Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/In3tinct/deobfuscate-android-app

LLM tool to find any potential vulnerabilities and deobfuscate android app code.
https://github.com/In3tinct/deobfuscate-android-app

Last synced: 3 days ago
JSON representation

LLM tool to find any potential vulnerabilities and deobfuscate android app code.

Host: GitHub
URL: https://github.com/In3tinct/deobfuscate-android-app
Owner: In3tinct
License: apache-2.0
Created: 2024-10-07T17:24:07.000Z (3 months ago)
Default Branch: main
Last Pushed: 2024-12-06T18:23:34.000Z (about 1 month ago)
Last Synced: 2024-12-06T18:35:37.694Z (about 1 month ago)
Language: Python
Homepage:
Size: 24.4 KB
Stars: 0
Watchers: 1
Forks: 0
Open Issues: 1
Metadata Files:
- Readme: README.md
- Contributing: CONTRIBUTING.md
- License: LICENSE

Awesome Lists containing this project

awesome_ai_agents - Deobfuscate-Android-App - LLM tool to find any potential vulnerabilities and deobfuscate android app code. (Building / Tools)
awesome_ai_agents - Deobfuscate-Android-App - LLM tool to find any potential vulnerabilities and deobfuscate android app code. (Building / Tools)

README

        # Deobfuscate Android App

LLM tool to find any potential security vulnerabilities in android apps and deobfuscate android app code. Uses Google's Gemini public API. 

Android apps generally use Proguard for obfuscating the app and reversing app can be hard with meaning less variable and function names. LLMs seems to do a good job in understanding the context of the code and renaming variables, functions, adding comments etc (to certain extent but embrace the unpredictibility of it too).

## Description

Input - Takes decompiled code directory as an input.

Output -

1) a JSON file will be created with name "vuln_report", listing security risk and its impact in the provided output directory.

2) Deobfuscates each file for easier readability and save it in package directory structure for manual reviews. Also, labels any security issues seen in the generated code with #SECURITY-ISSUE. (Only when save_code parameter is set to True, read below in run the script section)

## Installation

### 1. Clone the repo

### 2. Install dependencies 

pip3 install -r requirements.txt

### 3. Decompile APK

Get the APK of the intended app. And You can use jadx [https://github.com/skylot/jadx](https://github.com/skylot/jadx) to decompile.

It will create a "resources" and "sources" directory. "Sources" directory is where the decompiled .java files sit.

`jadx androidapp.apk`

### 4. Run the script 

a. `EXPORT GEMINI_API_KEY= "Your Gemini API Key"`

You can get the API key from [ai.google.dev](https://ai.google.dev/)

b. `python3 script.py --llm_model gemini-1.5-flash -output_dir /tmp/ver/ -source_dir "input_dir1/ input_dir2/"`

where, 

-llm_model is the LLM model to use, Currently only Google's Gemini is supported. You can get the model variants from here. https://ai.google.dev/gemini-api/docs/models/gemini#model-variations

-output_dir is the output directory you want to save generated files.

-source_dir is the source directory for the decompiled code. You can send more than one directory separated by space as above.

-save_code (*optional*) Default is false. if set as True, it will deobfuscate the code and save in the output directory provided, otherwise only vuln_report file will be generated.

**Important - Don't send the entire package at once which would contain libraries etc. Otherwise It may take forever to scan. Send the specific directories as input which contains app specific code. For example - if package directory looks like com/google/android/yourapp, send com/google/android/yourapp/receivers/**

## Demo

Decompiled code (Obfuscated)

![Screenshot 2024-12-06 at 10 01 19 AM](https://github.com/user-attachments/assets/1908bbd7-3354-4fcc-adbb-64dee857ae2d)

Decompiled code (After processing with LLM)

![Screenshot 2024-12-06 at 9 59 14 AM](https://github.com/user-attachments/assets/a9c8d34d-3a24-4f64-819a-b908a8dc815f)

Security Issues identified by LLM

![Screenshot 2024-12-06 at 10 20 46 AM](https://github.com/user-attachments/assets/bba67dd9-69e8-4323-b696-203a232a33cd)

## Contributing

See [`CONTRIBUTING.md`](docs/CONTRIBUTING.md) for details.

## License

Apache 2.0; see [`LICENSE`](LICENSE) for details.

## Disclaimer

This project is not an official Google project. It is not supported by

Google and Google specifically disclaims all warranties as to its quality,

merchantability, or fitness for a particular purpose. 

This is an experimental project and the owner of this project shall not be held liable for any actions performed using this tool. It is the sole responsibility of the end-user.

Also, please review the TOS for Gemini API before using the tool. https://ai.google.dev/gemini-api/terms