Radare2 Android DEX Strings Analyzer

A powerful Python script that uses radare2 to analyze Android DEX files and extract all strings with their hex memory addresses. Perfect for Android app reverse engineering, malware analysis, and DEX file inspection.

📁 Table of Contents

• Features
• Author
• Prerequisites
• Installation
• Usage
• Output Structure
• Examples
• Use Cases
• Troubleshooting
• Contributing
• License
• Contact

✨ Features

• 🔍 Analyzes multiple DEX files simultaneously
• 📍 Extracts strings with hex memory addresses
• 📄 Generates both text and JSON outputs
• 📊 Creates detailed analysis logs
• 🎯 Removes duplicate strings automatically
• 🚀 Fast batch processing
• 🏷️ Includes string type metadata (class names, string table, etc.)
• 💾 Organized output structure

👨‍💻 Author

Riyad Mondol

• 📱 Telegram: https://t.me/reversesio
• 🌐 Website: http://reversesio.com/ | http://reversesio.shop/
• 📧 Email: riyadmondol2006@gmail.com
• 💼 Project Opportunities: https://t.me/riyadmondol2006
• 📽️ YouTube: https://www.youtube.com/@reversesio

🔧 Prerequisites

• Python 3.6 or higher
• Radare2 installed and available in PATH

Installing Radare2

Linux:

git clone https://github.com/radareorg/radare2
cd radare2
sys/install.sh

macOS:

brew install radare2

Windows:

Download the installer from radare2 GitHub releases

📥 Installation

1. Clone this repository:

git clone https://github.com/riyadmondol2006/radare2-dex-strings-analyzer.git
cd radare2-dex-strings-analyzer

2. Make the script executable (Linux/macOS):

chmod +x RadareDexStringsAnalyzer.py

🚀 Usage

Basic Usage

Run the script in the directory containing DEX files:

python3 RadareDexStringsAnalyzer.py

Analyze Specific Directory

python3 RadareDexStringsAnalyzer.py /path/to/dex/files

📂 Output Structure

The script creates a dex_string_analysis directory with the following structure:

dex_string_analysis/
├── classes_dex_strings.txt               # Individual file results
├── classes2_dex_strings.txt
├── classes3_dex_strings.txt
├── ...
├── all_dex_strings_YYYYMMDD_HHMMSS.json  # All results in JSON format
└── dex_string_analysis_log_YYYYMMDD_HHMMSS.txt  # Processing log

Output Format

Each string entry contains:

• HEX ID: Memory address of the string
• SIZE: String size in bytes
• STRING: The actual string content
• TYPE: String type (class, string_table, etc.)

📋 Examples

Text Output Example:

File: classes.dex
Total strings: 3456
Timestamp: 2024-04-20 12:34:56
----------------------------------------------------------------------

HEX ID: 0x00003214
SIZE: 32
STRING: com.example.app.MainActivity
TYPE: class
--------------------------------------------------
HEX ID: 0x00003345
SIZE: 45
STRING: android.permission.INTERNET
TYPE: string_table