smali Package Description
smali/baksmali is an assembler/disassembler for the dex format used by dalvik, Android’s Java VM implementation. The syntax is loosely based on Jasmin’s/dedexer’s syntax, and supports the full functionality of the dex format (annotations, debug info, line info, etc.)
Source: https://github.com/JesusFreke/smali
smali Homepage | Kali smali Repo
- Author: Ben Gruver
- License: BSD
Tools included in the smali package
smali – Assembles a set of smali files into a dex file
root@kali:~# smali --help
usage: smali [-v] [-h] [<command [<args>]]
Options:
-h,-?,--help - Show usage information
-v,--version - Print the version of baksmali and then exit
Commands:
assemble(ass,as,a) - Assembles smali files into a dex file.
help(h) - Shows usage information
See smali help <command> for more information about a specific command
usage: smali [-v] [-h] [<command [<args>]]
Options:
-h,-?,--help - Show usage information
-v,--version - Print the version of baksmali and then exit
Commands:
assemble(ass,as,a) - Assembles smali files into a dex file.
help(h) - Shows usage information
See smali help <command> for more information about a specific command
root@kali:~# smali help assemble
usage: smali assemble [<options>] [<file>|<dir>]+
Assembles smali files into a dex file.
Options:
-a,--api <api> - The numeric api level to use while assembling. (default: 15)
--allow-odex-opcodes,--allow-odex,--ao - Allows the odex opcodes that dalvik
doesn't reject to be assembled.
-h,-?,--help - Show usage information for this command.
-j,--jobs <n> - The number of threads to use. Defaults to the number of cores
available. (default: 4)
-o,--output <file> - The name/path of the dex file to write. (default: out.
dex)
--verbose - Generate verbose error messages.
<[<file>|<dir>]+> - Assembles the given files. If a directory is specified,
it will be recursively searched for any files with a .smali prefix
usage: smali assemble [<options>] [<file>|<dir>]+
Assembles smali files into a dex file.
Options:
-a,--api <api> - The numeric api level to use while assembling. (default: 15)
--allow-odex-opcodes,--allow-odex,--ao - Allows the odex opcodes that dalvik
doesn't reject to be assembled.
-h,-?,--help - Show usage information for this command.
-j,--jobs <n> - The number of threads to use. Defaults to the number of cores
available. (default: 4)
-o,--output <file> - The name/path of the dex file to write. (default: out.
dex)
--verbose - Generate verbose error messages.
<[<file>|<dir>]+> - Assembles the given files. If a directory is specified,
it will be recursively searched for any files with a .smali prefix
baksmali – Disassembles and/or dumps a dex file
root@kali:~# baksmali --help
usage: baksmali [--version] [--help] [<command [<args>]]
Options:
--help,-h,-? - Show usage information
--version,-v - Print the version of baksmali and then exit
Commands:
deodex(de,x) - Deodexes an odex/oat file
disassemble(dis,d) - Disassembles a dex file.
dump(du) - Prints an annotated hex dump for the given dex file
help(h) - Shows usage information
list(l) - Lists various objects in a dex file.
See baksmali help <command> for more information about a specific command
usage: baksmali [--version] [--help] [<command [<args>]]
Options:
--help,-h,-? - Show usage information
--version,-v - Print the version of baksmali and then exit
Commands:
deodex(de,x) - Deodexes an odex/oat file
disassemble(dis,d) - Disassembles a dex file.
dump(du) - Prints an annotated hex dump for the given dex file
help(h) - Shows usage information
list(l) - Lists various objects in a dex file.
See baksmali help <command> for more information about a specific command
root@kali:~# baksmali help deodex
usage: baksmali deodex [<options>] <file>
Deodexes an odex/oat file
Options:
-a,--api <api> - The numeric api level of the file being disassembled.
(default: -1)
--accessor-comments,--ac <boolean> - Generate helper comments for synthetic
accessors. True by default, use --accessor-comments=false to disable.
(default: True)
--allow-odex-opcodes - Allows odex opcodes to be disassembled, even if the
result won't be able to be reassembled.
