11 Repos
Techniques for analyzing and extracting code from Android applications, specifically focusing on bypassing obfuscation.
Distinct from Android App Execution: The candidates were focused on app execution and containers, not the act of reverse engineering for analysis.
Explore 11 awesome GitHub repositories matching security & cryptography · Android Application Reverse Engineering. Refine with filters or upvote what's useful.
Smali is a two-way binary translation toolset designed to convert Dalvik bytecode to human-readable assembly and back again. It provides a mechanism for the disassembly and assembly of executable files used in virtual machine environments. The project enables the modification of compiled Android application logic by transforming binary files into editable assembly and rebuilding them. It is used for reverse engineering, malware analysis, and the study of low-level instructions to identify program behavior or security flaws. The toolkit covers binary construction through smali code assembly a
Converts Dalvik bytecode into readable assembly to analyze the internal functioning of Android applications.
Reverse engineering and pentesting for Android applications
Analyzes Android APK and DEX files to understand app behavior and inspect bytecode.
Hooker ist ein Toolkit für die dynamische Instrumentierung, Speicheranalyse und Deobfuskierung von Android-Anwendungen. Es fungiert als Reverse-Engineering-Framework, das Frida verwendet, um Skripte in laufende Prozesse zu injizieren, native Aufrufe zu überwachen und ausführbare DEX-Dateien zu extrahieren. Das Projekt bietet spezialisierte Dienstprogramme zur Umgehung von Sicherheitskontrollen, einschließlich Tools zum Deaktivieren der SSL-Zertifikatsvalidierung und des BoringSSL-Pinnings, um die Abfangung von HTTPS-Verkehr zu ermöglichen. Es enthält Funktionen zur Erkennung von Application-Packing, zum Extrahieren kryptografischer Schlüssel durch Hooking von Verschlüsselungsalgorithmen sowie zur Umgehung von Root- oder Debugging-Umgebungsprüfungen. Das Framework deckt ein breites Spektrum an Analysefunktionen ab, darunter Speicherscanning zur Erkennung aktiver Komponenten, SOCKS5-Proxy-Konfiguration für das Routing von Netzwerkverkehr und UI-Interaktionsanalyse. Es unterstützt zudem das Sammeln von Geräte-Fingerprints und das Debugging eingebetteter WebViews.
Analyzes Android applications using Frida to inspect internal functions, map memory, and trace native calls.
apk-mitm is a command-line utility designed to modify Android APK files to enable HTTPS traffic inspection via a proxy. It functions as a network security patcher and certificate pinning bypass tool, automating the process of altering application packages to allow man-in-the-middle traffic analysis. The tool modifies compiled Android packages by unpacking them, altering internal files, and re-encoding the binary. It specifically focuses on disabling certificate pinning and injecting network security configurations into the application manifest, which permits the use of proxy certificates on b
Analyzes and modifies APK files to change application behavior and inspect internal configurations.
This project is a comprehensive Android reverse engineering suite that functions as a decompiler, bytecode deobfuscator, and malware analysis tool. It is designed to convert APK, DEX, and OAT binaries into human-readable source code using a native implementation that does not require a Java Virtual Machine. The platform is distinguished by its integration with Frida for dynamic analysis, allowing users to hook methods, inject custom JavaScript, and dump device memory in real time. It also features specialized security engines, including a taint propagation engine and a stack-state machine, to
Provides a comprehensive platform for analyzing Dalvik bytecode, patching binaries, and mapping execution paths.
Simplify ist eine Android-VM-Sandbox, ein Bytecode-Execution-Tracer und ein Framework für statische Analysen. Es dient als Dalvik-Bytecode-Deobfuscator, der entwickelt wurde, um lesbaren Code aus Binärdateien wiederherzustellen, indem das Programmverhalten ohne physisches Gerät simuliert wird. Das Projekt zeichnet sich durch die Verwendung von Execution-Graph-Analysen aus, um Reflection-Aufrufe aufzulösen und verschleierten Code durch Konstanten-Propagierung und das Entfernen von totem Code zu vereinfachen. Es nutzt Multi-Path-Ausführungssimulation, um alle möglichen bedingten Verzweigungsergebnisse zu verfolgen und den Befehlsfluss abzubilden, um konstante Werte zu identifizieren. Das System deckt ein breites Spektrum an Analysefunktionen ab, einschließlich der Verfolgung von Exception-Propagierungen, der Kategorisierung von Methoden-Seiteneffekten und der Simulation von Java-API-Aufrufen. Es bietet zudem Mechanismen zum Abfangen von Methodenausführungen über benutzerdefinierte Hooks, um den Zustand der virtuellen Maschine zu überwachen oder zu überschreiben.
Analyzes the structure and flow of Android applications by resolving reflected calls and mapping execution paths.
frida-dexdump is an Android memory forensics tool that recovers Dalvik Executable (DEX) files from running application processes using the Frida dynamic instrumentation framework. It functions as a Frida-based runtime analyzer and DEX memory dumper, capable of extracting obfuscated or packed DEX files without modifying the Android system. The tool distinguishes itself through its ability to repair corrupted or missing DEX file headers using heuristic analysis and fuzzy matching techniques. It employs fuzzy boundary detection to identify DEX file boundaries in memory even when headers are dama
Recovering obfuscated or packed DEX files from running Android applications for security analysis and reverse engineering.
APKLab is an integrated security analysis platform and reverse engineering IDE for Android applications. It provides a unified environment for decompiling binaries into source code, repackaging modified applications into signed installers, and performing comprehensive security analysis. The platform distinguishes itself by combining static and dynamic analysis workflows. It enables the injection of runtime hooks and gadget libraries to monitor application behavior, while providing specialized patching capabilities to intercept and decrypt encrypted network traffic via a proxy. The toolkit co
Analyzes and extracts code from Android applications to recover internal logic and find vulnerabilities.
apk.sh is a mobile application patching framework and reverse engineering tool designed to inject custom instrumentation and logic into compiled Android binaries. It serves as a workflow manager for modifying application packages without requiring access to the original source code. The toolkit focuses on automating the process of injecting the Frida gadget into Android packages, enabling dynamic analysis and function hooking on non-rooted devices. It handles the end-to-end lifecycle of deconstructing, modifying, and resigning binaries to facilitate security research, malware analysis, and be
Facilitates the analysis and extraction of code from Android applications to understand internal logic without source code.
Apkstudio is a reverse engineering integrated development environment designed for decompiling, modifying, and recompiling Android application packages. It provides a specialized suite for transforming binary files into readable source code and bundling them back into installable application archives. The project features a framework integration system that imports manufacturer-specific files to ensure accurate decompilation of vendor-modified applications. It includes a dedicated editor for Smali, Java, and XML files with syntax highlighting, as well as a hex editor for the direct modificati
Provides tools for decompiling and analyzing Android application packages to understand their internal logic.
This project is an Android security analysis toolkit and mobile app runtime manipulator designed for reverse engineering and auditing mobile applications. It provides a system for modifying Java classes and method behavior in active mobile processes to bypass security controls. The toolkit includes a web-based interface for controlling the instrumentation engine and a specialized utility for disabling certificate validation to intercept and inspect encrypted network traffic via SSL pinning bypass. It also features an Android file explorer for browsing and managing files within private data di
A comprehensive toolkit for reverse engineering and auditing Android applications using runtime hooking.