Add Filter conditions for annotaion
    - [CLI] Fix @file expansion in arguments

    Release v1.3.0:
    - [LIB] Several enhancements
    - [CLI] New option: specify classes (-c)
    - [CLI] New option: generate source files (-s)
    - [CLI] Improvement: show results in real-time

    Release v1.2.0:
    - [LIB] Add documentation
    - [LIB] Improve search accuracy
    - [LIB] Fix several known bugs
    - [LIB] Improve performance

    Release v1.0.1:
    - [LIB] Support multiple preferred dexes
    - [CLI] New option: print full details (-d)

    Source Code: Github
    API Overview: Javadoc
    Implementation: Github Wiki

    If you need any help with implementation, comment here.
    For bugs and feature request, create an issue on the github repo.

    Used by: ChatHeadEnabler
    1
    Can I message you personally? I need help with advanced search.
    Sure, anytime.
    1
    Update: v1.4.4

    Changelog:
    - Fix class loading issues
    - Fix de-serialization failure
    - Add constructor helper methods
    1
    This library will be able to load dex files if they are extracted from apk and placed in a separate folder in /data/data/com.example.apk/files?
    It supports apk, dex, odex, oat, zip files.
    If your app can access the file, so should the library. Doesn't matter where it's placed.