JEB decompiler
Original author(s) | Nicolas Falliere |
---|---|
Developer(s) | PNF Software, Inc. |
Stable release |
2.2.10
/ October 10, 2016[1] |
Development status | Active |
Written in | Java |
Operating system | Microsoft Windows, Mac OS X, Linux |
Platform | Java, Eclipse RCP |
Type | Reverse engineering |
License | Proprietary |
Website |
www |
JEB is primarily known as a disassembler and decompiler software for Android applications. It decompiles Dalvik bytecode to Java source code. The assembly and Java outputs are interactive and can be refactored. Users can also write their own scripts and plugins[2] to extend JEB functionality.
JEB 2.2 introduced Android debugging modules for Dalvik and native (Intel, ARM) code.[3] Users can "seamlessly debug Dalvik bytecode and native machine code, for all apps [...] including those that do not explicitly allow debugging".[4]
JEB2 supports parsing and rendering of any file format, machine code as well as document files.[5] Official software packages still provide native support for Android app analysis.
Overview
JEB is the first Dalvik decompiler to provide interactive output, as reverse-engineers may examine cross-references, insert comments, or rename items, such as classes and methods. Whenever possible, the correspondence between the bytecode and the decompiled Java code is accessible to the user.
Although JEB is branded as a decompiler, it also provides a full APK view (manifest, resources, certificates, etc.).
An API allows users to customize or automate actions. As of August 2013, the API can be accessed using Python and Java.
The name may be a reference to the well-known security software IDA, as "JEB" = rot1("IDA").
JEB version 2
JEB2 allows parsing of any file format, via the addition of native or third-party plugins (examples: XLS[5] and MIPS, PDF,[6] etc.). The official primary front-end is based on the Eclipse Foundation Rich Client Platform framework. Unlike JEB1, JEB2 allows third-party to develop the development of custom front-end.