{"id":20829732,"url":"https://github.com/androidovshchik/android-reverse-starter","last_synced_at":"2025-05-07T21:46:59.364Z","repository":{"id":163353400,"uuid":"201054232","full_name":"androidovshchik/android-reverse-starter","owner":"androidovshchik","description":"Useful tools for reverse out of the box (Unix compatible)","archived":false,"fork":false,"pushed_at":"2024-08-31T06:50:49.000Z","size":65,"stargazers_count":10,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"nodejs","last_synced_at":"2025-05-07T21:46:48.158Z","etag":null,"topics":["android","reverse","tool"],"latest_commit_sha":null,"homepage":"https://github.com/google/zx","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/androidovshchik.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2019-08-07T13:17:17.000Z","updated_at":"2025-02-12T17:49:01.000Z","dependencies_parsed_at":null,"dependency_job_id":"878f4357-3ec7-434e-90ca-704cf7828400","html_url":"https://github.com/androidovshchik/android-reverse-starter","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/androidovshchik%2Fandroid-reverse-starter","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/androidovshchik%2Fandroid-reverse-starter/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/androidovshchik%2Fandroid-reverse-starter/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/androidovshchik%2Fandroid-reverse-starter/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/androidovshchik","download_url":"https://codeload.github.com/androidovshchik/android-reverse-starter/tar.gz/refs/heads/nodejs","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":252961858,"owners_count":21832192,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["android","reverse","tool"],"created_at":"2024-11-17T23:21:47.776Z","updated_at":"2025-05-07T21:46:59.354Z","avatar_url":"https://github.com/androidovshchik.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# android-reverse-starter\n\u003e Useful tools for reverse out of the box (Unix compatible)\n\n## Requirements\n* JDK\n* Currently on Linux 32bit: zipalign must be set in `PATH`\n\n## Setup\n\n### Extra dependencies\n- wget\n- xmlstarlet\n- unzip\n\nOn Debian\n```\n$ apt-get install -y wget xmlstarlet unzip\n```\n\nOn Fedora\n```\n$ dnf install -y wget xmlstarlet unzip\n```\n\nOn Arch\n```\n$ pacman -S wget xmlstarlet unzip\n```\n\nOn Mac OS\n```\n$ brew install wget xmlstarlet unzip\n```\n\n### Config file\nDon't lost to define the location of Android SDK\n\n```\n\u003cconfig\u003e\n ...\n \u003cANDROID_HOME\u003e/home/vlad/android-sdk\u003c/ANDROID_HOME\u003e\n\u003c/config\u003e\n```\n\n### First setup or upgrade\n```\n$ bash _init.sh\n```\n\n## Decompile\n\n### Decompile and move to `_original` available apk\n```\n$ bash dm.sh\n -da Include decompilation to smali code via Apktool\n -dj Include decompilation to java code via JADX\n```\n\n### Decompile available apk to smali code via [Apktool](https://github.com/iBotPeaches/Apktool)\n```\n$ bash dsmali.sh [optional args]\n -f,--force Force delete destination directory.\n -o,--output \u003cdir\u003e The name of folder that gets written. Default is apk.out\n -p,--frame-path \u003cdir\u003e Uses framework files located in \u003cdir\u003e.\n -r,--no-res Do not decode resources.\n -s,--no-src Do not decode sources.\n -t,--frame-tag \u003ctag\u003e Uses framework files tagged by \u003ctag\u003e.\n```\n\n### Decompile available apk to java code via [JADX](https://github.com/skylot/jadx)\n```\n$ bash djadx.sh [optional args]\n -ds, --output-dir-src - output directory for sources\n -dr, --output-dir-res - output directory for resources\n -j, --threads-count - processing threads count\n -r, --no-res - do not decode resources\n -s, --no-src - do not decompile source code\n --single-class - decompile a single class\n --output-format - can be 'java' or 'json' (default: java)\n -e, --export-gradle - save as android gradle project\n --show-bad-code - show inconsistent code (incorrectly decompiled)\n --no-imports - disable use of imports, always write entire package name\n --no-debug-info - disable debug info\n --no-inline-anonymous - disable anonymous classes inline\n --no-replace-consts - don't replace constant value with matching constant field\n --escape-unicode - escape non latin characters in strings (with \\u)\n --respect-bytecode-access-modifiers - don't change original access modifiers\n --deobf - activate deobfuscation\n --deobf-min - min length of name, renamed if shorter (default: 3)\n --deobf-max - max length of name, renamed if longer (default: 64)\n --deobf-rewrite-cfg - force to save deobfuscation map\n --deobf-use-sourcename - use source file name as class name alias\n --rename-flags - what to rename, comma-separated, 'case' for system case sensitivity, 'valid' for java identifiers, 'printable' characters, 'none' or 'all'\n --fs-case-sensitive - treat filesystem as case sensitive, false by default\n --cfg - save methods control flow graph to dot file\n --raw-cfg - save methods control flow graph (use raw instructions)\n -f, --fallback - make simple dump (using goto instead of 'if', 'for', etc)\n -v, --verbose - verbose output\n --version - print jadx version\n -h, --help - print this help\n```\n\n## Build\n\n### Build and run apk\n```\n$ bash br.sh [optional args]\n -ar Restart ADB\n -i=\u003cnumber\u003e Index of smali project in -n...-1 as DESC order or 1..+n as ASC order. Default is -1 which means last\n```\n\n### Build apk from smali code via [Apktool](https://github.com/iBotPeaches/Apktool)\n```\n$ bash bsmali.sh [optional args]\n -i=\u003cnumber\u003e Index of smali project in -n...-1 as DESC order or 1..+n as ASC order. Default is -1 which means last\n -f,--force-all Skip changes detection and build all files.