GDA Professional 4.0

GDA, a dalvik bytecode decompiler, is implemented in C++ to provide self-independent, fast and convenient decompilation support. It supports APK, DEX, ODEX, OAT,JAR,CLASS,AAR files, and worked without installation and Java VM support. In addition, GDA is also a powerful and fast reverse analysis platform. It supports not only routine analysis operations, but also malicious behavior detection, URL extraction, packer identification, variable tracking analysis, deobfuscation, Python& Java scripts, device

Contributions
✓ The only Android decompiler implemented by C++ in the world;
✓ The first davilk bytecode decompiler;
✓ The first Android decompiler to do static malicious behavior, privacy leaking and vulnerability detection;
✓ The first decompiler to do refinement path solving;
✓ The smallest size, lowest memory consuming and fastest Android decompiler;

✓ The first malicious behavior detection engine based on decompiler and API chain.
✓ The first static vulnerability scanning engine based on stack state machine and dynamic rule interpreter (much faster than other static vulnerability scanner);
✓ The first static taint propagation analysis engine based on low-level intermediate representation (much faster than other static vulnerability scanning engines);
✓ The creative tunnel interface technology breaks through the limitation that it must rely on DLL/so when providing script interface for Python/Java;
✓ The context-free source and tracing of variables and registers realized by creative simulation tracking algorithm;
✓ The creative path solving algorithm based on low-level intermediate representation.

GDA Features
 The self independent native decompiler implemented by C&C++ works without installing java and android sdk
 Effectively bypass bytecode traps, type obfuscation, structural obfuscation, anti-disassembling and anti-decompressing technologies
 Support the decompilation of dex, odex, apk, oat, jar, class, aar files
 Support multi-dex decompilation, and adopt dex virtual fusion technology to make decompilation faster
 Cross-references and searching for strings, classes, methods and fields(3 modes: exact matching, fuzzy matching, and regular matching)
 Support class, method, field renaming and smart renaming of local vars, support java code annotation
 Extracting dex from odex and oat, support the byte code editing and automatic verification of dex files
 Device memory dump(Dump so, odex, dex, oat file) for unpacking dex, and support any valid memory data extraction
 Algorithm tool, support serial encryption and decryption,support most of popular algorithms and HASH algorithms
 Support python script and Java script,using tunnel interface technology to achieve automatic analysis scripts
 De-obfuscation, Packers Recognition
 Malicious Behavior detection and discovery based on GDA decompile kernel and suspicious APIs chains
 context independent variable and register tracing and traceability analysis based on analog tracing algorithm
 Vulnerability scanning based on stack-state machine and dynamic rule interpreter, built-in 50+ types of vulnerability rules, support custom rules
 Static stain propagation analysis based on low-level intermediate representation to achieve global privacy leak detection
 Refined program path solving algorithm based on low-level intermediate representation
 APK Full File Forensics Analysis Support
 Support global sensitive information extraction, more than 40 built-in rules, including api key, token, SID and others rules
 Support URI depth extraction