A curated list of awesome Android Reverse Engineering training, resources, and tools.
Awesome-Android-Reverse-Engineering is an amazing list for people who work in taking apart Android applications, systems, or components. Simply press ctrl + F to search for a keyword, go through our Contents Menu, or lookout for a '☆' indicating some great and up-to-date resources.
- Training
- Tools
- Resources
- CTFs and CrackMes
- Misc
- Obfuscation & Anti-Reversing
- Firmware & Kernel Analysis
- Cloud API & Web Services Reversing
- ☆ Maddie Stone's Android Reverse Engineering Training - A comprehensive online training course on Android reverse engineering by Maddie Stone.
- Introduction to Assembly from Azeria Labs - Covering everything from data types, registers, the ARM instruction set, memory instructions, and more.
- Kristina Balaam Android Reverse Engineering - A video series on reverse engineering basics and reverse engineering Android malware.
- LaurieWired Android Reverse Engineering videos - A YouTube channel focusing on Android reverse engineering.
- Using Frida To Modify Android Games | Mobile Dynamic Instrumentation - Focusing on reverse engineering Android applications and on using Frida to dynamically modify Android games.
- ☆ Android Internals: A Confectioner's Cookbook - An in-depth exploration of the inner-workings of Android.
- Blue Fox: Arm Assembly Internals and Reverse Engineering - Provides a solid foundation in ARM assembly internals.
- Android Software Internals Quick Reference - Techniques in Java and Android system internals.
- ☆ Mobile Offensive Security Pocket Guide - Key information, approaches, and tooling for mobile penetration testers.
- Android Security Internals - Detailed look into Android security architecture.
- Android Malware Detection with Machine Learning - Machine learning techniques for detecting malicious apps.
- Android Hacker's Handbook - A deep dive into Android exploitation and forensics.
- Practical Reverse Engineering - Covers low-level reverse engineering concepts, including ARM assembly.
- The IDA Pro Book - Essential for advanced IDA Pro techniques.
- QARK - An open-source tool for automatic Android app vulnerability scanning.
- Quark Engine - Integrates various tools as Quark Script APIs for mobile security research.
- MobSF - Supports both static and dynamic analysis for Android app security testing.
- AndroBugs Framework - Analyzes and scans Android apps for security issues.
- ☆ imjtool - Firmware unpacking tool for various vendors and formats.
- Android Studio - Useful for analyzing decompiled apps via an IDE.
- ☆ APK Dependency Graph - Visualizes APK class dependencies.
- disarm - Command line utility for parsing ARM-64 instructions.
- COVA - Computes path constraints based on user-defined APIs.
- DIS{integrity} - Analyzes APKs for root, integrity, and tamper detection.
- Dexcalibur - Automated tool for analyzing and instrumenting Android applications.
- ☆ Obfu[DE]scate - De-obfuscation tool that uses fuzzy comparison logic.
- TinySmaliEmulator - Minimalist smali emulator for "decrypting" obfuscated strings.
- simplify - Android virtual machine and deobfuscator.
- deoptfuscator - Tool for deobfuscating apps using control-flow obfuscation.
- Drozer - Framework for Android security testing with dynamic analysis features.
- jtrace - Similar to strace, but for Android system calls.
- sesearch - Command line tool for querying SELinux policies.
- AutoDroid - Mass APK gathering and analysis tool.
- Networking:
- ☆ Burp Suite - Commercial tool for analyzing network traffic of Android apps.
- Wireshark - Open-source network protocol analyzer.
- SSLsplit - Intercepts and manipulates SSL/TLS encrypted traffic.
- MITMProxy - Man-in-the-middle proxy for analyzing network traffic.
- apk-mitm - Prepares APKs for HTTPS inspection.
- Dynamic Instrumentation:
- ☆ Frida - Dynamic instrumentation toolkit for runtime manipulation.
- Xposed Framework - For hooking and modifying app behavior at runtime.
