• Stars
    star
    705
  • Rank 64,230 (Top 2 %)
  • Language
  • License
    MIT License
  • Created over 1 year ago
  • Updated 7 months ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

A curated list of awesome Android Reverse Engineering training, resources, and tools.

Awesome Android Reverse Engineering

A curated list of awesome Android Reverse Engineering training, resources, and tools.

Awesome GitHub contributors GitHub Repo stars GitHub watchers GitHub last commit
ko-fi

How to Use

Awesome-Android-Reverse-Engineering is an amazing list for people who work in taking apart Android applications, systems, or components. Simply press ctrl + F to search for a keyword, go through our Contents Menu, or lookout for a 'โ˜†' indicating some great and up-to-date resources.

Contents

Training

Courses and Material

Videos

Books

  • โ˜† Android Internals: A Confectioner's Cookbook - An in-depth exploration of the inner-workings of Android: In Volume I, we take the perspective of the Power User as we delve into the foundations of Android, filesystems, partitions, boot process, native daemons and services.
  • Blue Fox: Arm Assembly Internals and Reverse Engineering - Provides readers with a solid foundation in Arm assembly internals and reverse-engineering fundamentals as the basis for analysing and securing billions of Arm devices.
  • Android Software Internals Quick Reference - This book focuses on easily digestible, useful, and interesting techniques in Java and the Android system. Including: encryption and obfuscation, debugging, and APK extraction.
  • โ˜† Mobile Offensive Security Pocket Guide - Focusing on Android and iOS operating systems, the book contains a series of succinct chapters that highlight key information, approaches, and tooling used by mobile penetration testers and offensive security practitioners.
  • Android Security Internals - Describing Android security architecture from the bottom up, delving into the implementation of major security-related components and subsystems, like Binder IPC, permissions, cryptographic providers, and device administration.
  • Android Malware Detection with Machine Learning - Examine the machine-learning techniques used to detect malicious apps, the types of classification models that defenders can use, and the various features of malware specimens that can become input to these models.

Tools

Static Analysis Tools

  • QARK - An open-source tool developed by LinkedIn for automatic Android app vulnerability scanning, including identifying potential security issues such as SQL injection, insecure data storage, and more.
  • Quark Engine - The goal of Quark Script aims to provide an innovative way for mobile security researchers to analyze or pentest the targets. Based on Quark, we integrate decent tools as Quark Script APIs and make them exchange valuable intelligence to each other.
  • MobSF - An open-source mobile app security testing framework that supports static and dynamic analysis of Android apps for vulnerabilities and privacy issues.
  • AndroBugs Framework - An open-source framework for analysing and scanning Android apps for security issues, including static and dynamic analysis capabilities.
  • โ˜† imjtool - Firmware unpacking tool applicable to the widest variety of vendors and formats.
  • Android Studio - Useful if you donโ€™t have a JEB licence and want to open a decompiled (via JADx) app into a proper IDE.
  • โ˜† APK Dependency Graph - An APK class dependency visualizer. Useful for attack surface mapping.
  • disarm - A simple command line utility that takes as an argument a 32-bit hexadecimal number, and parses it as an ARM-64 instruction, providing the disassembly.
  • COVA - COVA is a static analysis tool to compute path constraints based on user-defined APIs.
  • DIS{integrity} - A tool for analysing Android APKs and extracting root, integrity, and tamper detection checks.

De-Obfuscation

  • โ˜† Obfu[DE]scate - Obfu[DE]scate is a de-obfuscation tool for Android APKs that uses fuzzy comparison logic to identify similarities between functions, even if they have been renamed as part of obfuscation. It compares two versions of an APK and generates a mapping text file and an interactive HTML file as outputs!
  • TinySmaliEmulator - A minimalist smali emulator that could be used to "decrypt" obfuscated strings.
  • simplify - Android virtual machine and deobfuscator.
  • deoptfuscator - Deoptfuscator is a tool for deobfuscating Android applications that have been transformed using control-flow obfuscation mechanisms.

Dynamic Analysis Tools

  • Drozer - An open-source framework for Android security testing that provides a comprehensive set of tools for dynamic analysis, including intercepting, modifying, and analysing app traffic.
  • jtrace - strace for Android - for tracing system-level calls including Binder.
  • sesearch - Command line tool to query SELinux policies.
  • AutoDroid - Tool for mass gathering APKs from a device(s), decompiling, filtering on strings, etc.

Networking

  • โ˜† Burp Suite - A popular commercial web security testing tool that can be used for analysing network traffic of Android apps for potential security vulnerabilities.
  • Wireshark - A widely used open-source network protocol analyzer that can capture, analyse, and dissect network traffic generated by Android apps for security analysis.
  • SSLsplit - An open-source tool for intercepting and manipulating SSL/TLS encrypted traffic, which can be used for analysing SSL/TLS communication in Android apps.
  • MITMProxy - An open-source man-in-the-middle proxy that allows for intercepting and analysing network traffic generated by Android apps for security testing and analysis.
  • apk-mitm - A CLI application that automatically prepares Android APK files for HTTPS inspection.

Dynamic Instrumentation

  • โ˜† Frida - A dynamic instrumentation toolkit for Android apps that allows for runtime manipulation and analysis of app behaviour.
  • Xposed Framework - A powerful framework for hooking and modifying the behaviour of Android apps at runtime, commonly used for reverse engineering and analysis.
  • โ˜† Objection - A runtime mobile exploration tool for Android that provides various features for analysing, manipulating, and bypassing app security controls.
  • RMS Runtime Mobile Security - Frida web interface.
  • โ˜† FriDump - A Python script that utilises Frida to dump the memory of a running gadget, such as an app activity.
  • jnitrace - A Frida based tool to trace use of the JNI API in Android apps.
  • โ˜† Binder Trace - Binder Trace is a tool for intercepting and parsing Android Binder messages. Think of it as "Wireshark for Binder".

Decompilers

  • โ˜† JADX - An open-source tool for decompiling and analysing Android APK files into Java source code for reverse engineering and analysis.
  • Procyon - Procyon is a suite of Java metaprogramming tools, including a rich reflection API, a LINQ-inspired expression tree API for runtime code generation, and a Java decompiler.
  • Cfr - An open-source Java decompiler that supports decompilation of Android APK files into Java source code, including support for newer Java language features.
  • FernFlower - Fernflower is the first actually working analytical decompiler for Java and probably for a high-level programming language in general.
  • โ˜† Apktool - A popular open-source tool for decompiling and recompiling Android APK files.
  • DEX2JAR - A tool for converting Android DEX files to JAR files, which can be further analysed using Java decompilers.
  • JDGui - JD-GUI is a standalone graphical utility that displays Java source codes of โ€œ.classโ€ files.
  • IDA Pro - A powerful commercial disassembler and debugger for analysing Android native code.
  • โ˜† Ghidra - A free and open-source software reverse engineering (SRE) framework developed by the National Security Agency (NSA) that supports Android analysis.
  • JEB Decompiler - A commercial decompiler for Android apps that can decompile APK files into Java source code for analysis.
  • Radare2 - A free and open-source reverse engineering framework that supports Android analysis, including disassembly, debugging, and binary analysis.
  • Androguard - An open-source tool for analysing and reverse engineering Android apps, including decompiling APK files, analysing Dalvik bytecode, and more.
  • apk2gold - CLI tool for decompiling Android apps to Java. Doing both resources and Java (this repo is 9 years old, and so may not work with newer Android versions).
  • AndroidProjectCreator - Convert an APK to an Android Studio Project using multiple open-source decompilers.
  • APK Studio - Open-source, cross platform Qt based IDE for reverse-engineering Android application packages.
  • show-java - An APK (android application), JAR & Dex decompiler for android.
  • โ˜† APKLab - APKLab seamlessly integrates Quark-Engine, Apktool, Jadx, uber-apk-signer, apk-mitm and more to VS Code.

Malware Analysis

  • DroidDetective - A machine learning malware analysis framework for Android apps.
  • Cuckoo Droid - CuckooDroid - Automated Android Malware Analysis with Cuckoo Sandbox.
  • androwarn - A static code analyzer for malicious Android applications.

Resources

Documentation

  • Android Security Documentation - Official documentation from Google on Android security, including topics related to reverse engineering.
  • Android Reverse Engineering Challenges - A curated list of Android reverse engineering challenges and CTFs (Capture The Flag) for practice.
  • AndroidXref - Open code search for Android source.
  • APKMirror - Repository of Android APKs from sources such as the Play Store and user uploads.
  • APKPure - Repository of Android APKs from sources such as the Play Store and user uploads.

Case Studies

CTFs and CrackMes

  • โ˜† UnCrackable Mobile Apps - A set of OWASP Android app Crackme's. These challenges are used as examples throughout the OWASP MASTG. Of course, you can also solve them for fun.
  • CyberTruckChallenge19 - Android security workshop material taught during the CyberTruck Challenge 2019 (Detroit USA).
  • KGB Messenger - KGB Messenger is an open source CTF practice challenge that aims to help people learn how to reverse engineer Android applications.

Misc

  • LADB - A local ADB shell for Android!
  • Broken Droid Factory - BDF is a Python tool designed to spin-up pseudo random vulnerable Android applications for training when it comes to vulnerability research, ethical hacking, and pen testing on Android apps.
  • uber-apk-signer - A cli tool that helps signing and zip aligning single or multiple Android application packages (APKs) with either debug or provided release certificates. It supports v1, v2 and v3 Android signing scheme has an embedded debug keystore and auto verifies after signing.
  • RUNIC tamper detection demo - Designed to serve as a parallel for understanding more complex Android tamper detection and integrity systems such as Google Play SafetyNet and Huawei Safety Detect.

Contributing

Your contributions are always welcome! Please read the contribution guidelines first. We follow the Contributor Covenant Code of Conduct. Please make sure to review and adhere to this code of conduct when contributing.

Licence GitHub

This project is licensed under the MIT License - see the LICENSE.md file for details.

More Repositories

1

Obfu-DE-Scate

Obfu[DE]scate is a de-obfuscation tool for Android APKs that uses fuzzy comparison logic to identify similarities between functions, even if they have been renamed as part of obfuscation. It compares two versions of an APK and generates a mapping text file and an interactive HTML file as outputs!
Python
157
star
2

AutoDroid

A tool for automating interactions with Android devices - including ADB, AndroGuard, and Frida interactivity.
Python
134
star
3

Monocle

Tooling backed by an LLM for performing natural language searches against compiled target binaries. Search for encryption logic, password strings, vulnerabilities, etc.
Python
128
star
4

DroidDetective

A machine learning malware analysis framework for Android apps.
Python
112
star
5

PocketSmali

A modular and extendable Python tool for emulating simple SMALI code.
Python
83
star
6

DISintegrity

A tool for analysing Android APKs and extracting root, integrity, and tamper detection checks.
Python
57
star
7

Tweezer

A binary analysis tool for identifying unknown function names, using a word-2-vec model
Python
50
star
8

AutoCorpus

AutoCorpus is a tool backed by a large language model (LLM) for automatically generating corpus files for fuzzing.
Python
47
star
9

Broken-Droid-Factory

BDF is a Python tool designed to spin-up pseudo random vulnerable Android applications for training when it comes to vulnerability research, ethical hacking, and pen testing on Android apps.
Python
38
star
10

ThingFinder

ThingFinder is a tool designed to facilitate searching and analysing code, whether it's source code or compiled binary executables. It provides a modular interface for adding new parsers for identifying new 'things'.
Python
33
star
11

Awesome-Binary-Analysis-Automation

A curated list of awesome binary analysis automation training, resources, and tools.
19
star
12

Tamper

An Android application, designed as a reference point, that implements an array of tamper and root detection methods - inspired by Google Play Safety Net.
Java
13
star
13

RUNIC

๐Ÿ“ฑ RUNIC tamper detection demo - designed to serve as a parallel for understanding more complex tamper detection and integrity systems such as Google Play SafetyNet and Huawei Safety Detect.
Java
12
star
14

CyberTruck-2019-Android-CTF-Writeup

This is a write-up for the Now Secure Android reverse engineering CTF based on analysing a car key-less application. ... It has nothing to do with the Tesla CyberTruck.
JavaScript
11
star
15

GhidraBridge

A Python interface for automating Ghidra tasks.
Python
8
star
16

Hunch

A Predictive Policing and Threat Aggregation toolset. This modular toolset, powered by Natural Language Processing and Open Source Intelligence, is designed to provide the user with actionable data including: signals, pivots, and risk levels.
Python
6
star
17

user1342

5
star
18

Just-Another-Differ

๐Ÿ”Ž Function Change Differ | A diffing tool for binary files when comparing obfuscated and changed function contents between versions ๐Ÿ› ๏ธ
Python
3
star
19

Secure-App-Demo

An Android application designed to demonstrate insecure application security issues.
Java
2
star
20

Storage

A simple file explorer app for viewing and sharing files on android external storage.
Java
1
star
21

Android-Messenger-App-CTF-Writeup

A write-up and guide on the Android CTF challenge created by Mason CC.
Smali
1
star
22

WargamesAI

Professional Wargaming LLM Toolbox
Python
1
star
23

SFC

Simple Folder Comparison
Python
1
star
24

One_List

A basic list making application written for Android. Saves list items to external storage as filenames and makes use of run time permissions.
Java
1
star
25

OWASP-MSTG-Android-CrackMe-Walkthrough

The OWASP MSTG Android CrackMe is a series of Android applications with hidden flags designed to develop Java and Native reverse engineering skills.
Smali
1
star
26

conjecture

Evaluating the likelihood of data points in a LLM's training set
Python
1
star