forked from user1342/Awesome-Android-Reverse-Engineering
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathindex.html
More file actions
201 lines (175 loc) · 14 KB
/
index.html
File metadata and controls
201 lines (175 loc) · 14 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<title>Awesome Android Reverse Engineering - Tools, Training & Resources</title>
<meta name="description" content="Comprehensive guide to Android reverse engineering tools, training materials, courses, books, and CTF challenges for mobile security analysis." />
<meta name="keywords" content="Android reverse engineering, APK analysis, mobile security, decompilers, dynamic analysis, malware detection" />
<meta name="robots" content="index, follow" />
<script type="application/ld+json">
{
"@context": "https://schema.org",
"@type": "WebPage",
"name": "Awesome Android Reverse Engineering",
"description": "Comprehensive guide to Android reverse engineering tools and resources",
"url": "https://vi0sapio.github.io/Awesome-Android-Reverse-Engineering/"
}
</script>
<style>
svg.markmap {
width: 100vw;
height: 100vh;
}
</style>
</head>
<body>
<div class="markmap">
<script type="text/template" >
---
markmap:
embedAssets: true
activeNode: {}
colorFreezeLevel: 3
spacingVertical: 6
lineWidth: 1.5
initialExpandLevel: 3
---
# Reverse-Engineering
- [ ] [Training](#training)
- [ ] [Courses and Material](#courses-and-material)
- [ ] [Videos](#videos)
- [ ] [Books](#books)
- [ ] [Tools](#tools)
- [ ] [Static Analysis Tools](#static-analysis-tools)
- [ ] [Dynamic Analysis Tools](#dynamic-analysis-tools)
- [ ] [Decompilers](#decompilers)
- [ ] [Malware Analysis](#malware-analysis)
- [ ] [Resources](#resources)
- [ ] [Documentation](#documentation)
- [ ] [Case Studies](#case-studies)
- [ ] [CTFs and CrackMes](#ctfs-and-crackmes)
- [ ] [Misc](#misc)
- [ ] [Obfuscation & Anti-Reversing](#obfuscation--anti-reversing)
- [ ] [Firmware & Kernel Analysis](#firmware--kernel-analysis)
- [ ] [Cloud API & Web Services Reversing](#cloud-api--web-services-reversing)
## Training
### [ ] Books
- [ ] [☆ Android Internals: A Confectioner's Cookbook](http://newandroidbook.com/) - An in-depth exploration of the inner-workings of Android.
- [ ] [Blue Fox: Arm Assembly Internals and Reverse Engineering](https://www.amazon.co.uk/dp/1119745306) - Provides a solid foundation in ARM assembly internals.
- [ ] [Android Software Internals Quick Reference](https://www.amazon.co.uk/Android-Software-Internals-Quick-Reference/dp/1484269136) - Techniques in Java and Android system internals.
- [ ] [☆ Mobile Offensive Security Pocket Guide](https://www.amazon.co.uk/Mobile-Offensive-Security-Pocket-Guide/dp/1399921959) - Key information, approaches, and tooling for mobile penetration testers.
- [ ] [Android Security Internals](https://nostarch.com/androidsecurity) - Detailed look into Android security architecture.
- [ ] [Android Malware Detection with Machine Learning](https://nostarch.com/androidmalwaredetection) - Machine learning techniques for detecting malicious apps.
- [ ] [Android Hacker's Handbook](https://www.amazon.com/Android-Hackers-Handbook-Joshua-Drake/dp/111860864X/) - A deep dive into Android exploitation and forensics.
- [ ] [Practical Reverse Engineering](https://www.amazon.com/Practical-Reverse-Engineering-Reversing-Obfuscation/dp/1118787315/) - Covers low-level reverse engineering concepts, including ARM assembly.
- [ ] [The IDA Pro Book](https://nostarch.com/idapro2.htm) - Essential for advanced IDA Pro techniques.
### [ ] Courses and Material
- [ ] [☆ Maddie Stone's Android Reverse Engineering Training](https://www.ragingrock.com/AndroidAppRE/) - A comprehensive online training course on Android reverse engineering by Maddie Stone.