-b,--bootclasspath,--bcp <classpath> - A colon separated list of the files to
include in the bootclasspath when analyzing the dex file. If not
specified, baksmali will attempt to choose an appropriate default. When
analyzing oat files, this can simply be the path to the device's boot.oat
file. A single empty string can be used to specify that an empty
bootclasspath should be used. (e.g. --bootclasspath "") See baksmali help
classpath for more information.
-c,--classpath,--cp <classpath> - A colon separated list of additional files
to include in the classpath when analyzing the dex file. These will be
added to the classpath after any bootclasspath entries.
--check-package-private-access,--package-private,--checkpp,--pp - Use the
package-private access check when calculating vtable indexes. This is
enabled by default for oat files. For odex files, this is only needed for
odexes from 4.2.0. It was reverted in 4.2.1.
--classes <classes> - A comma separated list of classes. Only disassemble
these classes
--code-offsets,--offsets,--off - Add a comment before each instruction with
it's code offset within the method.
-d,--classpath-dir,--cpd,--dir <dir> - A directory to search for classpath
files. This option can be used multiple times to specify multiple
directories to search. They will be searched in the order they are
provided.
--debug-info,--di <boolean> - Whether to include debug information in the
output (.local, .param, .line, etc.). True by default, use --debug-
info=false to disable. (default: True)
-h,-?,--help - Show usage information for this command.
--implicit-references,--implicit,--ir - Use implicit method and field
references (without the class name) for methods and fields from the
current class.
--inline-table,--inline,--it <file> - Specify a file containing a custom
inline method table to use. See the "deodexerant" tool in the smali
github repository to dump the inline method table from a device that uses
dalvik.
-j,--jobs <n> - The number of threads to use. Defaults to the number of cores
available. (default: 4)
-l,--use-locals - When disassembling, output the .locals directive with the
number of non-parameter registers instead of the .registers directive
with the total number of registers.
--normalize-virtual-methods,--norm,--nvm - Normalize virtual method
references to use the base class where the method is originally declared.
-o,--output <dir> - The directory to write the disassembled files to.
(default: out)
--parameter-registers,--preg,--pr <boolean> - Use the pNN syntax for
registers that refer to a method parameter on method entry. True by
default, use --parameter-registers=false to disable. (default: True)
-r,--register-info <register info specifier> - Add comments before/after each
instruction with information about register types. The value is a comma-
separated list of any of ALL, ALLPRE, ALLPOST, ARGS, DEST, MERGE and
FULLMERGE. See "baksmali help register-info" for more information.
--resolve-resources,--rr <resource prefix> <public.xml file> - This will
attempt to find any resource id references within the bytecode and add a
comment with the name of the resource being referenced. The parameter
accepts 2 values:an arbitrary resource prefix and the path to a public.
xml file. For example: --resolve-resources android.R
framework/res/values/public.xml. This option can be specified multiple
times to provide resources from multiple packages.
--sequential-labels,--seq,--sl - Create label names using a sequential
numbering scheme per label type, rather than using the bytecode address.
<file> - A dex/apk/oat/odex file. For apk or oat files that contain multiple
dex files, you can specify the specific entry to use as if the apk/oat
file was a directory. e.g. "app.apk/classes2.dex". For more information,
see "baksmali help input".
usage: baksmali deodex [<options>] <file>
Deodexes an odex/oat file
Options:
-a,--api <api> - The numeric api level of the file being disassembled.
(default: -1)
--accessor-comments,--ac <boolean> - Generate helper comments for synthetic
accessors. True by default, use --accessor-comments=false to disable.
(default: True)
--allow-odex-opcodes - Allows odex opcodes to be disassembled, even if the
result won't be able to be reassembled.
-b,--bootclasspath,--bcp <classpath> - A colon separated list of the files to
include in the bootclasspath when analyzing the dex file. If not
specified, baksmali will attempt to choose an appropriate default. When
analyzing oat files, this can simply be the path to the device's boot.oat
file. A single empty string can be used to specify that an empty
bootclasspath should be used. (e.g. --bootclasspath "") See baksmali help
classpath for more information.
