search

android-malware-ml-book / book-content

Real Android malware apps discussed in the book
37 stars 7 forks source link

Bad_checksum for xn3o.dex #1

Closed Duntss closed 8 months ago

Duntss commented 9 months ago

Hello, I am encountering an issue while attempting to load xn3o.dex in jadx-gui. The following error is displayed :

ERROR: File open error: C:\Users\user\Desktop\xn3o.dex
jadx.plugins.input.dex.DexException: Bad checksum: 0x94f7c681, expected: 0x48d40008
    at jadx.plugins.input.dex.utils.DexCheckSum.verify(DexCheckSum.java:22)
    at jadx.plugins.input.dex.DexFileLoader.loadDexReader(DexFileLoader.java:82)
    at jadx.plugins.input.dex.DexFileLoader.load(DexFileLoader.java:67)
    at jadx.plugins.input.dex.DexFileLoader.loadDexFromFile(DexFileLoader.java:50)
    at java.base/java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:197)
    at java.base/java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:197)
    at java.base/java.util.ArrayList$ArrayListSpliterator.forEachRemaining(ArrayList.java:1625)
    at java.base/java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:509)
    at java.base/java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:499)
    at java.base/java.util.stream.ReduceOps$ReduceOp.evaluateSequential(ReduceOps.java:921)
    at java.base/java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234)
    at java.base/java.util.stream.ReferencePipeline.collect(ReferencePipeline.java:682)
    at jadx.plugins.input.dex.DexFileLoader.collectDexFiles(DexFileLoader.java:45)
    at jadx.plugins.input.dex.DexInputPlugin.loadFiles(DexInputPlugin.java:37)
    at jadx.plugins.input.dex.DexInputPlugin.loadFiles(DexInputPlugin.java:33)
    at jadx.api.JadxDecompiler.loadInputFiles(JadxDecompiler.java:128)
    at jadx.api.JadxDecompiler.load(JadxDecompiler.java:112)
    at jadx.gui.JadxWrapper.open(JadxWrapper.java:65)
    at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1144)
    at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:642)
    at java.base/java.lang.Thread.run(Thread.java:1623)

It appears that the .dex file is corrupt. I have attempted to run it both in a virtual machine (VM) and on my PC, unfortunately with no success. Additionally, I have tried using multiple versions of jadx, but the issue persists.

sporst commented 8 months ago

Thank you for reporting the issue! Yeah, it seems like you're right about that. It's not clear to me immediately what happened here because I thought I took the file from dynamic analysis.

One thing that worked for me was to turn the file into a JAR file with https://github.com/pxb1988/dex2jar -- at least the static tools can then load it.

Duntss commented 8 months ago

Yes, it works perfectly. Thanks.