- ☆ Objection - Runtime exploration tool to bypass app security controls.
- RMS Runtime Mobile Security - Frida web interface.
- ☆ FriDump - Uses Frida to dump memory of running apps.
- jnitrace - Frida-based JNI API tracer.
- ☆ Binder Trace - Intercepts and parses Android Binder messages.
- ☆ JADX - Decompiles APKs into Java source code.
- Procyon - Suite of Java decompilation tools.
- Cfr - Supports decompilation of Android APK files.
- FernFlower - Analytical decompiler for Java.
- ☆ Apktool - Popular tool for decompiling/recompiling APK files.
- DEX2JAR - Converts DEX files to JAR files.
- JDGui - Graphical utility to view Java source from class files.
- IDA Pro - Commercial disassembler and debugger.
- ☆ Ghidra - Free and open-source SRE framework.
- Additional Decompilers:
- JEB Decompiler - Commercial decompiler for Android apps.
- Radare2 - Reverse engineering framework with disassembly and debugging.
- Androguard - Analyzes and reverse engineers Android apps.
- apk2gold - Decompiles Android apps to Java (note: may be outdated).
- AndroidProjectCreator - Converts APKs to Android Studio projects.
- APK Studio - Qt-based IDE for reverse-engineering APKs.
- show-java - APK, JAR & Dex decompiler.
- ☆ APKLab - VS Code extension integrating multiple tools.
- DroidDetective - Machine learning malware analysis for Android apps.
- Cuckoo Droid - Automated Android malware analysis with Cuckoo Sandbox.
- androwarn - Static code analyzer for malicious Android applications.
- Android Security Documentation - Official Google documentation on Android security.
- Android Reverse Engineering Challenges - Curated list of reverse engineering challenges and CTFs.
- AndroidXref - Open code search for Android source.
- APKMirror - Repository of APKs from the Play Store and user uploads.
- APKPure - Repository of APKs for testing and research.
- A Reverse Engineer’s Post-mortem Of The Houseparty Video Chat App
- SharkBot: a “new” generation Android banking Trojan being distributed on Google Play Store
- In-the-Wild Series: Android Exploits
- ☆ UnCrackable Mobile Apps - OWASP Android app CrackMes.
- CyberTruckChallenge19 - Security workshop material from CyberTruck Challenge 2019.
- KGB Messenger - CTF challenge for learning Android reverse engineering.
- Flare-On Challenge - High-level reverse engineering CTF with Android challenges.
- OverTheWire Narnia - Not Android-specific but excellent for binary exploitation practice.
- LADB - Local ADB shell for Android.
- Broken Droid Factory - Generates pseudo-random vulnerable Android apps for training.
- uber-apk-signer - CLI tool for signing and zip aligning APKs.
- RUNIC tamper detection demo - Demo for understanding Android tamper detection and integrity systems.
- Obfuscation Tools:
- Anti-Reversing Techniques:
- Android Tamper Detection Framework (ATDF) - Implements tamper detection.
- Paranoid - Detects root and tampering.
- libhooker - Detects hooking frameworks like Frida and Xposed.
- Binwalk - Analyze, extract, and reverse engineer firmware images.
- AFLSmart - Fuzzer optimized for firmware image analysis.
- Android Kernel Exploits - Collection of kernel vulnerabilities and exploit techniques.
- FirmWire - Dynamic analysis platform for baseband firmware.
- Postman - API development and testing tool for analyzing Android network interactions.
- Burp Suite Extensions for Mobile - Plugins useful for API reversing.
- GraphQL Raider - Burp Suite extension for discovering and exploiting GraphQL APIs.
- Mobile API Recon - Automates API discovery in Android apps.
Your contributions are always welcome! Please read the contribution guidelines first. We follow the Contributor Covenant Code of Conduct, so please review and adhere to it when contributing.
This project is licensed under the MIT License - see the LICENSE.md file for details.
