SmaliDebugging

Instructions on how to run debugger for decoded apk.
Featured

Updated Sep 2, 2010 by Brut.alll

Overview

Apktool makes possible to debug smali code step by step, watch variables, set breakpoints, etc.

General informations

Generally we need several things to run Java debugging session:

debugger server (usually Java VM)
debugger client (usually IDE)
client must have sources of debugged application
server must have binaries compiled with debugging symbols referencing these sources
sources must be java files with at least package and class definitions, to properly connect them with debugging symbols

In our particular situation we have:

server: DDMS, part of Android SDK, standard for debugging Android applications - explained here: http://developer.android.com/guide/developing/tools/ddms.html
client: any JPDA client - most of decent IDEs have support for this protocol.
sources: smali code modified by apktool to satisfy above requirements (".java" extension, class declaration, etc.). Apktool modifies them when decoding apk in debug mode.
binaries: when building apk in debug mode, apktool removes original symbols and adds new, which are referencing smali code (line numbers, registers/variables, etc.)

To successfully run debugging session apk must be both decoded and built in debug mode.

Specific instructions

Above informations are enough to debug smali code using apktool, but if you aren't familiar with DDMS and Java debugging, then you probably still don't know, how to do it. Below are simple instructions for doing it using Netbeans.

Decode apk in debug mode: $ apktool d -d app.apk out
Build new apk in debug mode: $ apktool b -d out
Sign, install and run new apk.
In Netbeans add new Java Project with Existing Sources, select "out" directory as project root and "smali" subdirectory as sources dir.
Run DDMS, find your application on a list and click it. Note port information in last column - it should be something like "86xx / 8700".
In Netbeans: Debug -> Attach Debugger -> select JPDA and set Port to 8700 (or whatever you saw in previous step). Rest of fields should be ok, click "Ok".
Debugging session should start: you will see some info in a log and debugging buttons will show up in top panel.
Set breakpoint. You must select line with some instruction, you can't set breakpoint on lines starting with ".", ":" or "#".
Trigger some action in application. If you run at breakpoint, then thread should stop and you will be able to debug step by step, watch variables, etc.

You could also watch this video:

http://www.youtube.com/watch?v=P_Zyf7jFbx4

But note that this is about something else, even if it is similar.

I tried to use Eclipse, but seems it forbids to add breakpoint on uknown (commented out) line :-/ I workarounded this and added breakpoint, then I was able to debug normally, but you should treat apktool debuging as unworkable on Eclipse - at least until someone will find some solution.

Limitations/Issues

Because IDE doesn't have full sources, it doesn't know about classes members and such. Variables watching works because most of data could be read from memory (objects in Java know about their types), but if, for example, you will watch object and it will have some nulled member, then you won't see, what type is this member.

Comment by noth...@gmail.com, May 26, 2010

You've done a great program!

Many thanks!

Comment by liqin...@gmail.com, Jul 14, 2010

great

Comment by tslater2...@gmail.com, Aug 12, 2010

seems the newest netbeans doesn't let you set BP's on commented code :( but older ones do... nice job

Comment by feixion...@gmail.com, Sep 26, 2010

cool!! thanks

Comment by tijsXDm...@gmail.com, Oct 3, 2010

woow, cool! thank you whaha i think i am going to win a bet.. :D

Comment by harlac...@gmail.com, Dec 7, 2010

Fantastic work, thank you very much. I don't use netbeans but I think i will start.

Comment by mball...@gmail.com, Jan 7, 2011

Just got it working, tis feckin superdelicious!! :D

Comment by vampi...@gmail.com, Jan 13, 2011

As most major IDEs don't allow to set BPs in Whitespace or comments (also IntelliJ IDEA which I use does not allow), I have a suggestion for this that works with IDEA and probably with all IDEs but in IDEA I've tested. Don't make the smali code a block comment, but make it line-comments preceded by a single semicolon. The single semicolon is seen by the IDE and compiler as empty instruction (NOP) and you can set a BP there, at least in IntelliJ IDEA this works even if not inside a method, like it is currently in the files "apktool d -d" produces currently. The "apktool b -d" then has to simply remove the ";//" parts in the beginning of the line like how it probably currently removes the class declaration and block comment before smaliing the code again.

Comment by kr105.ru...@gmail.com, Mar 3, 2011

I agree with vampi, on Netbeans we can't place a BP at all because the entire file is comented.

Comment by pxb1...@gmail.com, Mar 20, 2011

great!

Comment by Hazn...@gmail.com, Jul 18, 2011

Hi All, I am new to Smali debugging. I follow the instructions given apktool google code page. However While I am trying to connect the netbeans "attach debugger" to the port 8700, I just get the "connection refused" status and not able to debug. Any Help?

Comment by Joshua.P...@gmail.com, Jul 20, 2011

Hazn...@gmail.com

Did you find the solution your problem? I am having the same issue.

Comment by clopo...@mail333.com, Sep 27, 2011

Anybody can help with implementing SmaliDebugging?

I tried Eclipse and NetBeans? of different versions and still cannot set a BP in Smali code. What IDE is suitable better? Which version?

Preferably for Windows or Linux. Thanks.

Comment by dodsi...@gmail.com, Oct 25, 2011

The newst Netbeans will not allow you to set a breakpoint upon comment code. However, there is a workaround to this.

In Netbeans, press CTRL+SHIFT+F8, Set Breakpoint Type to: Line Type in the line you want(will default to selected line).

Press ok. You are now ready to debug :)

Personally I am trying inject the Java code like in the video, but am confused as different SMALI is being generated. A workaround is writing you Java code in another project, decompiling it, and copying Smali from there into the app you are trying to modify. Inefficient, but hey, that's the best we got.

Comment by zl1...@gmail.com, Nov 12, 2011

i decode apk as video say ,but code is not like video.first the decode commond is not can use "apktool dj ......",second :when i use commond"apktool d -d ....."code is not like video.somebody help me

Comment by CalpeCon...@gmail.com, Nov 13, 2011

@Hazn...@gmail.com, Jul 18, 2011 @Joshua.P...@gmail.com, Jul 20, 2011

Regarding "connection refused" when trying to attach debugger in Netbeans.

Make sure you change the hostname from the default which is your machine name to 127.0.0.1 (which is the localhost) instead.

Comment by irvanfauzie, Nov 16, 2011

great,. ty

Comment by andma...@gmail.com, Jan 22, 2012

Is it possible to debug smali code at all now (with versions apktool without dj key)? I put breakpoints in .smali files (through Ctrl+F8, by mouse it is not possible), the dubugger attaches successfully, but breakpoints do not works. Where is I can find version with dj key? Thanks.

Comment by le37h4...@gmail.com, Feb 1, 2012

I believe the problem is that NetBeans? won't put breakpoints in files that don't end with .java anymore. You could try simply renaming the .smali files OR figure out how to make NetBeans? work with non .java terminated files.

Comment by sartom...@gmail.com, Feb 27, 2012

@zl1...@gmail.com Did you find a solution? I'm in the same situation and I can't debug Smali code!

Comment by dimch...@gmail.com, Mar 22, 2012

hello, used apktool d -d ..., but i can not find src forlder under the project, and all files are smali, not java.. help me

Comment by kute...@gmail.com, Apr 17, 2012

help me too... with last version and "apktool d -d" command no fake java classes generated. Only .smali

► Sign in to add a comment