-c,--classpath,--cp <classpath> - A colon separated list of additional files
to include in the classpath when analyzing the dex file. These will be
added to the classpath after any bootclasspath entries.
--check-package-private-access,--package-private,--checkpp,--pp - Use the
package-private access check when calculating vtable indexes. This is
enabled by default for oat files. For odex files, this is only needed for
odexes from 4.2.0. It was reverted in 4.2.1.
--classes <classes> - A comma separated list of classes. Only disassemble
these classes
--code-offsets,--offsets,--off - Add a comment before each instruction with
it's code offset within the method.
-d,--classpath-dir,--cpd,--dir <dir> - A directory to search for classpath
files. This option can be used multiple times to specify multiple
directories to search. They will be searched in the order they are
provided.
--debug-info,--di <boolean> - Whether to include debug information in the
output (.local, .param, .line, etc.). True by default, use --debug-
info=false to disable. (default: True)
-h,-?,--help - Show usage information for this command.
--implicit-references,--implicit,--ir - Use implicit method and field
references (without the class name) for methods and fields from the
current class.
--inline-table,--inline,--it <file> - Specify a file containing a custom
inline method table to use. See the "deodexerant" tool in the smali
github repository to dump the inline method table from a device that uses
dalvik.
-j,--jobs <n> - The number of threads to use. Defaults to the number of cores
available. (default: 4)
-l,--use-locals - When disassembling, output the .locals directive with the
number of non-parameter registers instead of the .registers directive
with the total number of registers.
--normalize-virtual-methods,--norm,--nvm - Normalize virtual method
references to use the base class where the method is originally declared.
-o,--output <dir> - The directory to write the disassembled files to.
(default: out)
--parameter-registers,--preg,--pr <boolean> - Use the pNN syntax for
registers that refer to a method parameter on method entry. True by
default, use --parameter-registers=false to disable. (default: True)
-r,--register-info <register info specifier> - Add comments before/after each
instruction with information about register types. The value is a comma-
separated list of any of ALL, ALLPRE, ALLPOST, ARGS, DEST, MERGE and
FULLMERGE. See "baksmali help register-info" for more information.
--resolve-resources,--rr <resource prefix> <public.xml file> - This will
attempt to find any resource id references within the bytecode and add a
comment with the name of the resource being referenced. The parameter
accepts 2 values:an arbitrary resource prefix and the path to a public.
xml file. For example: --resolve-resources android.R
framework/res/values/public.xml. This option can be specified multiple
times to provide resources from multiple packages.
--sequential-labels,--seq,--sl - Create label names using a sequential
numbering scheme per label type, rather than using the bytecode address.
<file> - A dex/apk/oat/odex file. For apk or oat files that contain multiple
dex files, you can specify the specific entry to use as if the apk/oat
file was a directory. e.g. "app.apk/classes2.dex". For more information,
see "baksmali help input".
root@kali:~# baksmali help disassemble
usage: baksmali disassemble [<options>] <file>
Disassembles a dex file.
Options:
-a,--api <api> - The numeric api level of the file being disassembled.
(default: -1)
--accessor-comments,--ac <boolean> - Generate helper comments for synthetic
accessors. True by default, use --accessor-comments=false to disable.
(default: True)
--allow-odex-opcodes - Allows odex opcodes to be disassembled, even if the
result won't be able to be reassembled.
-b,--bootclasspath,--bcp <classpath> - A colon separated list of the files to
include in the bootclasspath when analyzing the dex file. If not
specified, baksmali will attempt to choose an appropriate default. When
analyzing oat files, this can simply be the path to the device's boot.oat
file. A single empty string can be used to specify that an empty
bootclasspath should be used. (e.g. --bootclasspath "") See baksmali help
classpath for more information.
-c,--classpath,--cp <classpath> - A colon separated list of additional files
to include in the classpath when analyzing the dex file. These will be
added to the classpath after any bootclasspath entries.
--classes <classes> - A comma separated list of classes. Only disassemble
these classes
--code-offsets,--offsets,--off - Add a comment before each instruction with
it's code offset within the method.
