ThinRPlugin - 去除android中的R.class

•    Groovy

---

This tool will remove all the class in R.java except the styleable class and replace the referance into the constant value. So you can reduce the dex files number and apk size. The plugin has been used on the mogujie app, the apk size is reduced by 1MB (the original apk size of 40MB), the number of DEX reduced by 3.

android apk-size gradle-plugin proguard

apkleaks - Scanning APK file for URIs, endpoints & secrets.

•    Python

---

Scanning APK file for URIs, endpoints & secrets. APKLeaks using jadx disassembler to decompile APK file. If it doesn't exist in your environment, it'll ask you to download.

static-analysis reverse-engineering apk bugbounty android-security mobile-security apk-parser scanning-apk

tinker - Tinker is a hot-fix solution library for Android, it supports dex, library and resources update without reinstall apk

•    Java

---

Tinker is a hot-fix solution library for Android, it supports dex, library and resources update without reinstalling apk. Then you need to "apply" the plugin and add dependencies by adding the following lines to your app/build.gradle.

android dynamic hotfix wechat

gradle-play-publisher - Gradle Plugin to upload your APK and metadata to the Google Play Store

•    Kotlin

---

Gradle Play Publisher is a Gradle plugin that allows you to upload your APK and other app details to the Google Play Store from a continuous integration server or anywhere you have a command line. The first APK or App Bundle needs to be uploaded via the Google Play Console because registering the app with the Play Store cannot be done using the Play Developer API. For all subsequent uploads and changes this plugin can be used.

android-development play-store gradle-plugin

Mobile-Security-Framework-MobSF - Mobile Security Framework is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing framework capable of performing static analysis, dynamic analysis, malware analysis and web API testing

•    Python

---

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing framework capable of performing static, dynamic and malware analysis. It can be used for effective and fast security analysis of Android, iOS and Windows mobile applications and support both binaries (APK, IPA & APPX ) and zipped source code. MobSF can do dynamic application testing at runtime for Android apps and has Web API fuzzing capabilities powered by CapFuzz, a Web API specific security scanner. MobSF is designed to make your CI/CD or DevSecOps pipeline integration seamless. Your generous donations will keep us motivated.

static-analysis dynamic-analysis mobsf android-security mobile-security windows-mobile-security ios-security mobile-security-framework api-testing web-security malware-analysis runtime-security ci-cd devsecops apk ipa

fastdex - 🚀 加快 apk 的编译速度 🚀

•    Java

---

🚀 加快 apk 的编译速度 🚀

android gradle apk dx buck build-tool android-studio idea-plugin dex tinker instant-run hotfix androidstudio aapt multidex fast-build freeline freel layoutc dexloader

apk-dependency-graph - Android dependency visualizer

•    Javascript

---

Android dependency visualizer. It's a tool that helps to visualize current state of your project. It's really easy to see how tight your classes are coupled. You need at least Java 7 to run apktool and apk-dependency-graph jar files.

apk architecture decompile android-dependency-visualizer android

dex-method-list - A simple utility which lists all method references in a dex file.

•    Kotlin

---

A simple utility which lists all method references in an .apk, .aar, .dex, .jar, and/or .class files (and any combination of those).Build by calling ./gradlew clean assemble. Run ./build/dex-method-list by passing in one or more arguments or by piping data through stdin.

dex-member-list - A utility which lists all method and/or field references in a dex file.

•    Kotlin

---

A simple utility which lists all method or field references in an .apk, .aar, .dex, .jar, and/or .class files (and any combination of those). Build by calling ./gradlew clean assemble. Run ./build/dex-member-list or by passing in one or more arguments or by piping data through stdin.

010Editor-stuff - A collection of 010 Editor specific stuff

•    

---

A collection of 010Editor specific stuff. Scripts and templates that I've made or edited to suite my own purposes, mainly for Android based reversing/analysis, most will require 010Editor to work. These have only been tested on the native OSX version of 010Editor. If you come into any DEX files, or APK/JAR/ZIP files which these scripts/templates cannot properly parse, please feel free to email me directory, or submit an issue to this repo. I will gladly take a look at the issue and attempt to fix it! If you could attach the offending file, that would be even better.