- [ ] [Introduction to Assembly from Azeria Labs](https://azeria-labs.com/writing-arm-assembly-part-1/) - Covering everything from data types, registers, the ARM instruction set, memory instructions, and more.
### [ ] Videos
- [ ] [Kristina Balaam Android Reverse Engineering](https://www.youtube.com/@chmodxx) - A video series on reverse engineering basics and reverse engineering Android malware.
- [ ] [LaurieWired Android Reverse Engineering videos](https://www.youtube.com/@lauriewired) - A YouTube channel focusing on Android reverse engineering.
- [ ] [Using Frida To Modify Android Games | Mobile Dynamic Instrumentation](https://www.youtube.com/watch?v=BXtAujoPhQw) - Focusing on reverse engineering Android applications and on using Frida to dynamically modify Android games.
## Tools
### [ ] Static Analysis Tools
- [ ] [QARK](https://github.com/linkedin/qark) - An open-source tool for automatic Android app vulnerability scanning.
- [ ] [Quark Engine](https://github.com/quark-engine/quark-engine) - Integrates various tools as Quark Script APIs for mobile security research.
- [ ] [MobSF](https://github.com/MobSF/Mobile-Security-Framework-MobSF) - Supports both static and dynamic analysis for Android app security testing.
- [ ] [AndroBugs Framework](https://github.com/AndroBugs/AndroBugs_Framework) - Analyzes and scans Android apps for security issues.
- [ ] [☆ imjtool](http://newandroidbook.com/tools/imjtool.html) - Firmware unpacking tool for various vendors and formats.
- [ ] [Android Studio](https://developer.android.com/studio) - Useful for analyzing decompiled apps via an IDE.
- [ ] [☆ APK Dependency Graph](https://github.com/alexzaitsev/apk-dependency-graph) - Visualizes APK class dependencies.
- [ ] [disarm](http://newandroidbook.com/tools/disarm.html) - Command line utility for parsing ARM-64 instructions.
- [ ] [COVA](https://github.com/secure-software-engineering/COVA) - Computes path constraints based on user-defined APIs.
- [ ] [DIS{integrity}](https://github.com/user1342/DISintegrity) - Analyzes APKs for root, integrity, and tamper detection.
- [ ] [Dexcalibur](https://github.com/FrenchYeti/dexcalibur) - Automated tool for analyzing and instrumenting Android applications.
### [ ] De-Obfuscation
- [ ] [☆ Obfu[DE]scate](https://github.com/user1342/Obfu-DE-Scate) - De-obfuscation tool that uses fuzzy comparison logic.
- [ ] [TinySmaliEmulator](https://github.com/amoulu/TinySmaliEmulator) - Minimalist smali emulator for "decrypting" obfuscated strings.
- [ ] [simplify](https://github.com/CalebFenton/simplify) - Android virtual machine and deobfuscator.
- [ ] [deoptfuscator](https://github.com/Gyoonus/deoptfuscator) - Tool for deobfuscating apps using control-flow obfuscation.
### [ ] Dynamic Analysis Tools
- [ ] [Drozer](https://github.com/WithSecureLabs/drozer) - Framework for Android security testing with dynamic analysis features.
- [ ] [jtrace](http://newandroidbook.com/tools/jtrace.html) - Similar to strace, but for Android system calls.
- [ ] [sesearch](https://linux.die.net/man/1/sesearch) - Command line tool for querying SELinux policies.
- [ ] [AutoDroid](https://github.com/user1342/AutoDroid) - Mass APK gathering and analysis tool.
- [ ] **Networking:**
- [x] [☆ Burp Suite](https://portswigger.net/burp) - Commercial tool for analyzing network traffic of Android apps.
- [x] [Wireshark](https://www.wireshark.org/) - Open-source network protocol analyzer.
- [ ] [SSLsplit](https://github.com/droe/sslsplit) - Intercepts and manipulates SSL/TLS encrypted traffic.
