r0capture is a tool for intercepting network traffic from Android applications. It serves as a traffic interceptor, packet sniffer, and client certificate exporter used to analyze application-layer communication on Android devices. The project provides mechanisms to bypass SSL pinning and certificate validation, allowing the decryption of encrypted traffic without modifying device trust stores. It also enables the extraction of client-side certificates from application memory for saving to local device storage. Captured network data is serialized into PCAP files to support offline protocol a
frida-dexdump is an Android memory forensics tool that recovers Dalvik Executable (DEX) files from running application processes using the Frida dynamic instrumentation framework. It functions as a Frida-based runtime analyzer and DEX memory dumper, capable of extracting obfuscated or packed DEX files without modifying the Android system. The tool distinguishes itself through its ability to repair corrupted or missing DEX file headers using heuristic analysis and fuzzy matching techniques. It employs fuzzy boundary detection to identify DEX file boundaries in memory even when headers are dama
This project is a comprehensive Android reverse engineering suite that functions as a decompiler, bytecode deobfuscator, and malware analysis tool. It is designed to convert APK, DEX, and OAT binaries into human-readable source code using a native implementation that does not require a Java Virtual Machine. The platform is distinguished by its integration with Frida for dynamic analysis, allowing users to hook methods, inject custom JavaScript, and dump device memory in real time. It also features specialized security engines, including a taint propagation engine and a stack-state machine, to
Reverse engineering and pentesting for Android applications