aeondave/dex2jar
offensive-tools/rev/dex2jar/SKILL.md
Auth/lab ref: Android DEX-to-JAR conversion toolkit for feeding Java bytecode into desktop decompilers and analysis tools.
$ install --global
skillsauthnpx skillsauth add aeondave/malskill dex2jarInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Jun 8, 2026, 4:04 AM305.7s1 file scanned
SKILL.md
- name:
- dex2jar
- description:
- Auth/lab ref: Android DEX-to-JAR conversion toolkit for feeding Java bytecode into desktop decompilers and analysis tools.
- compatibility:
- Linux, macOS, Windows; Java runtime required; shell and batch launchers included.
- author:
- AeonDave
- version:
- 1.0
dex2jar
Bridges Android DEX artifacts into traditional Java tooling.
When to use dex2jar
Use dex2jar when you need to:
- convert
.dexor.apkinput into.jaroutput for JVM tools - compare decompiler results across different Java-oriented pipelines
- inspect bytecode with tooling that expects
.classfiles instead of Dalvik directly
Quick Start
# Convert a DEX file
d2j-dex2jar.sh classes.dex
# Convert an APK directly
d2j-dex2jar.sh app.apk
# Windows launcher equivalent
d2j-dex2jar.bat app.apk
Practical Workflow
- Use
apktool,jadx, orandroguardfirst for broad APK triage. - Run dex2jar when you specifically want a JVM-style jar/class workflow.
- Open the resulting JAR in CFR, JD-GUI, Bytecode Viewer, or custom Java analysis scripts.
Practical Notes
- dex2jar is most useful as a compatibility bridge, not as the only Android reversing tool.
- Keep
jadxnearby; its direct APK/DEX support is often better for large manual review. - When multiple
classes*.dexfiles exist, convert each or start from the full APK.
Caveats
- Complex apps, obfuscation, or unusual bytecode can convert imperfectly.
- Output is only as useful as the downstream Java decompiler you feed it into.
- Prefer current launcher names from the packaged toolset instead of old blog-post aliases.
Resources
No bundled scripts/, references/, or assets/.
Use the upstream dex2jar project docs for exact launcher names and auxiliary conversion helpers.
Related Skills
aeondave/vibe-audit-technique
development
VerifiedTrustedCommunity
White-box auditing methodology for AI-generated ('vibe-coded') applications. Focuses on modern stack misconfigurations (Supabase, Next.js, Vercel).
4SKILL.mdUpdated Jun 12, 2026
aeondave/source-review-technique
development
VerifiedTrustedCommunity
Hybrid AI/Deterministic SAST methodology for discovering zero-day vulnerabilities in source code. Orchestrates structural search with AI-driven data flow and sink validation.
4SKILL.mdUpdated Jun 12, 2026
aeondave/hardware-technique
development
VerifiedTrustedCommunity
Auth assessment: hardware/embedded methodology; UART/JTAG/SWD/SPI/I2C, firmware extraction, boot/debug paths, embedded OS evidence.
4SKILL.mdUpdated Jun 12, 2026
aeondave/container-technique
devops
VerifiedTrustedCommunity
Container methodology: Identifying containerization limits, Docker/K8s misconfigurations, and executing escapes to the host node.
4SKILL.mdUpdated Jun 12, 2026