11 个仓库
Techniques for analyzing and extracting code from Android applications, specifically focusing on bypassing obfuscation.
Distinct from Android App Execution: The candidates were focused on app execution and containers, not the act of reverse engineering for analysis.
Explore 11 awesome GitHub repositories matching security & cryptography · Android Application Reverse Engineering. Refine with filters or upvote what's useful.
Smali is a two-way binary translation toolset designed to convert Dalvik bytecode to human-readable assembly and back again. It provides a mechanism for the disassembly and assembly of executable files used in virtual machine environments. The project enables the modification of compiled Android application logic by transforming binary files into editable assembly and rebuilding them. It is used for reverse engineering, malware analysis, and the study of low-level instructions to identify program behavior or security flaws. The toolkit covers binary construction through smali code assembly a
Converts Dalvik bytecode into readable assembly to analyze the internal functioning of Android applications.
Reverse engineering and pentesting for Android applications
Analyzes Android APK and DEX files to understand app behavior and inspect bytecode.
Hooker 是一个用于 Android 应用程序动态插桩、内存分析和去混淆的工具包。它作为一个逆向工程框架,使用 Frida 将脚本注入正在运行的进程中,监控原生调用并提取可执行的 DEX 文件。 该项目提供了用于绕过安全控制的专用工具,包括禁用 SSL 证书验证和 BoringSSL 固定以实现 HTTPS 流量拦截。它包括检测应用程序加固、通过 Hook 加密算法提取加密密钥以及规避 Root 或调试环境检查的功能。 该框架涵盖了广泛的分析功能,包括用于检测活动组件的内存扫描、用于网络流量路由的 SOCKS5 代理配置以及 UI 交互分析。它还支持收集设备指纹和调试嵌入式 WebView。
Analyzes Android applications using Frida to inspect internal functions, map memory, and trace native calls.
apk-mitm 是一个命令行实用程序,旨在修改 Android APK 文件以通过代理进行 HTTPS 流量检查。它充当网络安全补丁工具和证书锁定绕过工具,通过自动化修改应用程序包来允许中间人流量分析。 该工具通过解包、修改内部文件并重新编码二进制文件来修改已编译的 Android 包。它专注于禁用证书锁定并将网络安全配置注入应用程序清单,从而允许在已 root 和未 root 的设备上使用代理证书。 该软件涵盖了移动 API 安全测试和通过字节码级补丁进行的逆向工程。它包含一个暂停补丁过程的机制,允许在重建和签名最终包之前在临时目录中进行手动文件修改。
Analyzes and modifies APK files to change application behavior and inspect internal configurations.
本项目是一个全面的 Android 逆向工程套件,具有反编译器、字节码去混淆器和恶意软件分析工具的功能。它旨在将 APK、DEX 和 OAT 二进制文件转换为人类可读的源代码,并使用无需 Java 虚拟机 (JVM) 的原生实现。 该平台通过与 Frida 集成进行动态分析而脱颖而出,允许用户实时挂钩方法、注入自定义 JavaScript 并转储设备内存。它还具有专门的安全引擎,包括污点传播引擎和栈状态机,以检测隐私泄露、恶意行为和安全漏洞。 该套件涵盖了广泛的分析功能,包括二进制补丁和重打包、交叉引用依赖映射和数据流分析。它提供了用于软件加壳识别、加密字符串解码以及跨应用程序资源进行全局元数据搜索的工具。 该工具提供命令行界面,并支持通过自定义 Python 或 Java 脚本进行分析自动化。
Provides a comprehensive platform for analyzing Dalvik bytecode, patching binaries, and mapping execution paths.
Simplify 是一个 Android 虚拟机沙箱、字节码执行追踪器和静态分析框架。它作为 Dalvik 字节码去混淆器,旨在通过模拟程序行为(无需物理设备)从二进制文件中恢复可读代码。 该项目的特色在于使用执行图分析来解析反射调用,并通过常量传播和死代码消除来简化混淆代码。它采用多路径执行模拟来跟踪所有可能的条件分支结果,并将指令流映射以识别常量值。 该系统涵盖了广泛的分析功能,包括异常传播追踪、方法副作用分类和 Java API 调用模拟。它还提供了通过自定义钩子拦截方法执行的机制,以监控或覆盖虚拟机状态。
Analyzes the structure and flow of Android applications by resolving reflected calls and mapping execution paths.
frida-dexdump is an Android memory forensics tool that recovers Dalvik Executable (DEX) files from running application processes using the Frida dynamic instrumentation framework. It functions as a Frida-based runtime analyzer and DEX memory dumper, capable of extracting obfuscated or packed DEX files without modifying the Android system. The tool distinguishes itself through its ability to repair corrupted or missing DEX file headers using heuristic analysis and fuzzy matching techniques. It employs fuzzy boundary detection to identify DEX file boundaries in memory even when headers are dama
Recovering obfuscated or packed DEX files from running Android applications for security analysis and reverse engineering.
APKLab is an integrated security analysis platform and reverse engineering IDE for Android applications. It provides a unified environment for decompiling binaries into source code, repackaging modified applications into signed installers, and performing comprehensive security analysis. The platform distinguishes itself by combining static and dynamic analysis workflows. It enables the injection of runtime hooks and gadget libraries to monitor application behavior, while providing specialized patching capabilities to intercept and decrypt encrypted network traffic via a proxy. The toolkit co
Analyzes and extracts code from Android applications to recover internal logic and find vulnerabilities.
apk.sh is a mobile application patching framework and reverse engineering tool designed to inject custom instrumentation and logic into compiled Android binaries. It serves as a workflow manager for modifying application packages without requiring access to the original source code. The toolkit focuses on automating the process of injecting the Frida gadget into Android packages, enabling dynamic analysis and function hooking on non-rooted devices. It handles the end-to-end lifecycle of deconstructing, modifying, and resigning binaries to facilitate security research, malware analysis, and be
Facilitates the analysis and extraction of code from Android applications to understand internal logic without source code.
Apkstudio is a reverse engineering integrated development environment designed for decompiling, modifying, and recompiling Android application packages. It provides a specialized suite for transforming binary files into readable source code and bundling them back into installable application archives. The project features a framework integration system that imports manufacturer-specific files to ensure accurate decompilation of vendor-modified applications. It includes a dedicated editor for Smali, Java, and XML files with syntax highlighting, as well as a hex editor for the direct modificati
Provides tools for decompiling and analyzing Android application packages to understand their internal logic.
This project is an Android security analysis toolkit and mobile app runtime manipulator designed for reverse engineering and auditing mobile applications. It provides a system for modifying Java classes and method behavior in active mobile processes to bypass security controls. The toolkit includes a web-based interface for controlling the instrumentation engine and a specialized utility for disabling certificate validation to intercept and inspect encrypted network traffic via SSL pinning bypass. It also features an Android file explorer for browsing and managing files within private data di
A comprehensive toolkit for reverse engineering and auditing Android applications using runtime hooking.