-d,--classpath-dir,--cpd,--dir <dir> - A directory to search for classpath
files. This option can be used multiple times to specify multiple
directories to search. They will be searched in the order they are
provided.
--debug-info,--di <boolean> - Whether to include debug information in the
output (.local, .param, .line, etc.). True by default, use --debug-
info=false to disable. (default: True)
-h,-?,--help - Show usage information for this command.
--implicit-references,--implicit,--ir - Use implicit method and field
references (without the class name) for methods and fields from the
current class.
-j,--jobs <n> - The number of threads to use. Defaults to the number of cores
available. (default: 4)
-l,--use-locals - When disassembling, output the .locals directive with the
number of non-parameter registers instead of the .registers directive
with the total number of registers.
--normalize-virtual-methods,--norm,--nvm - Normalize virtual method
references to use the base class where the method is originally declared.
-o,--output <dir> - The directory to write the disassembled files to.
(default: out)
--parameter-registers,--preg,--pr <boolean> - Use the pNN syntax for
registers that refer to a method parameter on method entry. True by
default, use --parameter-registers=false to disable. (default: True)
-r,--register-info <register info specifier> - Add comments before/after each
instruction with information about register types. The value is a comma-
separated list of any of ALL, ALLPRE, ALLPOST, ARGS, DEST, MERGE and
FULLMERGE. See "baksmali help register-info" for more information.
--resolve-resources,--rr <resource prefix> <public.xml file> - This will
attempt to find any resource id references within the bytecode and add a
comment with the name of the resource being referenced. The parameter
accepts 2 values:an arbitrary resource prefix and the path to a public.
xml file. For example: --resolve-resources android.R
framework/res/values/public.xml. This option can be specified multiple
times to provide resources from multiple packages.
--sequential-labels,--seq,--sl - Create label names using a sequential
numbering scheme per label type, rather than using the bytecode address.
<file> - A dex/apk/oat/odex file. For apk or oat files that contain multiple
dex files, you can specify the specific entry to use as if the apk/oat
file was a directory. e.g. "app.apk/classes2.dex". For more information,
see "baksmali help input".
usage: baksmali disassemble [<options>] <file>
Disassembles a dex file.
Options:
-a,--api <api> - The numeric api level of the file being disassembled.
(default: -1)
--accessor-comments,--ac <boolean> - Generate helper comments for synthetic
accessors. True by default, use --accessor-comments=false to disable.
(default: True)
--allow-odex-opcodes - Allows odex opcodes to be disassembled, even if the
result won't be able to be reassembled.
-b,--bootclasspath,--bcp <classpath> - A colon separated list of the files to
include in the bootclasspath when analyzing the dex file. If not
specified, baksmali will attempt to choose an appropriate default. When
analyzing oat files, this can simply be the path to the device's boot.oat
file. A single empty string can be used to specify that an empty
bootclasspath should be used. (e.g. --bootclasspath "") See baksmali help
classpath for more information.
-c,--classpath,--cp <classpath> - A colon separated list of additional files
to include in the classpath when analyzing the dex file. These will be
added to the classpath after any bootclasspath entries.
--classes <classes> - A comma separated list of classes. Only disassemble
these classes
--code-offsets,--offsets,--off - Add a comment before each instruction with
it's code offset within the method.
-d,--classpath-dir,--cpd,--dir <dir> - A directory to search for classpath
files. This option can be used multiple times to specify multiple
directories to search. They will be searched in the order they are
provided.
--debug-info,--di <boolean> - Whether to include debug information in the
output (.local, .param, .line, etc.). True by default, use --debug-
info=false to disable. (default: True)
-h,-?,--help - Show usage information for this command.
--implicit-references,--implicit,--ir - Use implicit method and field
references (without the class name) for methods and fields from the
current class.
-j,--jobs <n> - The number of threads to use. Defaults to the number of cores
available. (default: 4)
-l,--use-locals - When disassembling, output the .locals directive with the
number of non-parameter registers instead of the .registers directive
with the total number of registers.
