The UI has several different views on the available application components like packages, classes and the methods’ code itself. We will walk through the individual views here. explain the purpose / functionality of it and the thought process of us when putting them together.
Before going into the details of individual views let’s take a look at our “Analysis View”.
Hopefully the controls are somewhat intuitive. This page contains the front-end logic of Dexter and it’s subviews are opened as tabulated containers within the content area. Thus, if you refresh the page in your browser, your opened “tabs” within the page will be lost - and it will take you back to the currently active tab (“General” will always be opened additionally).
So make sure you add regular browser bookmarks or our internal notes feature to keep track of interesting views!
The first view that is shown when opening an analyzed application is the General Information view. It shows an overview of the app and lists extracted details like permissions used and activities (an activity is an Android framework building block that represents a view in an application).
This view gives a rough overview about the app’s contents and the activities and services provide a good starting point for taking a closer look at the code.
The package dependency graph serves as an overview about the Java packages used within the APK. Dexter tracks the usage of classes and is thus able to tell which packages make use of which other ones and represent the result as a graph.
From this view you can dive into the actual classes and methods contained in these packages. The respective views are called “Class List” and “Method List” and we will cover them next.
A class list basically shows the classes of one or multiple packages. This includes names, tags and two buttons: “Details” and “Class Diagram”.
The details button will expand the class row and show more information on the class itself and links to its methods and for example its superclass.
Before having a look at class diagrams we will first show the method list for the sake of completeness.
The method list is similar to the class list - but showing the methods of one or multiple classes. In the details of listed methods, one can find again more information but also cross-references to callers and callees.
Another view on classes is the class diagram. This is a graphical representation of class hierarchies, including superclasses and implemented interfaces.
The nodes in the graph contain a list of contained methods in the respective class / interface. Methods that actually are implemented in the APK (not external) have a link to their implementation view, which is called “BBL View” or “BBL Graph” (basic block view).
We can see in the screenshot that the class CursorLoader subclasses AsyncTaskLoader, which in turn subclasses Loader. A lot of methods and attributes / fields are defined in these classes and one could now follow the links to the actual bytecode of their implementation.
Before looking at decompilation of classes and the BBL view, the next screenshot shows a tagged and commented class and the dialog for adding a tag to it.
The tags and comments we see here are actually added by our autotagging process which is a part of the import functionality in Dexter.
In the class diagram you can find the button “Decompile”, both in the tab’s navigation bar and next to the class node in the graph area.
Following it will fire up the Java decompiler “jad” on the server and run it on the .class file to show the results in the frontend. We are in the process of putting together a custom decompiler because we also want to be able to show individual methods in a decompiled form and make them use the internal renamed components rather then the APKs orginial names.
This looks very readable indeed, but might be misleading if the APK employs obfuscation techniques or other functionality that messes with the decompiler. We saw several situations where that happened and so you still might want to look at the “BBL View” which we show next.
The BBL view shows a hierarchical graph layout of the method bytecode’s basic blocks. A navigation bar on the right side points to the class of the method and callees and callers in order to quickly jump to the interesting next views.