in thexxturboxx/dex2jar

Description This vulnerability is originally reported to pxb1988/dex2jar, but re-sending it again for maintained fork repository as requested. dex2jar is a set of tools to work with android .dex and java .class files. In these tools, there is a tool called "dex2smali", and this tool allows a...

in jesusfreke/smali

Description The loadResourceIds function makes use of SAXParser generated from a SAXParserFactory with no FEATURESECUREPROCESSING set, allowing for XXE attacks. In...

How to install Frida into an Android application

On a recent job I was testing a rather interesting piece of technology that had several server side checks but they wanted to add some additional security on the client side. Great!! One of these additional checks was to see if Frida was running on the device, this was proving a difficult nut to...

NinjaDroid - Ninja Reverse Engineering On Android APK Packages

NinjaDroid is a simple tool to reverse engineering Android APK packages. Published at: https://snapcraft.io/ninjadroid $ snap install ninjadroid --channel=beta Overview NinjaDroid uses AXMLParser together with a series of Python scripts based on aapt, keytool, string and such to extract a series ...

APKLab - Android Reverse Engineering WorkBench For VS Code

APKLab seamlessly integrates the best open-source tools: Apktool, Jadx, uber-apk-signer and more to the excellent VS Code so you can focus on app analysis and get it done without leaving the IDE. Features Decode all the resources from an APK Disassemble the APK to Dalvik bytecode aka Smali...

Obfuscapk - A Black-Box Obfuscation Tool For Android Apps

Obfuscapk is a modular Python tool for obfuscating Android apps without needing their source code, since apktool is used to decompile the original apk file and to build a new application, after applying some obfuscation techniques on the decompiled smali code, resources and manifest. The obfuscat...

'Legit Apps Turned into Spyware' Targeting Android Users in Middle East

Cybersecurity researchers are warning about an ongoing Android malware campaign that has been active since 2016 and was first publicly reported in August 2018. Dubbed "ViceLeaker" by researchers at Kaspersky, the campaign has recently been found targeting Israeli citizens and some other middle...

'Legit Apps Turned into Spyware' Targeting Android Users in Middle East

Cybersecurity researchers are warning about an ongoing Android malware campaign that has been active since 2016 and was first publicly reported in August 2018. Dubbed "ViceLeaker " by researchers at Kaspersky, the campaign has recently been found targeting Israeli citizens and some other middle...

Androwarn - Yet Another Static Code Analyzer For Malicious Android Applications

Androwarn is a tool whose main aim is to detect and warn the user about potential malicious behaviours developped by an Android application. The detection is performed with the static analysis of the application's Dalvik bytecode, represented as Smali, with the androguard library. This analysis...

Dex2Jar - Tools To Work With Android .Dex And Java .Class Files

dex2jar Tools to work with android .dex and java .class files 1. dex-reader/writer: Read/write the Dalvik Executable .dex file. It has a light weight API similar with ASM. 2. d2j-dex2jar: Convert .dex file to .class files zipped as jar 3. smali/baksmali: disassemble dex to smali files and assembl...

Apktool - A Tool For Reverse Engineering Android APK Files

A tool for reverse engineering 3rd party, closed, binary Android apps. It can decode resources to nearly original form and rebuild them after making some modifications. It also makes working with an app easier because of the project like file structure and automation of some repetitive tasks like...

Adhrit - Android APK Reversing And Analysis Tool That Can Help Secuity Researchers And CTF Enthusiasts Alike

Adhrit is an open source Android APK reversing and analysis tool that can help security researchers and CTF enthusiasts alike. The tool is an effort to cut down on the amount of time spent on reversing and basic reconnaissance of Android applications. The project is still under progress and will...

Reverse Engineering Android apk Files: Apktool

ApkTool is a tool for reverse engineering 3rd party, closed, binary Android apps. It can decode resources to nearly original form and rebuild them after making some modifications; it makes possible to debug smali code step by step. Also it makes working with app easier because of project-like fil...

Dex-Oracle - A pattern based Dalvik deobfuscator which uses limited execution to improve semantic analysis

A pattern based Dalvik deobfuscator which uses limited execution to improve semantic analysis. Also, the inspiration for another Android deobfuscator: Simplify. Before After sha1: a68d5d2da7550d35f7dbefc21b7deebe3f4005f3 md5: 2dd2eeeda08ac8c15be8a9f2d01adbe8 Installation Step 1. Install Smali /...

Bytecode Viewer - A Java 8 Jar & Android Apk Reverse Engineering Suite (Decompiler, Editor, Debugger & More)

Bytecode Viewer is an Advanced Lightweight Java Bytecode Viewer, GUI Java Decompiler, GUI Bytecode Editor, GUI Smali, GUI Baksmali, GUI APK Editor, GUI Dex Editor, GUI APK Decompiler, GUI DEX Decompiler, GUI Procyon Java Decompiler, GUI Krakatau, GUI CFR Java Decompiler, GUI FernFlower Java...

backdoor-apk - shell script that simplifies the process of adding a backdoor to any Android APK file

backdoor-apk is a shell script that simplifies the process of adding a backdoor to any Android APK file. Users of this shell script should have working knowledge of Linux, Bash, Metasploit, Apktool, the Android SDK, smali, etc. This shell script is provided as-is without warranty of any kind and ...

Backdooring Android APK: backdoor-apk

Backdooring Android APK backdoor-apk is a shell script that simplifies the process of adding a backdoor to any Android APK file. Users of this shell script should have working knowledge of Linux, Bash, Metasploit, Apktool, the Android SDK, smali, etc. This shell script is provided as-is without...

MARA Framework - Mobile Application Reverse engineering and Analysis Framework

MARA is a M obile A pplication R everse engineering and A nalysis Framework. It is a tool that puts together commonly used mobile application reverse engineering tools, in order to make the task or reverse engineering and analysis easier and friendly to mobile application developers and security...

Backdoor Android APK: backdoor-apk

backdoor-apk is a shell script that simplifies the process of adding a backdoor to any Android APK file. Users of this shell script should have working knowledge of Linux, Bash, Metasploit, Apktool, the Android SDK, smali, etc. This shell script is provided as-is without warranty of any kind and ...

[APKinspector] Powerful GUI tool to analyze the Android applications

The goal of this project is to aide analysts and reverse engineers to visualize compiled Android packages and their corresponding DEX code. APKInspector provides both analysis functions and graphic features for the users to gain deep insight into the malicious apps: CFG Call Graph Static...