- [ ] [MITMProxy](https://mitmproxy.org/) - Man-in-the-middle proxy for analyzing network traffic.
- [ ] [apk-mitm](https://github.com/shroudedcode/apk-mitm) - Prepares APKs for HTTPS inspection.
- [ ] **Dynamic Instrumentation:**
- [x] [☆ Frida](https://frida.re/) - Dynamic instrumentation toolkit for runtime manipulation.
- [ ] **Xposed Framework** - For hooking and modifying app behavior at runtime.
- [x] [☆ Objection](https://github.com/sensepost/objection) - Runtime exploration tool to bypass app security controls.
- [ ] [RMS Runtime Mobile Security](https://github.com/m0bilesecurity/RMS-Runtime-Mobile-Security) - Frida web interface.
- [ ] [☆ FriDump](https://github.com/Nightbringer21/fridump) - Uses Frida to dump memory of running apps.
- [ ] [jnitrace](https://github.com/chame1eon/jnitrace) - Frida-based JNI API tracer.
- [ ] [☆ Binder Trace](https://github.com/foundryzero/binder-trace) - Intercepts and parses Android Binder messages.
### [ ] Decompilers
- [x] [☆ JADX](https://github.com/skylot/jadx) - Decompiles APKs into Java source code.
- [ ] [Procyon](https://github.com/mstrobel/procyon) - Suite of Java decompilation tools.
- [ ] [Cfr](https://github.com/leibnitz27/cfr) - Supports decompilation of Android APK files.
- [ ] [FernFlower](https://github.com/JetBrains/intellij-community/tree/master/plugins/java-decompiler/engine) - Analytical decompiler for Java.
- [x] [☆ Apktool](https://ibotpeaches.github.io/Apktool/) - Popular tool for decompiling/recompiling APK files.
- [x] [DEX2JAR](https://github.com/pxb1988/dex2jar) - Converts DEX files to JAR files.
- [ ] [JDGui](http://java-decompiler.github.io/) - Graphical utility to view Java source from class files.
- [ ] [IDA Pro](https://hex-rays.com/ida-pro/) - Commercial disassembler and debugger.
- [x] [☆ Ghidra](https://ghidra-sre.org/) - Free and open-source SRE framework.
- [ ] **Additional Decompilers:**
- JEB Decompiler - Commercial decompiler for Android apps.
- [x] [Radare2](https://rada.re/n/) - Reverse engineering framework with disassembly and debugging.
- [ ] [Androguard](https://github.com/androguard/androguard) - Analyzes and reverse engineers Android apps.
- [ ] [apk2gold](https://github.com/lxdvs/apk2gold) - Decompiles Android apps to Java (note: may be outdated).
- [ ] [AndroidProjectCreator](https://github.com/ThisIsLibra/AndroidProjectCreator) - Converts APKs to Android Studio projects.
- [x] [APK Studio](https://github.com/vaibhavpandeyvpz/apkstudio) - Qt-based IDE for reverse-engineering APKs.
- [ ] [show-java](https://github.com/niranhttps://gist.githubusercontent.com/raw/af76a4c245b302206b16aec503dbe07b/markmap.mdjan94/show-java) - APK, JAR & Dex decompiler.
- [ ] [☆ APKLab](https://marketplace.visualstudio.com/items?itemName=Surendrajat.apklab) - VS Code extension integrating multiple tools.
### [ ] Malware Analysis
- [ ] [DroidDetective](https://github.com/user1342/DroidDetective) - Machine learning malware analysis for Android apps.
- [ ] [Cuckoo Droid](https://github.com/idanr1986/cuckoodroid-2.0) - Automated Android malware analysis with Cuckoo Sandbox.
- [ ] [androwarn](https://github.com/maaaaz/androwarn) - Static code analyzer for malicious Android applications.
## Resources
### [ ] Documentation
- [ ] [Android Security Documentation](https://source.android.com/docs/security) - Official Google documentation on Android security.
