11 repository-uri
Techniques for analyzing and extracting code from Android applications, specifically focusing on bypassing obfuscation.
Distinct from Android App Execution: The candidates were focused on app execution and containers, not the act of reverse engineering for analysis.
Explore 11 awesome GitHub repositories matching security & cryptography · Android Application Reverse Engineering. Refine with filters or upvote what's useful.
Smali is a two-way binary translation toolset designed to convert Dalvik bytecode to human-readable assembly and back again. It provides a mechanism for the disassembly and assembly of executable files used in virtual machine environments. The project enables the modification of compiled Android application logic by transforming binary files into editable assembly and rebuilding them. It is used for reverse engineering, malware analysis, and the study of low-level instructions to identify program behavior or security flaws. The toolkit covers binary construction through smali code assembly a
Converts Dalvik bytecode into readable assembly to analyze the internal functioning of Android applications.
Reverse engineering and pentesting for Android applications
Analyzes Android APK and DEX files to understand app behavior and inspect bytecode.
Hooker este un toolkit pentru instrumentarea dinamică, analiza memoriei și deobfuscare a aplicațiilor Android. Funcționează ca un framework de reverse engineering care utilizează Frida pentru a injecta scripturi în procesele care rulează, a monitoriza apelurile native și a extrage fișiere DEX executabile. Proiectul oferă utilitare specializate pentru ocolirea controalelor de securitate, inclusiv instrumente pentru dezactivarea validării certificatelor SSL și a pinning-ului BoringSSL pentru a permite interceptarea traficului HTTPS. Include capabilități pentru detectarea împachetării aplicațiilor, extragerea cheilor criptografice prin hooking-ul algoritmilor de criptare și evitarea verificărilor de mediu root sau de debugging. Framework-ul acoperă o gamă largă de capabilități de analiză, inclusiv scanarea memoriei pentru detectarea componentelor active, configurarea proxy SOCKS5 pentru rutarea traficului de rețea și analiza interacțiunii cu UI-ul. De asemenea, suportă colectarea amprentelor dispozitivului și debugging-ul WebViews-urilor încorporate.
Analyzes Android applications using Frida to inspect internal functions, map memory, and trace native calls.
apk-mitm este un utilitar CLI conceput pentru a modifica fișierele APK de Android, permițând inspectarea traficului HTTPS printr-un proxy. Acesta funcționează ca un instrument de patch pentru securitatea rețelei și de bypass pentru certificate pinning, automatizând procesul de alterare a pachetelor aplicațiilor pentru a permite analiza traficului de tip man-in-the-middle. Instrumentul modifică pachetele Android compilate prin despachetarea lor, alterarea fișierelor interne și re-codarea binarului. Se concentrează în mod specific pe dezactivarea certificate pinning-ului și injectarea configurațiilor de securitate a rețelei în manifestul aplicației, ceea ce permite utilizarea certificatelor proxy atât pe dispozitive cu root, cât și pe cele fără root. Software-ul acoperă testarea securității API-urilor mobile și ingineria inversă prin patch-uri la nivel de bytecode. Include un mecanism pentru a întrerupe procesul de patch, permițând modificarea manuală a fișierelor într-un director temporar înainte ca pachetul final să fie reconstruit și semnat.
Analyzes and modifies APK files to change application behavior and inspect internal configurations.
This project is a comprehensive Android reverse engineering suite that functions as a decompiler, bytecode deobfuscator, and malware analysis tool. It is designed to convert APK, DEX, and OAT binaries into human-readable source code using a native implementation that does not require a Java Virtual Machine. The platform is distinguished by its integration with Frida for dynamic analysis, allowing users to hook methods, inject custom JavaScript, and dump device memory in real time. It also features specialized security engines, including a taint propagation engine and a stack-state machine, to
Provides a comprehensive platform for analyzing Dalvik bytecode, patching binaries, and mapping execution paths.
Simplify este un sandbox de mașină virtuală Android, un trasor de execuție bytecode și un framework de analiză statică. Acesta servește drept deobfuscator de bytecode Dalvik, conceput pentru a recupera cod lizibil din binare prin simularea comportamentului programului fără a utiliza un dispozitiv fizic. Proiectul se distinge prin utilizarea analizei grafului de execuție pentru a rezolva apelurile de reflexie și a simplifica codul obfuscated prin propagarea constantelor și eliminarea codului mort. Utilizează simularea execuției pe mai multe căi pentru a urmări toate rezultatele posibile ale ramurilor condiționale și mapează fluxul de instrucțiuni pentru a identifica valorile constante. Sistemul acoperă o gamă largă de capabilități de analiză, inclusiv trasarea propagării excepțiilor, categorisirea efectelor secundare ale metodelor și simularea apelurilor API Java. De asemenea, oferă mecanisme pentru interceptarea execuțiilor metodelor prin hook-uri personalizate pentru a monitoriza sau suprascrie stările mașinii virtuale.
Analyzes the structure and flow of Android applications by resolving reflected calls and mapping execution paths.
frida-dexdump is an Android memory forensics tool that recovers Dalvik Executable (DEX) files from running application processes using the Frida dynamic instrumentation framework. It functions as a Frida-based runtime analyzer and DEX memory dumper, capable of extracting obfuscated or packed DEX files without modifying the Android system. The tool distinguishes itself through its ability to repair corrupted or missing DEX file headers using heuristic analysis and fuzzy matching techniques. It employs fuzzy boundary detection to identify DEX file boundaries in memory even when headers are dama
Recovering obfuscated or packed DEX files from running Android applications for security analysis and reverse engineering.
APKLab is an integrated security analysis platform and reverse engineering IDE for Android applications. It provides a unified environment for decompiling binaries into source code, repackaging modified applications into signed installers, and performing comprehensive security analysis. The platform distinguishes itself by combining static and dynamic analysis workflows. It enables the injection of runtime hooks and gadget libraries to monitor application behavior, while providing specialized patching capabilities to intercept and decrypt encrypted network traffic via a proxy. The toolkit co
Analyzes and extracts code from Android applications to recover internal logic and find vulnerabilities.
apk.sh is a mobile application patching framework and reverse engineering tool designed to inject custom instrumentation and logic into compiled Android binaries. It serves as a workflow manager for modifying application packages without requiring access to the original source code. The toolkit focuses on automating the process of injecting the Frida gadget into Android packages, enabling dynamic analysis and function hooking on non-rooted devices. It handles the end-to-end lifecycle of deconstructing, modifying, and resigning binaries to facilitate security research, malware analysis, and be
Facilitates the analysis and extraction of code from Android applications to understand internal logic without source code.
Apkstudio is a reverse engineering integrated development environment designed for decompiling, modifying, and recompiling Android application packages. It provides a specialized suite for transforming binary files into readable source code and bundling them back into installable application archives. The project features a framework integration system that imports manufacturer-specific files to ensure accurate decompilation of vendor-modified applications. It includes a dedicated editor for Smali, Java, and XML files with syntax highlighting, as well as a hex editor for the direct modificati
Provides tools for decompiling and analyzing Android application packages to understand their internal logic.
This project is an Android security analysis toolkit and mobile app runtime manipulator designed for reverse engineering and auditing mobile applications. It provides a system for modifying Java classes and method behavior in active mobile processes to bypass security controls. The toolkit includes a web-based interface for controlling the instrumentation engine and a specialized utility for disabling certificate validation to intercept and inspect encrypted network traffic via SSL pinning bypass. It also features an Android file explorer for browsing and managing files within private data di
A comprehensive toolkit for reverse engineering and auditing Android applications using runtime hooking.