clsdumper — Android Dynamic Class Dumper (dump all DEX files...

[carlospolop]

🤖 Automated Content Update

This PR was automatically generated by the HackTricks News Bot based on a technical blog post.

📝 Source Information

• Blog URL: https://github.com/TheQmaks/clsdumper
• Blog Title: clsdumper — Android Dynamic Class Dumper (dump all DEX files from running Android apps using Frida)
• Suggested Section: Mobile Pentesting -> Android Applications Pentesting -> Frida Tutorial (or a new subsection: "Dynamic DEX Dumping / Unpacking (Frida)" and cross-link from "Manual DeObfuscation" / "Reversing Native Libraries")

🎯 Content Summary

What it is: clsdumper is an Android dynamic DEX/class dumping tool that uses Frida to hook a running (attach) or freshly started (spawn) app process and extract every DEX it can find using 9 complementary extraction strategies. It is designed for hard targets: anti-Frida protections, packed/encrypted DEX, and dynamical...

🔧 Technical Details

Anti-instrumentation bypass via libc/libpthread hooks: To reduce anti-Frida detection, hook sigaction/signal to block apps from registering signal handlers used for anti-debug/tamper reactions, intercept and sanitize /proc/self/maps by serving a filtered version using memfd_create, and monitor pthread_create to identify/neutralize watchdog threads that periodically detect hooks/debuggers and kill the process.

ART-native loaded-DEX discovery: When Java APIs are unreliable (or the Java bridge breaks), enumerate DEX already loaded by walking ART internals (Runtime -> ClassLinker -> DexFile). This approach recovers DEX that exist only as runtime objects and may not be visible via standard Java-level enumeration.

Hooking DEX introduction points: Capture DEX as it enters the runtime by hooking native load/creation paths such as 🤖 Agent Actions

Summary:

• Added a new “Dynamic DEX dumping / unpacking with clsdumper” section to the Frida tutorial, detailing install/usage, anti-Frida bypass steps, multi-strategy DEX discovery coverage, output structure, and performance tips.
• Documented key clsdumper options, anti-instrumentation hooks, default strategy set, and class extraction workflow for hardened Android apps.
• Updated references to include the clsdumper project link.

Tests:

• Not run (documentation change only).

---

This PR was automatically created by the HackTricks Feed Bot. Please review the changes carefully before merging.

[carlospolop]

🔗 Additional Context

Original Blog Post: https://github.com/TheQmaks/clsdumper

Content Categories: Based on the analysis, this content was categorized under "Mobile Pentesting -> Android Applications Pentesting -> Frida Tutorial (or a new subsection: "Dynamic DEX Dumping / Unpacking (Frida)" and cross-link from "Manual DeObfuscation" / "Reversing Native Libraries")".

Repository Maintenance:

• MD Files Formatting: 944 files processed

Review Notes:

• This content was automatically processed and may require human review for accuracy
• Check that the placement within the repository structure is appropriate
• Verify that all technical details are correct and up-to-date
• All .md files have been checked for proper formatting (headers, includes, etc.)

Bot Version: HackTricks News Bot v1.0