{"id":13845062,"url":"https://github.com/rednaga/APKiD","last_synced_at":"2025-07-12T00:32:54.427Z","repository":{"id":37271449,"uuid":"61825895","full_name":"rednaga/APKiD","owner":"rednaga","description":"Android Application Identifier for Packers, Protectors, Obfuscators and Oddities - PEiD for Android","archived":false,"fork":false,"pushed_at":"2024-11-18T10:41:58.000Z","size":10336,"stargazers_count":2070,"open_issues_count":92,"forks_count":296,"subscribers_count":68,"default_branch":"master","last_synced_at":"2024-11-19T02:07:27.993Z","etag":null,"topics":["android","android-protect-apps","android-protection","antivirus","appshielding","machine-learning","malware-analysis","malware-detection","malware-research","packers","rasp","yara","yara-forensics"],"latest_commit_sha":null,"homepage":"","language":"YARA","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/rednaga.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.COMMERCIAL","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":"AUTHORS.txt","dei":null,"publiccode":null,"codemeta":null}},"created_at":"2016-06-23T18:00:21.000Z","updated_at":"2024-11-18T10:42:02.000Z","dependencies_parsed_at":"2023-02-18T01:01:20.504Z","dependency_job_id":"c68660d2-82f5-467b-9140-0e72c71fc50c","html_url":"https://github.com/rednaga/APKiD","commit_stats":{"total_commits":332,"total_committers":31,"mean_commits":"10.709677419354838","dds":0.5632530120481928,"last_synced_commit":"0187ad0ee04aa6e668c2b93ade52252ac6e4711b"},"previous_names":[],"tags_count":10,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rednaga%2FAPKiD","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rednaga%2FAPKiD/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rednaga%2FAPKiD/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rednaga%2FAPKiD/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/rednaga","download_url":"https://codeload.github.com/rednaga/APKiD/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":225772868,"owners_count":17521904,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["android","android-protect-apps","android-protection","antivirus","appshielding","machine-learning","malware-analysis","malware-detection","malware-research","packers","rasp","yara","yara-forensics"],"created_at":"2024-08-04T17:03:09.583Z","updated_at":"2024-11-21T17:31:12.661Z","avatar_url":"https://github.com/rednaga.png","language":"YARA","funding_links":[],"categories":[":wrench: Tools","YARA (8)","YARA","Android Reverse Engineering Tools","Tools"],"sub_categories":["Before 2000"],"readme":"# APKiD\n\n[![Build Status](https://app.travis-ci.com/rednaga/APKiD.svg?branch=master)](https://app.travis-ci.com/rednaga/APKiD)\n[![PyPI](https://img.shields.io/pypi/v/apkid.svg)](https://pypi.org/project/apkid/)\n[![PyPI - Python Version](https://img.shields.io/pypi/pyversions/apkid.svg)](https://pypi.org/project/apkid/)\n[![PyPI - Format](https://img.shields.io/pypi/format/apkid.svg)](https://pypi.org/project/apkid/)\n[![PyPI - License](https://img.shields.io/pypi/l/apkid.svg)](https://pypi.org/project/apkid/)\n\nAPKiD gives you information about how an APK was made. It identifies many compilers, packers, obfuscators, and other weird stuff. It's [_PEiD_](https://www.aldeid.com/wiki/PEiD) for Android.\n\n![Screen Shot 2019-05-07 at 10 55 00 AM](https://user-images.githubusercontent.com/1356658/57322793-49be9c00-70b9-11e9-84da-1e64d9459a8a.png)\n\nFor more information on what this tool can be used for, check out:\n\n* [Android Compiler Fingerprinting](http://hitcon.org/2016/CMT/slide/day1-r0-e-1.pdf)\n* [Detecting Pirated and Malicious Android Apps with APKiD](http://rednaga.io/2016/07/31/detecting_pirated_and_malicious_android_apps_with_apkid/)\n* [APKiD: PEiD for Android Apps (BlackHat EU/UK Arsenal 2018)](https://github.com/enovella/cve-bio-enovella/blob/master/slides/bheu18-enovella-APKID.pdf)\n* [APKiD: Fast Identification of AppShielding Products](https://github.com/enovella/cve-bio-enovella/blob/master/slides/APKiD-NowSecure-Connect19-enovella.pdf)\n* [APKiD: Fast Identification of Mobile RASP SDKs (BlackHat USA Arsenal 2023)](https://github.com/enovella/cve-bio-enovella/blob/master/slides/bheu23-enovella-APKID.pdf)\n\n## Installing\n\n```bash\npip install apkid\n```\n\n### Docker\n\nYou can also run APKiD with [Docker](https://www.docker.com/community-edition)! Of course, this requires that you have git and Docker installed.