- [ ] [Android Reverse Engineering Challenges](https://github.com/apsdehal/awesome-ctf#reverse-engineering) - Curated list of reverse engineering challenges and CTFs.
- [ ] [AndroidXref](http://androidxref.com/) - Open code search for Android source.
- [ ] [APKMirror](https://www.apkmirror.com/) - Repository of APKs from the Play Store and user uploads.
- [ ] [APKPure](https://m.apkpure.com/) - Repository of APKs for testing and research.
### [ ] Case Studies
- [ ] [A Reverse Engineer's Post-mortem Of The Houseparty Video Chat App](https://www.jamesstevenson.me/a-reverse-engineers-post-mortem-of-the-houseparty-video-chat-app/)
- [ ] [SharkBot: a "new" generation Android banking Trojan being distributed on Google Play Store](https://research.nccgroup.com/2022/03/03/sharkbot-a-new-generation-android-banking-trojan-being-distributed-on-google-play-store/)
- [ ] [In-the-Wild Series: Android Exploits](https://googleprojectzero.blogspot.com/2021/01/in-wild-series-android-exploits.html)
## CTFs and CrackMes
- [ ] [☆ UnCrackable Mobile Apps](https://github.com/OWASP/owasp-mastg/tree/master/Crackmes) - OWASP Android app CrackMes.
- [ ] [CyberTruckChallenge19](https://github.com/nowsecure/cybertruckchallenge19) - Security workshop material from CyberTruck Challenge 2019.
- [ ] [KGB Messenger](https://github.com/tlamb96/kgb_messenger) - CTF challenge for learning Android reverse engineering.
- [ ] [Flare-On Challenge](https://www.fireeye.com/services/flare-on.html) - High-level reverse engineering CTF with Android challenges.
- [ ] [OverTheWire Narnia](http://overthewire.org/wargames/narnia/) - Not Android-specific but excellent for binary exploitation practice.
## Misc
- [ ] [LADB](https://github.com/tytydraco/LADB) - Local ADB shell for Android.
- [ ] [Broken Droid Factory](https://github.com/user1342/Broken-Droid-Factory) - Generates pseudo-random vulnerable Android apps for training.
- [ ] [uber-apk-signer](https://github.com/patrickfav/uber-apk-signer) - CLI tool for signing and zip aligning APKs.
- [ ] [RUNIC tamper detection demo](https://github.com/user1342/RUNIC) - Demo for understanding Android tamper detection and integrity systems.
## Obfuscation & Anti-Reversing
- [ ] **Obfuscation Tools:**
- [ ] [ProGuard](https://www.guardsquare.com/manual/configuration/usage) - Code shrinker, optimizer, and obfuscator.
- [ ] [R8](https://developer.android.com/studio/build/shrink-code) - Google's code shrinker and obfuscator.
- [ ] [DexGuard](https://www.guardsquare.com/dexguard) - Commercial tool for advanced app obfuscation.
- [ ] **Anti-Reversing Techniques:**
- [ ] [Android Tamper Detection Framework (ATDF)](https://github.com/Fuzion24/AndroidTamperDetection) - Implements tamper detection.
- [ ] [Paranoid](https://github.com/sundaysec/Paranoid) - Detects root and tampering.
- [ ] [libhooker](https://github.com/hluwa/libhooker) - Detects hooking frameworks like Frida and Xposed.
## Firmware & Kernel Analysis
- [ ] [Binwalk](https://github.com/ReFirmLabs/binwalk) - Analyze, extract, and reverse engineer firmware images.
- [ ] [AFLSmart](https://github.com/aflsmart/aflsmart) - Fuzzer optimized for firmware image analysis.
- [ ] [Android Kernel Exploits](https://github.com/saelo/android_kernel_exploitation) - Collection of kernel vulnerabilities and exploit techniques.
- [ ] [FirmWire](https://github.com/FirmWire/FirmWire) - Dynamic analysis platform for baseband firmware.
</script>
</div>
</body>
<script src="https://cdn.jsdelivr.net/npm/markmap-autoloader@0.18"></script>
</html>