PiracyChecker - An Android library that prevents your app from being pirated / cracked using Google Play Licensing (LVL), APK signature protection and more

•    Java

---

An Android library that prevents your app from being pirated / cracked using Google Play Licensing (LVL), APK signature protection and more. This library applies some techniques to help protect your app's users and attempt to thwart reverse engineers and attackers. BUT, this isn't guaranteed to stop your app from getting pirated. There is no such thing as 100% security, and a determined and skilled attacker with enough time, could remove these checks from the code. The real objective here is to raise the bar out of reach of opportunist and automatic attackers.

apk signature android-library attacker lvl apk-signature-protection verify gradle

ig-lazy-module-loader - Library that implements module lazy loading.

•    Java

---

This library helps with loading modules (features) in Android apps on demand, whenever needed. Before this library can be used a module needs to be compiled to a separate jar/dex or apk file. Right now, the library supports java libraries and android libraries which don't rely on android resources. Support for lazy loading resources may be added later.

ig-lazy-module-loader - Library that implements module lazy loading.

•    Java

---

This library helps with loading modules (features) in Android apps on demand, whenever needed. Before this library can be used a module needs to be compiled to a separate jar/dex or apk file. Right now, the library supports java libraries and android libraries which don't rely on android resources. Support for lazy loading resources may be added later.

backdoor-apk - backdoor-apk is a shell script that simplifies the process of adding a backdoor to any Android APK file

•    Shell

---

backdoor-apk is a shell script that simplifies the process of adding a backdoor to any Android APK file. Users of this shell script should have working knowledge of Linux, Bash, Metasploit, Apktool, the Android SDK, smali, etc. This shell script is provided as-is without warranty of any kind and is intended for educational purposes only.

android android-sdk apk android-development smali apktool metasploit

Yalp Store - Download apks from Google Play Store

•    Java

---

Yalp Store lets you download apps from Google Play Store as apk files. It can search for updates of installed apps and lets you search for other apps. Yalp saves downloaded apks to your default download folder. Other features include browsing categories, viewing and leaving reviews, black/whitelisting apps for updates, filtering apps by being free/paid and containing/not containing ads.

play-store yalp-store apk playstore android-application floss downloads-apks android-tv

bytecode-viewer - A Java 8 Jar & Android APK Reverse Engineering Suite (Decompiler, Editor, Debugger & More)

•    Java

---

A Java 8 Jar & Android APK Reverse Engineering Suite (Decompiler, Editor, Debugger & More)

APKParser - APK parser for Android

•    Java

---

The easiest way is to use the ApkParser class, which contains convenient methods to get AndroidManifest.xml, apk meta infos, etc. #####1. Apk meta info ApkMeta contains name(label), packageName, version, sdk, used features, etc. The PreferredLocale parameter work for getApkMeta, getManifestXml, and other binary xmls. Apk parser will find best match languages with locale you specified.

JADX - Dex to Java decompiler

•    Java

---

Command line and GUI tools for produce Java source code from Android Dex and Apk files.

android decompiler dex-to-java

redex - A bytecode optimizer for Android apps

•    C++

---

ReDex is an Android bytecode (dex) optimizer originally developed at Facebook. It provides a framework for reading, writing, and analyzing .dex files, and a set of optimization passes that use this framework to improve the bytecode. An APK optimized by ReDex should be smaller and faster than its source.Getting these dependences is easiest using a package manager.

Coil - Image loading for Android backed by Kotlin Coroutines

•    Kotlin

---

Coil is an image loading library for Android backed by Kotlin Coroutines. Coil performs a number of optimizations including memory and disk caching, downsampling the image in memory, re-using bitmaps, automatically pausing/cancelling requests, and more. It adds ~2000 methods to your APK (for apps that already use OkHttp and Coroutines), which is comparable to Picasso and significantly less than Glide and Fresco.

images coroutines okhttp image-loader kotlin-coroutines okio androidx