Views

The UI has several different views on the available application components like packages, classes and the methods’ code itself. We will walk through the individual views here. explain the purpose / functionality of it and the thought process of us when putting them together.

Before going into the details of individual views let’s take a look at our “Analysis View”.

../_images/analysis.png

Hopefully the controls are somewhat intuitive. This page contains the front-end logic of Dexter and it’s subviews are opened as tabulated containers within the content area. Thus, if you refresh the page in your browser, your opened “tabs” within the page will be lost - and it will take you back to the currently active tab (“General” will always be opened additionally).

So make sure you add regular browser bookmarks or our internal notes feature to keep track of interesting views!

General Information

The first view that is shown when opening an analyzed application is the General Information view. It shows an overview of the app and lists extracted details like permissions used and activities (an activity is an Android framework building block that represents a view in an application).

../_images/general_information.png

This view gives a rough overview about the app’s contents and the activities and services provide a good starting point for taking a closer look at the code.

Package Dependency Graph

The package dependency graph serves as an overview about the Java packages used within the APK. Dexter tracks the usage of classes and is thus able to tell which packages make use of which other ones and represent the result as a graph.

../_images/packagedeps.png

From this view you can dive into the actual classes and methods contained in these packages. The respective views are called “Class List” and “Method List” and we will cover them next.

Class List

A class list basically shows the classes of one or multiple packages. This includes names, tags and two buttons: “Details” and “Class Diagram”.

../_images/classlist.png

The details button will expand the class row and show more information on the class itself and links to its methods and for example its superclass.

../_images/classlist_detail.png

Before having a look at class diagrams we will first show the method list for the sake of completeness.

Method List

The method list is similar to the class list - but showing the methods of one or multiple classes. In the details of listed methods, one can find again more information but also cross-references to callers and callees.

../_images/methodlist.png

Class Diagram

Another view on classes is the class diagram. This is a graphical representation of class hierarchies, including superclasses and implemented interfaces.

The nodes in the graph contain a list of contained methods in the respective class / interface. Methods that actually are implemented in the APK (not external) have a link to their implementation view, which is called “BBL View” or “BBL Graph” (basic block view).

../_images/classdiagram.png

We can see in the screenshot that the class CursorLoader subclasses AsyncTaskLoader, which in turn subclasses Loader. A lot of methods and attributes / fields are defined in these classes and one could now follow the links to the actual bytecode of their implementation.

Before looking at decompilation of classes and the BBL view, the next screenshot shows a tagged and commented class and the dialog for adding a tag to it.

../_images/tagscomments.png

The tags and comments we see here are actually added by our autotagging process which is a part of the import functionality in Dexter.

Decompiled Class

In the class diagram you can find the button “Decompile”, both in the tab’s navigation bar and next to the class node in the graph area.

Following it will fire up the Java decompiler “jad” on the server and run it on the .class file to show the results in the frontend. We are in the process of putting together a custom decompiler because we also want to be able to show individual methods in a decompiled form and make them use the internal renamed components rather then the APKs orginial names.

../_images/decompiler.png

This looks very readable indeed, but might be misleading if the APK employs obfuscation techniques or other functionality that messes with the decompiler. We saw several situations where that happened and so you still might want to look at the “BBL View” which we show next.

BBL View

The BBL view shows a hierarchical graph layout of the method bytecode’s basic blocks. A navigation bar on the right side points to the class of the method and callees and callers in order to quickly jump to the interesting next views.

../_images/bblview.png

Table Of Contents

Previous topic

Comments / Tags

Next topic

General Questions

This Page