11 repositorios
Utilities for decompiling, disassembling, and analyzing Android binaries.
Explore 11 awesome GitHub repositories matching part of an awesome list · Android Static Analysis Tools. Refine with filters or upvote what's useful.
Jadx is a comprehensive Java decompilation suite designed to transform compiled binary application files into readable source code. It functions as a static analysis workbench, providing a graphical interface for navigating, searching, and inspecting the internal logic of complex software packages. By utilizing a bytecode-to-Java pipeline, the project reconstructs high-level logical structures from low-level binary instructions, making it a primary tool for Android application reverse engineering. The project distinguishes itself through a sophisticated control flow reconstruction engine and
Decompiler for producing Java source code from Dex and Apk files.
This project is a Java bytecode reverse engineering suite that functions as a disassembler, decompiler, and editor for Java class files and Android APK binaries. It provides tools to transform compiled bytecode into assembly instructions or readable source code. The toolset supports Android APK analysis and Java binary patching, allowing for the modification of source code or bytecode and subsequent recompilation into functional binaries. It includes capabilities for removing Java obfuscation and performing malware analysis through the detection of malicious code patterns. The system incorpo
Lightweight Java bytecode viewer and analysis tool.
Este proyecto es una suite integral de ingeniería inversa para Android que funciona como descompilador, desofuscador de bytecode y herramienta de análisis de malware. Está diseñado para convertir binarios APK, DEX y OAT en código fuente legible por humanos utilizando una implementación nativa que no requiere una Máquina Virtual Java. La plataforma destaca por su integración con Frida para el análisis dinámico, permitiendo a los usuarios enganchar métodos, inyectar JavaScript personalizado y volcar la memoria del dispositivo en tiempo real. También cuenta con motores de seguridad especializados, incluyendo un motor de propagación de contaminación (taint propagation) y una máquina de estados de pila, para detectar fugas de privacidad, comportamientos maliciosos y vulnerabilidades de seguridad. La suite cubre una amplia gama de capacidades analíticas, incluyendo el parcheo y reempaquetado de binarios, mapeo de dependencias de referencias cruzadas y análisis de flujo de datos. Proporciona herramientas para la identificación de empaquetadores de software, decodificación de cadenas cifradas y búsqueda global de metadatos a través de los recursos de la aplicación. La herramienta proporciona una interfaz de línea de comandos y admite la automatización del análisis mediante scripts personalizados en Python o Java.
High-performance Dalvik bytecode decompiler implemented in C++.
Simplify es un sandbox de máquina virtual de Android, trazador de ejecución de bytecode y framework de análisis estático. Sirve como un desofuscador de bytecode Dalvik diseñado para recuperar código legible a partir de binarios mediante la simulación del comportamiento del programa sin necesidad de un dispositivo físico. El proyecto se distingue por utilizar análisis de grafos de ejecución para resolver llamadas de reflexión y simplificar código ofuscado mediante propagación de constantes y eliminación de código muerto. Emplea simulación de ejecución multipath para rastrear todos los posibles resultados de ramas condicionales y mapea el flujo de instrucciones para identificar valores constantes. El sistema cubre una amplia gama de capacidades de análisis, incluyendo el rastreo de propagación de excepciones, categorización de efectos secundarios de métodos y simulación de llamadas a la API de Java. También proporciona mecanismos para interceptar ejecuciones de métodos mediante hooks personalizados para monitorear o anular estados de la máquina virtual.
Tool for de-obfuscating Android packages into dex files.
SpotBugs is a static analysis tool and bytecode analyzer for Java applications. It scans compiled class files to identify bugs, security vulnerabilities, and performance issues without executing the code. The system functions as both a bug detector and a static application security testing tool to locate logical errors and API misuse. The project distinguishes itself through a plugin-based detector architecture that allows the integration of external libraries to add custom detection rules. It provides specialized security auditing for vulnerabilities such as SQL injection, cross-site scripti
Static analysis tool for identifying bugs in Java code.
Apkstudio is a reverse engineering integrated development environment designed for decompiling, modifying, and recompiling Android application packages. It provides a specialized suite for transforming binary files into readable source code and bundling them back into installable application archives. The project features a framework integration system that imports manufacturer-specific files to ensure accurate decompilation of vendor-modified applications. It includes a dedicated editor for Smali, Java, and XML files with syntax highlighting, as well as a hex editor for the direct modificati
Qt-based IDE for reverse-engineering Android application packages.
Tool to look for several security related Android application vulnerabilities
Scanner for security vulnerabilities in Android source code or APKs.
Android Backup Extractor is a software utility designed to manipulate and transform backup files created via the Android Debug Bridge. It functions as a decryptor and repacker that converts these backups into readable formats for manual data extraction. The tool enables the decryption of protected backup archives using a known password, allowing for the recovery of mobile application data. It also provides the capability to compress directories back into backup archives that are compatible with specific legacy device versions for restoration. The project covers archive conversion, extraction
Utility for extracting and repacking Android backup files.
Secure, Unified, Powerful and Extensible Rust Android Analyzer
Command-line analyzer for detecting vulnerabilities in APK files.
Script for extracting source annotations from smali files.