30 open-source projects similar to charles2gan/gda-android-reversing-tool, ranked by how many features they have in common. Compare stars, activity and what each one does to find the best GDA Android Reversing Tool alternative.
Reverse engineering and pentesting for Android applications
Simplify is an Android virtual machine sandbox, bytecode execution tracer, and static analysis framework. It serves as a Dalvik bytecode deobfuscator designed to recover readable code from binaries by simulating program behavior without a physical device. The project distinguishes itself by using execution graph analysis to resolve reflection calls and simplify obfuscated code through constant propagation and dead code removal. It employs multi-path execution simulation to track all possible conditional branch outcomes and maps instruction flow to identify constant values. The system covers
Hooker is a toolkit for the dynamic instrumentation, memory analysis, and deobfuscation of Android applications. It functions as a reverse engineering framework that uses Frida to inject scripts into running processes, monitor native calls, and extract executable DEX files. The project provides specialized utilities for bypassing security controls, including tools to disable SSL certificate validation and BoringSSL pinning to enable HTTPS traffic interception. It includes capabilities for detecting application packing, extracting cryptographic keys by hooking encryption algorithms, and circum
frida-dexdump is an Android memory forensics tool that recovers Dalvik Executable (DEX) files from running application processes using the Frida dynamic instrumentation framework. It functions as a Frida-based runtime analyzer and DEX memory dumper, capable of extracting obfuscated or packed DEX files without modifying the Android system. The tool distinguishes itself through its ability to repair corrupted or missing DEX file headers using heuristic analysis and fuzzy matching techniques. It employs fuzzy boundary detection to identify DEX file boundaries in memory even when headers are dama
Recaf is a suite of specialized tools for assembling, editing, deobfuscating, decompiling, and instrumenting Java bytecode and runtime processes. It provides a coordinated environment for modifying compiled Java class files and analyzing the behavior of Java applications. The project distinguishes itself through a multi-level abstraction layer that allows for editing across different formats and a pluggable framework that routes bytecode through multiple configurable decompilation engines. It includes an embedded scripting engine and plugin architecture to automate repetitive tasks and extend
JPEX Software is a comprehensive reverse engineering suite for SWF binary files, serving as an ActionScript decompiler and editor. It provides a toolkit for decompiling, analyzing, and modifying the internal structure of compiled Flash content, including the extraction of scripts and media assets. The project is distinguished by its ability to perform direct binary modification, allowing users to edit bytecode and replace embedded resources without reverting to high-level source code. It includes a runtime ActionScript bytecode debugger for variable inspection and call stack analysis, as well
Smali is a two-way binary translation toolset designed to convert Dalvik bytecode to human-readable assembly and back again. It provides a mechanism for the disassembly and assembly of executable files used in virtual machine environments. The project enables the modification of compiled Android application logic by transforming binary files into editable assembly and rebuilding them. It is used for reverse engineering, malware analysis, and the study of low-level instructions to identify program behavior or security flaws. The toolkit covers binary construction through smali code assembly a
Epic is a toolkit for Android runtime instrumentation, method interception, and security posture auditing. It functions as an aspect-oriented programming framework and a dynamic method interceptor designed to monitor and alter the behavior of Java methods within the Android Runtime. The project provides capabilities for intercepting and modifying both core Android framework components and specific application logic. This allows for the injection of custom Java behavior and the redirection of method execution without altering the original source code. The framework includes tools for applicat
Apkstudio is a reverse engineering integrated development environment designed for decompiling, modifying, and recompiling Android application packages. It provides a specialized suite for transforming binary files into readable source code and bundling them back into installable application archives. The project features a framework integration system that imports manufacturer-specific files to ensure accurate decompilation of vendor-modified applications. It includes a dedicated editor for Smali, Java, and XML files with syntax highlighting, as well as a hex editor for the direct modificati
Piko is a collection of specialized Android utilities designed for binary patching, user interface customization, media downloading, and application debugging. It functions as an APK modification framework that alters application metadata and binary resources to modify internal logic and bypass version locks. The project differentiates itself through deep application modification capabilities, including bytecode-level instruction patching, DEX file manipulation, and a dynamic hooking engine. It enables the overriding of resource files and the injection of permissions via the application manif
