The virtual machine for running the majority of userland applications within Google's Android machine is called "Dalvik". It is a natural successor of the Java VM, improving design and footprint for mobile application scenarios, by avoiding the overhead of Java ME.Although Google chose to use the java toolchain to generate applications, they designed a new compiled representation of the compiled applications, compared to java with different stack semantics and a denser instruction set (imho, java done right:)).For reverse engineering until now you could either learn Dalvik bytecode or bribe the original author to give you access to the source code. Both approaches do not deliver fast and readable results, so our "undx" (dx is the java-to-dalvik compiler) provides reverse engineers and software auditors, as well as virus checking software a reliable technique to process dalvik code by translating those back to Java classes, which opens the opportunity to re-use established tools and techniques from the java world for analysis.Our entire code was created without code knowledge of any Dalvik code internals. For our purpose we solely studied the output of the binary "dexdump" tool and used a decent hex editor to discover helpful structures within the binary.We will present the following: