Reverse Engineering A curated list of awesome Android Reverse Engineering training, resources, and tools.

[dEEpEst]

Awesome Android Reverse Engineering​

A curated list of awesome Android Reverse Engineering training, resources, and tools.​

How to Use​

Awesome-Android-Reverse-Engineering is an amazing list for people who work in taking apart Android applications, systems, or components. Simply press ctrl + F to search for a keyword, go through our Contents Menu, or lookout for a '☆' indicating some great and up-to-date resources.

Contents​

• This link is hidden for visitors. Please Log in or register now.
  • This link is hidden for visitors. Please Log in or register now.
  • This link is hidden for visitors. Please Log in or register now.
  • This link is hidden for visitors. Please Log in or register now.
• This link is hidden for visitors. Please Log in or register now.
  • This link is hidden for visitors. Please Log in or register now.
  • This link is hidden for visitors. Please Log in or register now.
  • This link is hidden for visitors. Please Log in or register now.
  • This link is hidden for visitors. Please Log in or register now.
• This link is hidden for visitors. Please Log in or register now.
  • This link is hidden for visitors. Please Log in or register now.
  • This link is hidden for visitors. Please Log in or register now.
• This link is hidden for visitors. Please Log in or register now.
• This link is hidden for visitors. Please Log in or register now.

Training​

Courses and Material​

• This link is hidden for visitors. Please Log in or register now.
  - A comprehensive online training course on Android reverse engineering by Maddie Stone.
• This link is hidden for visitors. Please Log in or register now.
  - Covering everything from Data Types, Registers, the ARM Instruction Set, Memory Instructions, and more
• This link is hidden for visitors. Please Log in or register now.
  - This course will see you develop a baseline knowledge of what is involved in mobile penetration testing along with the specific tools, techniques, and frameworks involved in taking apart and analyzing Android applications.

Videos​

• This link is hidden for visitors. Please Log in or register now.
  - A video series on reverse engineering basics and reverse engineering Android malware.
• This link is hidden for visitors. Please Log in or register now.
  - A YouTube channel focusing on Android reverse engineering.
• This link is hidden for visitors. Please Log in or register now.
  - Focusing on Reverse engineering Android applications and on using Frida to dynamically modify Android games.

Books​

• This link is hidden for visitors. Please Log in or register now.
  - An in-depth exploration of the inner-workings of Android: In Volume I, we take the perspective of the Power User as we delve into the foundations of Android, filesystems, partitions, boot process, native daemons and services.
• This link is hidden for visitors. Please Log in or register now.
  - Provides readers with a solid foundation in Arm assembly internals and reverse-engineering fundamentals as the basis for analysing and securing billions of Arm devices.
• This link is hidden for visitors. Please Log in or register now.
  - This book focuses on easily digestible, useful, and interesting techniques in Java and the Android system. Including: encryption and obfuscation, debugging, and APK extraction.
• This link is hidden for visitors. Please Log in or register now.
  - Focusing on Android and iOS operating systems, the book contains a series of succinct chapters that highlight key information, approaches, and tooling used by mobile penetration testers and offensive security practitioners.
• This link is hidden for visitors. Please Log in or register now.
  - Describing Android security architecture from the bottom up, delving into the implementation of major security-related components and subsystems, like Binder IPC, permissions, cryptographic providers, and device administration.
• This link is hidden for visitors. Please Log in or register now.
  - Examine the machine-learning techniques used to detect malicious apps, the types of classification models that defenders can use, and the various features of malware specimens that can become input to these models.

Tools​

Static Analysis Tools​

• This link is hidden for visitors. Please Log in or register now.
  - An open-source tool developed by LinkedIn for automatic Android app vulnerability scanning, including identifying potential security issues such as SQL injection, insecure data storage, and more.
• This link is hidden for visitors. Please Log in or register now.
  - The goal of Quark Script aims to provide an innovative way for mobile security researchers to analyze or pentest the targets. Based on Quark, we integrate decent tools as Quark Script APIs and make them exchange valuable intelligence to each other.
• This link is hidden for visitors. Please Log in or register now.
  - An open-source mobile app security testing framework that supports static and dynamic analysis of Android apps for vulnerabilities and privacy issues.
• This link is hidden for visitors. Please Log in or register now.
  - An open-source framework for analysing and scanning Android apps for security issues, including static and dynamic analysis capabilities.
• This link is hidden for visitors. Please Log in or register now.
  - Firmware unpacking tool applicable to the widest variety of vendors and formats.
• This link is hidden for visitors. Please Log in or register now.
  - Useful if you don’t have a JEB licence and want to open a decompiled (via JADx) app into a proper IDE.
• This link is hidden for visitors. Please Log in or register now.
  - An APK class dependency visualizer. Useful for attack surface mapping.
• This link is hidden for visitors. Please Log in or register now.
  - A simple command line utility that takes as an argument a 32-bit hexadecimal number, and parses it as an ARM-64 instruction, providing the disassembly.
• This link is hidden for visitors. Please Log in or register now.
  - COVA is a static analysis tool to compute path constraints based on user-defined APIs.
• This link is hidden for visitors. Please Log in or register now.
  - A tool for analysing Android APKs and extracting root, integrity, and tamper detection checks.

De-Obfuscation​

• This link is hidden for visitors. Please Log in or register now.
  - Obfu[DE]scate is a de-obfuscation tool for Android APKs that uses fuzzy comparison logic to identify similarities between functions, even if they have been renamed as part of obfuscation. It compares two versions of an APK and generates a mapping text file and an interactive HTML file as outputs!
• This link is hidden for visitors. Please Log in or register now.
  - A minimalist smali emulator that could be used to "decrypt" obfuscated strings.
• This link is hidden for visitors. Please Log in or register now.
  - Android virtual machine and deobfuscator.
• This link is hidden for visitors. Please Log in or register now.
  - Deoptfuscator is a tool for deobfuscating Android applications that have been transformed using control-flow obfuscation mechanisms.

Dynamic Analysis Tools​

• This link is hidden for visitors. Please Log in or register now.
  - An open-source framework for Android security testing that provides a comprehensive set of tools for dynamic analysis, including intercepting, modifying, and analysing app traffic.
• This link is hidden for visitors. Please Log in or register now.
  - strace for Android - for tracing system-level calls including Binder.
• This link is hidden for visitors. Please Log in or register now.
  - Command line tool to query SELinux policies.
• This link is hidden for visitors. Please Log in or register now.
  - Tool for mass gathering APKs from a device(s), decompiling, filtering on strings, etc.

Networking​

• This link is hidden for visitors. Please Log in or register now.
  - A popular commercial web security testing tool that can be used for analysing network traffic of Android apps for potential security vulnerabilities.
• This link is hidden for visitors. Please Log in or register now.
  - A widely used open-source network protocol analyzer that can capture, analyse, and dissect network traffic generated by Android apps for security analysis.
• This link is hidden for visitors. Please Log in or register now.
  - An open-source tool for intercepting and manipulating SSL/TLS encrypted traffic, which can be used for analysing SSL/TLS communication in Android apps.
• This link is hidden for visitors. Please Log in or register now.
  - An open-source man-in-the-middle proxy that allows for intercepting and analysing network traffic generated by Android apps for security testing and analysis.
• This link is hidden for visitors. Please Log in or register now.
  - A CLI application that automatically prepares Android APK files for HTTPS inspection.

Dynamic Instrumentation​

• This link is hidden for visitors. Please Log in or register now.
  - A dynamic instrumentation toolkit for Android apps that allows for runtime manipulation and analysis of app behaviour.
• Xposed Framework - A powerful framework for hooking and modifying the behaviour of Android apps at runtime, commonly used for reverse engineering and analysis.
• This link is hidden for visitors. Please Log in or register now.
  - A runtime mobile exploration tool for Android that provides various features for analysing, manipulating, and bypassing app security controls.
• This link is hidden for visitors. Please Log in or register now.
  - Frida web interface.
• This link is hidden for visitors. Please Log in or register now.
  - A Python script that utilises Frida to dump the memory of a running gadget, such as an app activity.
• This link is hidden for visitors. Please Log in or register now.
  - A Frida based tool to trace use of the JNI API in Android apps.
• This link is hidden for visitors. Please Log in or register now.
  - Binder Trace is a tool for intercepting and parsing Android Binder messages. Think of it as "Wireshark for Binder".

Decompilers​

• This link is hidden for visitors. Please Log in or register now.
  - An open-source tool for decompiling and analysing Android APK files into Java source code for reverse engineering and analysis.
• This link is hidden for visitors. Please Log in or register now.
  - Procyon is a suite of Java metaprogramming tools, including a rich reflection API, a LINQ-inspired expression tree API for runtime code generation, and a Java decompiler.
• This link is hidden for visitors. Please Log in or register now.
  - An open-source Java decompiler that supports decompilation of Android APK files into Java source code, including support for newer Java language features.
• This link is hidden for visitors. Please Log in or register now.
  - Fernflower is the first actually working analytical decompiler for Java and probably for a high-level programming language in general.
• This link is hidden for visitors. Please Log in or register now.
  - A popular open-source tool for decompiling and recompiling Android APK files.
• This link is hidden for visitors. Please Log in or register now.
  - A tool for converting Android DEX files to JAR files, which can be further analysed using Java decompilers.
• This link is hidden for visitors. Please Log in or register now.
  - JD-GUI is a standalone graphical utility that displays Java source codes of “.class” files.
• This link is hidden for visitors. Please Log in or register now.
  - A powerful commercial disassembler and debugger for analysing Android native code.
• This link is hidden for visitors. Please Log in or register now.
  - A free and open-source software reverse engineering (SRE) framework developed by the National Security Agency (NSA) that supports Android analysis.
• JEB Decompiler - A commercial decompiler for Android apps that can decompile APK files into Java source code for analysis.
• This link is hidden for visitors. Please Log in or register now.
  - A free and open-source reverse engineering framework that supports Android analysis, including disassembly, debugging, and binary analysis.
• This link is hidden for visitors. Please Log in or register now.
  - An open-source tool for analysing and reverse engineering Android apps, including decompiling APK files, analysing Dalvik bytecode, and more.
• This link is hidden for visitors. Please Log in or register now.
  - CLI tool for decompiling Android apps to Java. Doing both resources and Java (this repo is 9 years old, and so may not work with newer Android versions).
• This link is hidden for visitors. Please Log in or register now.
  - Convert an APK to an Android Studio Project using multiple open-source decompilers.
• This link is hidden for visitors. Please Log in or register now.
  - Open-source, cross platform Qt based IDE for reverse-engineering Android application packages.
• This link is hidden for visitors. Please Log in or register now.
  - An APK (android application), JAR & Dex decompiler for android.
• This link is hidden for visitors. Please Log in or register now.
  - APKLab seamlessly integrates Quark-Engine, Apktool, Jadx, uber-apk-signer, apk-mitm and more to VS Code.

Malware Analysis​

• This link is hidden for visitors. Please Log in or register now.
  - A machine learning malware analysis framework for Android apps.
• This link is hidden for visitors. Please Log in or register now.
  - CuckooDroid - Automated Android Malware Analysis with Cuckoo Sandbox.
• This link is hidden for visitors. Please Log in or register now.
  - A static code analyzer for malicious Android applications.

Resources​

Documentation​

• This link is hidden for visitors. Please Log in or register now.
  - Official documentation from Google on Android security, including topics related to reverse engineering.
• This link is hidden for visitors. Please Log in or register now.
  - A curated list of Android reverse engineering challenges and CTFs (Capture The Flag) for practice.
• This link is hidden for visitors. Please Log in or register now.
  - Open code search for Android source.
• This link is hidden for visitors. Please Log in or register now.
  - Repository of Android APKs from sources such as the Play Store and user uploads.
• This link is hidden for visitors. Please Log in or register now.
  - Repository of Android APKs from sources such as the Play Store and user uploads.

Case Studies​

• This link is hidden for visitors. Please Log in or register now.
• This link is hidden for visitors. Please Log in or register now.
• This link is hidden for visitors. Please Log in or register now.

CTFs and CrackMes​

• This link is hidden for visitors. Please Log in or register now.
  - A set of OWASP Android app Crackme's. These challenges are used as examples throughout the OWASP MASTG. Of course, you can also solve them for fun.
• This link is hidden for visitors. Please Log in or register now.
  - Android security workshop material taught during the CyberTruck Challenge 2019 (Detroit USA).
• This link is hidden for visitors. Please Log in or register now.
  - KGB Messenger is an open source CTF practice challenge that aims to help people learn how to reverse engineer Android applications.

Misc​

• This link is hidden for visitors. Please Log in or register now.
  - A local ADB shell for Android!
• This link is hidden for visitors. Please Log in or register now.
  - BDF is a Python tool designed to spin-up pseudo random vulnerable Android applications for training when it comes to vulnerability research, ethical hacking, and pen testing on Android apps.
• This link is hidden for visitors. Please Log in or register now.
  - A cli tool that helps signing and zip aligning single or multiple Android application packages (APKs) with either debug or provided release certificates. It supports v1, v2 and v3 Android signing scheme has an embedded debug keystore and auto verifies after signing.
• This link is hidden for visitors. Please Log in or register now.
  - Designed to serve as a parallel for understanding more complex Android tamper detection and integrity systems such as Google Play SafetyNet and Huawei Safety Detect.

Source​

This link is hidden for visitors. Please Log in or register now.