--normalize-virtual-methods,--norm,--nvm - Normalize virtual method
references to use the base class where the method is originally declared.
-o,--output <dir> - The directory to write the disassembled files to.
(default: out)
--parameter-registers,--preg,--pr <boolean> - Use the pNN syntax for
registers that refer to a method parameter on method entry. True by
default, use --parameter-registers=false to disable. (default: True)
-r,--register-info <register info specifier> - Add comments before/after each
instruction with information about register types. The value is a comma-
separated list of any of ALL, ALLPRE, ALLPOST, ARGS, DEST, MERGE and
FULLMERGE. See "baksmali help register-info" for more information.
--resolve-resources,--rr <resource prefix> <public.xml file> - This will
attempt to find any resource id references within the bytecode and add a
comment with the name of the resource being referenced. The parameter
accepts 2 values:an arbitrary resource prefix and the path to a public.
xml file. For example: --resolve-resources android.R
framework/res/values/public.xml. This option can be specified multiple
times to provide resources from multiple packages.
--sequential-labels,--seq,--sl - Create label names using a sequential
numbering scheme per label type, rather than using the bytecode address.
<file> - A dex/apk/oat/odex file. For apk or oat files that contain multiple
dex files, you can specify the specific entry to use as if the apk/oat
file was a directory. e.g. "app.apk/classes2.dex". For more information,
see "baksmali help input".
root@kali:~# baksmali help dump
usage: baksmali dump [<options>] <file>
Prints an annotated hex dump for the given dex file
Options:
-a,--api <api> - The numeric api level of the file being disassembled.
(default: -1)
-h,-?,--help - Show usage information for this command.
<file> - A dex/apk/oat/odex file. For apk or oat files that contain multiple
dex files, you can specify the specific entry to use as if the apk/oat
file was a directory. e.g. "app.apk/classes2.dex". For more information,
see "baksmali help input".
usage: baksmali dump [<options>] <file>
Prints an annotated hex dump for the given dex file
Options:
-a,--api <api> - The numeric api level of the file being disassembled.
(default: -1)
-h,-?,--help - Show usage information for this command.
<file> - A dex/apk/oat/odex file. For apk or oat files that contain multiple
dex files, you can specify the specific entry to use as if the apk/oat
file was a directory. e.g. "app.apk/classes2.dex". For more information,
see "baksmali help input".
root@kali:~# baksmali help list
usage: baksmali list [<options>] [<command [<args>]]
Lists various objects in a dex file.
Options:
-h,-?,--help - Show usage information
Commands:
classes(class,c) - Lists the classes in a dex file.
dependencies(deps,dep) - Lists the stored dependencies in an odex/oat file.
dex(d) - Lists the dex files in an apk/oat file.
fieldoffsets(fieldoffset,fo) - Lists the instance field offsets for classes
in a dex file.
fields(field,f) - Lists the fields in a dex file's field table.
help(h) - Shows usage information
methods(method,m) - Lists the methods in a dex file's method table.
strings(string,str,s) - Lists the strings in a dex file's string table.
types(type,t) - Lists the type ids in a dex file's type table.
vtables(vtable,v) - Lists the virtual method tables for classes in a dex file.
usage: baksmali list [<options>] [<command [<args>]]
Lists various objects in a dex file.
Options:
-h,-?,--help - Show usage information
Commands:
classes(class,c) - Lists the classes in a dex file.
dependencies(deps,dep) - Lists the stored dependencies in an odex/oat file.
dex(d) - Lists the dex files in an apk/oat file.
fieldoffsets(fieldoffset,fo) - Lists the instance field offsets for classes
in a dex file.
fields(field,f) - Lists the fields in a dex file's field table.
help(h) - Shows usage information
methods(method,m) - Lists the methods in a dex file's method table.
strings(string,str,s) - Lists the strings in a dex file's string table.
types(type,t) - Lists the type ids in a dex file's type table.
vtables(vtable,v) - Lists the virtual method tables for classes in a dex file.
smali Usage Example
root@kali:~# coming soon