\n -o,--output \u003cdir\u003e The name of apk that gets written. Default is dist/name.apk\n -p,--frame-path \u003cdir\u003e Uses framework files located in \u003cdir\u003e.\n```\n\n## Run\n\n### Sign apk\n```\n$ bash rsign.sh [optional args]\n -i=\u003cnumber\u003e Index of smali project in -n...-1 as DESC order or 1..+n as ASC order. Default is -1 which means last\n -a,--apks \u003cfile/folder\u003e Can be a single apk or a folder containing multiple apks. These are used\n as source for zipalining/signing/verifying. It is also possible to\n provide multiple locations space seperated (can be mixed file folder):\n '/apk /apks2 my.apk'. Folder will be checked non-recursively.\n --allowResign If this flag is set, the tool will not show error on signed apks, but\n will sign them with the new certificate (therefore removing the old\n one).\n --debug Prints additional info for debugging.\n --dryRun Check what apks would be processed without actually doing anything.\n -h,--help Prints help docs.\n --ks \u003ckeystore\u003e The keystore file. If this isn't provided, will try to sign with a debug\n keystore. The debug keystore will be searched in the same dir as\n execution and 'user_home/.android' folder. If it is not found there a\n built-in keystore will be used for convenience. It is possible to pass\n one or multiple keystores. The syntax for multiple params is\n '\u003cindex\u003e=\u003ckeystore\u003e' for example: '1=keystore.jks'. Must match the\n parameters of --ksAlias.\n --ksAlias \u003calias\u003e The alias of the used key in the keystore. Must be provided if --ks is\n provided. It is possible to pass one or multiple aliases for multiple\n keystore configs. The syntax for multiple params is '\u003cindex\u003e=\u003calias\u003e'\n for example: '1=my-alias'. Must match the parameters of --ks.\n --ksDebug \u003ckeystore\u003e Same as --ks parameter but with a debug keystore. With this option the\n default keystore alias and passwords are used and any arguments relating\n to these parameter are ignored.\n --ksKeyPass \u003cpassword\u003e The password for the key. If this is not provided, caller will get a\n user prompt to enter it. It is possible to pass one or multiple\n passwords for multiple keystore configs. The syntax for multiple params\n is '\u003cindex\u003e=\u003cpassword\u003e'. Must match the parameters of --ks.\n --ksPass \u003cpassword\u003e The password for the keystore. If this is not provided, caller will get\n a user prompt to enter it. It is possible to pass one or multiple\n passwords for multiple keystore configs. The syntax for multiple params\n is '\u003cindex\u003e=\u003cpassword\u003e'. Must match the parameters of --ks.\n -o,--out \u003cpath\u003e Where the aligned/signed apks will be copied to. Must be a folder. Will\n create, if it does not exist.\n --overwrite Will overwrite/delete the apks in-place\n --skipZipAlign Skips zipAlign process. Also affects verify.\n -v,--version Prints current version.\n --verbose Prints more output, especially useful for sign verify.\n --verifySha256 \u003ccert-sha256\u003e Provide one or multiple sha256 in string hex representation (ignoring\n case) to let the tool check it against hashes of the APK's certificate\n and use it in the verify process. All given hashes must be present in\n the signature to verify e.g. if 2 hashes are given the apk must have 2\n signatures with exact these hashes (providing only one hash, even if it\n matches one cert, will fail).\n -y,--onlyVerify If this is passed, the signature and alignment is only verified.\n --zipAlignPath \u003cpath\u003e Pass your own zipalign executable. If this is omitted the built-in\n version is used (available for win, mac and linux)\n```\n\nExample for release sign\n```\n$ bash rsign.sh --ks release.jks --ksPass myPass --ksAlias myAlias --ksKeyPass myKeyPass\n```\n\n### Install apk\n```\n$ bash rinstall.sh [optional args]\n -i=\u003cnumber\u003e Index of smali project in -n...-1 as DESC order or 1..+n as ASC order. Default is -1 which means last\n -t: allow test packages\n -d: allow version code downgrade (debuggable packages only)\n -p: partial application install (install-multiple only)\n -g: grant all runtime permissions\n --instant: cause the app to be installed as an ephemeral install app\n --no-streaming: always push APK to device and invoke Package Manager as separate steps\n --streaming: force streaming APK directly into Package Manager\n --fastdeploy: use fast deploy\n --no-fastdeploy: prevent use of fast deploy\n --force-agent: force update of deployment agent when using fast deploy\n --date-check-agent: update deployment agent when local version is newer and using fast deploy\n --version-check-agent: update deployment agent when local version has different version code and using fast deploy\n --local-agent: locate agent files from local source build (instead of SDK location)\n```\n\n### Launch apk\n\u003e Notice that app info will be parsed from decompiled `AndroidManifest.xml`\n```\n$ bash rlaunch.sh [optional args]\n -i=\u003cnumber\u003e Index of smali project in -n...-1 as DESC order or 1..+n as ASC order. Default is -1 which means last\n```\n\n## Other\n\n### Hack sign via [ApkSignatureKiller](https://github.com/L-JINBIN/ApkSignatureKiller)\n\u003e Notice that this tool is only valid for those apps that only use `packageManager.getPackageInfo(...).signatures` to verify signatures\n```\n$ bash hsign.sh\n```\n\n### Merge split apks via [SplitPacker](https://github.com/TheArmKing/SplitPacker)\n```\n$ bash SplitPacker.sh [dir]\n```","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fandroidovshchik%2Fandroid-reverse-starter","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fandroidovshchik%2Fandroid-reverse-starter","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fandroidovshchik%2Fandroid-reverse-starter/lists"}