MicroG-RE is an Android app modifier and compatibility layer designed to patch mobile applications. It functions as a system for removing advertisements, skipping sponsored content, and replacing proprietary service dependencies with open-source alternatives to maintain account authentication and app compatibility. The project provides a MicroG compatibility layer that enables applications to function without closed-source frameworks. It further implements notification restoration by spoofing application signatures, ensuring that push messages are delivered correctly after a binary has been p
Android Application Identifier for Packers, Protectors, Obfuscators and Oddities - PEiD for Android
Jadx is a comprehensive Java decompilation suite designed to transform compiled binary application files into readable source code. It functions as a static analysis workbench, providing a graphical interface for navigating, searching, and inspecting the internal logic of complex software packages. By utilizing a bytecode-to-Java pipeline, the project reconstructs high-level logical structures from low-level binary instructions, making it a primary tool for Android application reverse engineering. The project distinguishes itself through a sophisticated control flow reconstruction engine and
Remix is a comprehensive blockchain development environment and Ethereum smart contract IDE. It provides a complete workspace for writing, compiling, deploying, and debugging smart contracts across simulated and public blockchain networks. The project distinguishes itself as a specialized toolchain for EVM debugging and analysis, offering opcode-level transaction stepping and state memory analysis. It also includes a dedicated zero-knowledge proof toolchain for compiling ZK circuits and generating cryptographic proofs, alongside an AI-powered coding assistant for code generation and explanati
This project is a collection of malware analysis reports and decompiled code focused on a backdoor embedded within an Android application. It serves as a study of Android APK malware, documenting the specific code patterns used for unauthorized data access and system security bypasses. The research focuses on dynamic bytecode loading and the execution of remote files to implement persistence. It specifically analyzes mechanisms for downloading and running remote Dalvik Executable files to change application behavior without updating the installed package. The analysis covers several security
This project is a structured course and instructional guide focused on x64 Windows reverse engineering. It provides a curriculum for analyzing and decompiling Windows binaries through the study of assembly language and operating system internals. The material covers Windows binary analysis and malware analysis, with a specific focus on interpreting x64 machine code to recover original program logic. It guides the user through the process of tracing program behavior and logging function calls to understand how binaries operate. The technical scope includes assembly-level decompilation, debugg
pycdc is a reverse engineering toolset that decompiles and disassembles compiled Python bytecode files back into readable source code. It parses .pyc file headers, reconstructs abstract syntax trees from bytecode instructions, and handles version-specific opcodes across Python versions 1.0 through 3.13 with endian-aware binary parsing. The tool recovers numeric constants, string literals, and marshalled Python objects from compiled bytecode, supporting both file-based and in-memory bytecode loading. It provides a human-readable disassembly listing of bytecode instructions alongside full sourc
Fernflower is a Java bytecode decompiler designed to convert compiled Java class files back into human-readable source code. It functions as a bytecode analysis tool that recovers original program logic and structure from compiled binaries. The project includes capabilities for obfuscated identifier resolution to rename ambiguous member elements, ensuring clear identifiers in the resulting source. These features support the analysis of obfuscated code, legacy code recovery, and Java malware analysis for security auditing. The system utilizes a structural analysis pipeline that includes contr
PyRIT is an AI vulnerability assessment tool and security scanner designed to detect risks in large language model applications. It functions as a generative AI red teaming framework used to simulate adversarial attacks and identify weaknesses in system guardrails. The tool automates AI risk assessment by scanning generative AI components for security vulnerabilities. It utilizes automated testing and analysis to identify security gaps and prevent potential exploits through a consistent, repeatable process. The system incorporates asynchronous model orchestration to compare security postures
The automated security helper is a command-line utility designed to orchestrate multiple security analysis tools into a unified, configuration-driven workflow. It functions as a central engine that executes static application security testing and infrastructure scans, aggregating diverse tool outputs into a standardized, machine-readable format to ensure consistent vulnerability detection across development lifecycles. The tool distinguishes itself through a modular plugin architecture that allows for the integration of custom or proprietary scanners, alongside an external intelligence layer
