Skip to content

Day 1 ‐ Smali vs Java

Abhi edited this page Oct 9, 2024 · 4 revisions

Smali vs Java

The First Question which may come to your mind is:

  • If the Apps are made in Java then what is this smali, and why is it important ?

Well The answer to is quite simple:

  • Computers have limitations in understanding numerical values beyond the decimal system (base-10). To represent values greater than 9, they use hexadecimal values (a, b, c, d, etc.) and binary numbers (0s and 1s).
  • This implies that computers cannot fully comprehend our number system, and vice versa. We must learn their number systems to bridge this gap.
  • While we can learn how computers operate, it is impractical to expect computers to learn our number system.
  • Similarly, when we use Java to develop Android applications, the Android system needs to convert the Java code into a format it can understand, known as Smali. This conversion ensures that the Android system can interpret and execute the Java code properly.

Smali is important because it allows developers, reverse engineers and malware analysts to:

  • Reverse engineer Android applications
  • Modify Android applications
  • Create malicious applications
  • Identify malicious applications

What is Smali?

  • Smali is a low-level language that is similar to Java bytecode. It is designed to be easy to read and understand, and it can be used to create and modify Android applications. Smali is also used by malware authors to create malicious applications.
  • Stands for "assembler" in Icelandic.
  • Everything in it are similar to Java (from start import to methods, classes, etc.), only representation of those things are changed nothing else

What is Baksmali?

  • Stands for "disassembler" in Icelandic.
  • Also named after the village of Dalvik, as it is the opposite operation of assembling (Smali).

What is Dalvik Virtual Machine (DVM)?

  • The Dalvik Virtual Machine (DVM) is an android virtual machine optimized for mobile devices. It optimizes the virtual machine for memory, battery life and performance.
  • Named after the village of Dalvik in Iceland, where the Dalvik Virtual Machine was created. It was written by Dan Bornstein. Read More
  • The DVM is responsible to run Android applications. The DVM is responsible for executing the instructions contained in Smali code. When an Android application is installed on a device, the DVM converts the Smali code into a format that the device's processor can understand. This process is known as "dexing".

Connection to the Dalvik Virtual Machine with Smali

The DVM converts Smali code into a format that the device's processor can understand through the process known as "dexing".

Let's take an example and try to understand

Since everybody takes example of `Hello World!` in this field, let's go with that

  • In Java:

alt text

  • In Smali:

alt text

Now let's Understand this

Java Main Method

  • Line 1: In Java, you can simply write class HelloWorld {`{your code}`}
    However, in smali you must add a capital "L" before the class name, like .class public **L**HelloWorld {`{your code}`}.
    Note that there is '.' too just before 'class' defining, this is basic syntanx for each method/class/return defining in smali

The next line in smali: [Ljava.lang.Object; is the name for Object[].class and .super doing function like calling/storing of it

  • Line 2: .super Ljava/lang/Object;

declares that the current class extends the Java class Object.

When you create a new class in Java, it automatically extends the Java class Object. This means that your new class inherits all the methods and variables that are defined in the Object class.

A simple way to understand this concept is a family tree. In a family tree, everyone is related to each other. Similarly, in Java, all classes are related to the Object class.

For example, let's say you have a class called Car. The Car class inherits all the methods and variables that are defined in the Object class. This means that you can use methods like toString(), equals(), and hashCode() on any Car object.

Another way to think about it is that the Object class is the parent class of all other classes in Java. When you create a new class, you are essentially saying that your new class is a child of the Object class.

  • Parent Class: Vehicle
  • Child Class: Car

The Car class inherits all the properties and methods of the Vehicle class. This means that a Car object has all the same properties and methods as a Vehicle object, such as make, model, and year.

In the same way, all Java classes extend the Object class, which means that they inherit all the properties and methods of the Object class.

  • Line 4: .method public static main([Ljava/lang/String;)V

declares a public static method named main that takes an array of String objects as input and returns void.

In this case/example the main method is like the front door of your house. When someone wants to enter your house, they come through the front door. Similarly, when you run a Java program, the JVM enters your program through the main method.

Another way is to think of the main method as the starting point of a race. When a race begins, all the runners start at the same starting line. Similarly, when you run a Java program, the JVM starts executing your program at the main method.

  • Line 5: .registers 2

specifies that the method uses two registers. More information on Day 3 wiki

  • Line 7: sget-object v0, Ljava/lang/System;->out:Ljava/io/PrintStream;

retrieves the PrintStream object associated with the standard output stream and stores it in register v0.

  • Line 9: const-string v1, "Hello World!"

loads the string "Hello World!" into register v1.

  • Line 10: invoke-virtual {`{v0, v1}`}, Ljava/io/PrintStream;->println(Ljava/lang/String;)V

calls the println method on the PrintStream object in register v0, passing the string in register v1 as an argument. This prints the string "Hello World!" to the standard output stream.

  • Line 12: return-void

returns from the main method.

  • Line 13: .end method

marks the end of the method.

Clone this wiki locally