\n\nHere's how to use Docker:\n\n```bash\ngit clone https://github.com/rednaga/APKiD\ncd APKiD/\ndocker build . -t rednaga:apkid\ndocker/apkid.sh ~/reverse/targets/android/example/example.apk\n[+] APKiD 2.1.0 :: from RedNaga :: rednaga.io\n[*] example.apk!classes.dex\n |-\u003e compiler : dx\n```\n\n## Usage\n\n```\nusage: apkid [-h] [-v] [-t TIMEOUT] [-r] [--scan-depth SCAN_DEPTH]\n             [--entry-max-scan-size ENTRY_MAX_SCAN_SIZE] [--typing {magic,filename,none}] [-j]\n             [-o DIR]\n             [FILE [FILE ...]]\n\nAPKiD - Android Application Identifier v2.1.2\n\npositional arguments:\n  FILE                                       apk, dex, or directory\n\noptional arguments:\n  -h, --help                                 show this help message and exit\n  -v, --verbose                              log debug messages\n\nscanning:\n  -t TIMEOUT, --timeout TIMEOUT              Yara scan timeout (in seconds)\n  -r, --recursive                            recurse into subdirectories\n  --scan-depth SCAN_DEPTH                    how deep to go when scanning nested zips\n  --entry-max-scan-size ENTRY_MAX_SCAN_SIZE  max zip entry size to scan in bytes, 0 = no limit\n  --typing {magic,filename,none}             method to decide which files to scan\n\noutput:\n  -j, --json                                 output scan results in JSON format\n  -o DIR, --output-dir DIR                   write individual results here (implies --json)\n```\n\n## Submitting New Packers / Compilers / Obfuscators\n\nIf you come across an APK or DEX which APKiD does not recognize, please open a GitHub issue and tell us:\n\n* what you think it is -- obfuscated, packed, etc.\n* the file hash (either MD5, SHA1, SHA256)\n\nWe are open to any type of concept you might have for \"something interesting\" to detect, so do not limit yourself solely to packers, compilers or obfuscators. If there is an interesting anti-disassembler, anti-vm, anti-* trick, please make an issue.\n\nPull requests are welcome. If you're submitting a new rule, be sure to include a file hash of the APK / DEX so we can check the rule.\n\n## License\n\nThis tool is available under a dual license: a commercial one suitable for closed source projects and a GPL license that can be used in open source software.\n\nDepending on your needs, you must choose one of them and follow its policies. A detail of the policies and agreements for each license type are available in the [LICENSE.COMMERCIAL](LICENSE.COMMERCIAL) and [LICENSE.GPL](LICENSE.GPL) files.\n\n## Hacking\n\nIf you want to install the latest version in order to make changes, develop your own rules, and so on, simply clone this repository, compile the rules, and install the package in editable mode:\n\n```bash\ngit clone https://github.com/rednaga/APKiD\ncd APKiD\npython prep-release.py\npip install -e .[dev,test]\n```\n\nIf the above doesn't work, due to permission errors dependent on your local machine and where Python has been installed, try specifying the `--user` flag. This is likely needed if you're not using a virtual environment:\n\n```bash\npip install -e .[dev,test] --user\n```\n\nIf you update any of the rules, be sure to run `prep-release.py` to recompile them.\n\nIf you are using Windows, install Yara 3.11.0 and yara-python-dex before compiling\n\n```bash\npip install yara-python==3.11.0\npip install wheel\npip wheel --wheel-dir=yara-python-dex git+https://github.com/MobSF/yara-python-dex.git\npip install --no-index --find-links=yara-python-dex yara-python-dex\n```\n\n## For Package Maintainers\n\nWhen releasing a new version, make sure the version has been updated in [apkid/__init__.py](apkid/__init__.py).\n\nAs for running tests, check out [.travis.yml](.travis.yml) to see how the dev and test environments are setup and tests are run.\n\nUpdate the compiled rules, the readme, build the package and upload to PyPI:\n\n```bash\n./prep-release.py readme\nrm -f dist/*\npython setup.py sdist bdist_wheel\ntwine upload --repository-url https://upload.pypi.org/legacy/ dist/*\n```\n\nFor more information see [Packaging Projects](https://packaging.python.org/tutorials/packaging-projects/).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frednaga%2FAPKiD","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Frednaga%2FAPKiD","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frednaga%2FAPKiD/lists"}