Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

Awesome-Android-Reverse-Engineering

A curated list of awesome Android Reverse Engineering training, resources, and tools.
https://github.com/user1342/Awesome-Android-Reverse-Engineering

Last synced: 1 day ago
JSON representation

  • Tools

    • Static Analysis Tools

      • Quark Engine - The goal of Quark Script aims to provide an innovative way for mobile security researchers to analyze or pentest the targets. Based on Quark, we integrate decent tools as Quark Script APIs and make them exchange valuable intelligence to each other.
      • ☆ APK Dependency Graph - An APK class dependency visualizer. Useful for attack surface mapping.
      • COVA - COVA is a static analysis tool to compute path constraints based on user-defined APIs.
      • DIS{integrity} - A tool for analysing Android APKs and extracting root, integrity, and tamper detection checks.
      • ☆ Obfu[DE - Obfu[DE]scate is a de-obfuscation tool for Android APKs that uses fuzzy comparison logic to identify similarities between functions, even if they have been renamed as part of obfuscation. It compares two versions of an APK and generates a mapping text file and an interactive HTML file as outputs!
      • TinySmaliEmulator - A minimalist smali emulator that could be used to "decrypt" obfuscated strings.
      • simplify - Android virtual machine and deobfuscator.
      • deoptfuscator - Deoptfuscator is a tool for deobfuscating Android applications that have been transformed using control-flow obfuscation mechanisms.
      • QARK - An open-source tool developed by LinkedIn for automatic Android app vulnerability scanning, including identifying potential security issues such as SQL injection, insecure data storage, and more.
      • MobSF - An open-source mobile app security testing framework that supports static and dynamic analysis of Android apps for vulnerabilities and privacy issues.
      • AndroBugs Framework - An open-source framework for analysing and scanning Android apps for security issues, including static and dynamic analysis capabilities.
      • ☆ imjtool - Firmware unpacking tool applicable to the widest variety of vendors and formats.
      • Android Studio - Useful if you don’t have a JEB licence and want to open a decompiled (via JADx) app into a proper IDE.
      • disarm - A simple command line utility that takes as an argument a 32-bit hexadecimal number, and parses it as an ARM-64 instruction, providing the disassembly.
    • Dynamic Analysis Tools

      • AutoDroid - Tool for mass gathering APKs from a device(s), decompiling, filtering on strings, etc.
      • RMS Runtime Mobile Security - Frida web interface.
      • ☆ FriDump - A Python script that utilises Frida to dump the memory of a running gadget, such as an app activity.
      • jnitrace - A Frida based tool to trace use of the JNI API in Android apps.
      • ☆ Binder Trace - Binder Trace is a tool for intercepting and parsing Android Binder messages. Think of it as "Wireshark for Binder".
      • Drozer - An open-source framework for Android security testing that provides a comprehensive set of tools for dynamic analysis, including intercepting, modifying, and analysing app traffic.
      • jtrace - strace for Android - for tracing system-level calls including Binder.
      • sesearch - Command line tool to query SELinux policies.
      • MITMProxy - An open-source man-in-the-middle proxy that allows for intercepting and analysing network traffic generated by Android apps for security testing and analysis.
      • ☆ Frida - A dynamic instrumentation toolkit for Android apps that allows for runtime manipulation and analysis of app behaviour.
      • Wireshark - A widely used open-source network protocol analyzer that can capture, analyse, and dissect network traffic generated by Android apps for security analysis.
      • SSLsplit - An open-source tool for intercepting and manipulating SSL/TLS encrypted traffic, which can be used for analysing SSL/TLS communication in Android apps.
      • ☆ Burp Suite - A popular commercial web security testing tool that can be used for analysing network traffic of Android apps for potential security vulnerabilities.
      • ☆ Objection - A runtime mobile exploration tool for Android that provides various features for analysing, manipulating, and bypassing app security controls.
    • Decompilers

      • apk2gold - CLI tool for decompiling Android apps to Java. Doing both resources and Java (this repo is 9 years old, and so may not work with newer Android versions).
      • AndroidProjectCreator - Convert an APK to an Android Studio Project using multiple open-source decompilers.
      • APK Studio - Open-source, cross platform Qt based IDE for reverse-engineering Android application packages.
      • show-java - An APK (android application), JAR & Dex decompiler for android.
      • Procyon - Procyon is a suite of Java metaprogramming tools, including a rich reflection API, a LINQ-inspired expression tree API for runtime code generation, and a Java decompiler.
      • Cfr - An open-source Java decompiler that supports decompilation of Android APK files into Java source code, including support for newer Java language features.
      • FernFlower - Fernflower is the first actually working analytical decompiler for Java and probably for a high-level programming language in general.
      • IDA Pro - A powerful commercial disassembler and debugger for analysing Android native code.
      • Radare2 - A free and open-source reverse engineering framework that supports Android analysis, including disassembly, debugging, and binary analysis.
      • Androguard - An open-source tool for analysing and reverse engineering Android apps, including decompiling APK files, analysing Dalvik bytecode, and more.
      • DEX2JAR - A tool for converting Android DEX files to JAR files, which can be further analysed using Java decompilers.
      • ☆ Ghidra - A free and open-source software reverse engineering (SRE) framework developed by the National Security Agency (NSA) that supports Android analysis.
      • ☆ Apktool - A popular open-source tool for decompiling and recompiling Android APK files.
      • ☆ JADX - An open-source tool for decompiling and analysing Android APK files into Java source code for reverse engineering and analysis.
      • JDGui - JD-GUI is a standalone graphical utility that displays Java source codes of “.class” files.
      • ☆ APKLab - APKLab seamlessly integrates Quark-Engine, Apktool, Jadx, uber-apk-signer, apk-mitm and more to VS Code.
    • Malware Analysis

      • DroidDetective - A machine learning malware analysis framework for Android apps.
      • Cuckoo Droid - CuckooDroid - Automated Android Malware Analysis with Cuckoo Sandbox.
      • androwarn - A static code analyzer for malicious Android applications.
  • CTFs and CrackMes

    • Case Studies

      • CyberTruckChallenge19 - Android security workshop material taught during the CyberTruck Challenge 2019 (Detroit USA).
      • KGB Messenger - KGB Messenger is an open source CTF practice challenge that aims to help people learn how to reverse engineer Android applications.
      • ☆ UnCrackable Mobile Apps - A set of OWASP Android app Crackme's. These challenges are used as examples throughout the OWASP MASTG. Of course, you can also solve them for fun.
  • Misc

    • Case Studies

      • LADB - A local ADB shell for Android!
      • Broken Droid Factory - BDF is a Python tool designed to spin-up pseudo random vulnerable Android applications for training when it comes to vulnerability research, ethical hacking, and pen testing on Android apps.
      • uber-apk-signer - A cli tool that helps signing and zip aligning single or multiple Android application packages (APKs) with either debug or provided release certificates. It supports v1, v2 and v3 Android signing scheme has an embedded debug keystore and auto verifies after signing.
      • RUNIC tamper detection demo - Designed to serve as a parallel for understanding more complex Android tamper detection and integrity systems such as Google Play SafetyNet and Huawei Safety Detect.
  • Training

  • Resources