Fernflower is a Java bytecode decompiler and reverse engineering tool. It transforms compiled Java class files back into human-readable Java source code to reconstruct original program logic and variable names. The tool functions as a command line bytecode processor capable of batch processing Java archives and class files. It specifically handles obfuscated code analysis by renaming ambiguous identifiers and resolving naming conflicts to make the resulting source code easier to follow. The system employs static analysis to convert bytecode to source, utilizing debug information extraction t
de4dot is a .NET deobfuscator, unpacker, and assembly analysis tool. It is designed to remove obfuscation layers, restore metadata, and simplify bytecode control flow to transform protected binaries back into human-readable code. The project features specialized systems for decrypting strings and constants using both static and dynamic analysis. It identifies specific protection tools through pattern-based detection and strips anti-analysis protections, such as tamper detection and anti-debugging code. The tool provides a suite of reverse engineering capabilities, including binary wrapper un
Infer is a static analysis toolset for Java, C, C++, and Objective-C designed to detect memory leaks, null dereferences, and resource bugs. It functions as a multi-language bug finder that identifies race conditions, deadlocks, and memory safety issues by translating source code into a common intermediate representation for analysis. The project distinguishes itself through an inter-procedural data flow analyzer that tracks movement between sources and sinks to detect tainted flows and generate data flow graphs. It also includes a framework for verifying temporal properties and reachability u
gdsdecomp is a project recovery suite and game engine reverse engineering toolset. It functions as a bytecode decompiler, binary resource converter, and asset extraction tool designed to reconstruct original directory hierarchies and scripts from compiled binary game assets. The toolset specializes in GDScript bytecode decompilation and compilation, translating compiled bytecode back into human-readable source code or converting source code into executable bytecode for specific engine versions and commit hashes. It includes a game archive patcher to modify project archives by replacing intern
This project is an AI-powered static analysis tool and automated vulnerability scanner designed to detect security flaws such as injection and authentication bypasses. It uses large language models to perform semantic reasoning across multiple programming languages, identifying vulnerabilities within code changes. The tool operates as a GitHub Action that integrates into continuous integration pipelines to analyze pull request diffs. It focuses on modified lines of code to target new risks and reports findings by posting automated comments directly to the pull request. Analysis is directed b
This project is an Android security analysis toolkit and mobile app runtime manipulator designed for reverse engineering and auditing mobile applications. It provides a system for modifying Java classes and method behavior in active mobile processes to bypass security controls. The toolkit includes a web-based interface for controlling the instrumentation engine and a specialized utility for disabling certificate validation to intercept and inspect encrypted network traffic via SSL pinning bypass. It also features an Android file explorer for browsing and managing files within private data di
Flare-floss is a security utility and static binary string extractor designed to uncover hidden text and configuration data within compiled binaries. It functions as an obfuscated string decoder and reverse engineering tool to translate encoded strings into readable text for security auditing. The project employs emulated execution to capture the decrypted state of strings in memory by running small chunks of binary code in a virtual CPU. It further utilizes static analysis disassembly, intermediate representation analysis, and heuristic-based pattern matching to identify and decode strings t
Astra is a security analysis system and scanner designed to identify vulnerabilities and security flaws in REST API endpoints. It functions as a security testing tool that automatically detects common API weaknesses during development and deployment cycles. The project provides a graphical interface for triggering and monitoring security scanning processes, removing the requirement for manual command line execution. This management UI allows for the oversight of scanning workflows and the retrieval of vulnerability reports. The system supports the import of collection files to map endpoints
Bearer is a static analysis security testing tool and privacy compliance auditor. It identifies security vulnerabilities, hard-coded secrets, and privacy risks in source code through static analysis and data flow tracing. The tool distinguishes itself by tracking the movement of sensitive data through code to identify leaks and by mapping personal and health-related information flows to generate evidence for privacy impact assessments. It also provides differential scanning for pull requests and uses fingerprint-based suppression to exclude known false positives from reports. The platform co
Giskard is an evaluation framework, testing library, and quality monitoring system for large language models and AI agents. It serves as a toolkit for quantifying model performance and reliability, providing specialized capabilities for validating retrieval-augmented generation pipelines. The project distinguishes itself through an automated red teaming tool and security scanner designed to identify vulnerabilities, prompt injections, and safety risks. It utilizes adversarial probing and synthetic edge case generation to quantify model robustness and detect information disclosure. The platfo