HubLensTrending › SimoneAvogadro/android-reverse-engineering-skill
SimoneAvogadro

android-reverse-engineering-skill

SecurityAndroidReverse EngineeringDecompilationAPI Extraction
View on GitHub
Share on XReddit
77
+340

// summary

This Claude Code skill automates the decompilation of Android APK, XAPK, JAR, and AAR files using powerful tools like jadx and Fernflower. It enables developers to extract HTTP APIs, Retrofit endpoints, and authentication patterns directly from compiled binaries. The tool also provides capabilities to trace complex call flows and analyze app architecture even when dealing with obfuscated code.

// technical analysis

This project functions as a specialized Claude Code skill designed to automate the reverse engineering of Android binaries, specifically targeting the extraction of HTTP APIs and network communication patterns. By integrating established decompilation engines like jadx and Fernflower, it enables users to reconstruct source code and trace complex call flows from UI components to network requests without original source access. The architecture prioritizes a modular workflow that handles obfuscated code and provides comparative analysis, making it a powerful tool for security researchers and developers needing to document undocumented API endpoints.

// key highlights

01
Automates the decompilation of APK, XAPK, JAR, and AAR files using industry-standard engines like jadx and Fernflower.
02
Extracts critical network information including Retrofit endpoints, OkHttp calls, and hardcoded URLs to facilitate API documentation.
03
Traces execution paths from high-level Android components like Activities and ViewModels down to low-level HTTP network calls.
04
Provides strategies for navigating and analyzing obfuscated code produced by ProGuard or R8.
05
Supports side-by-side decompilation comparisons between different engines to improve the accuracy of the reconstructed source code.
06
Includes automated dependency management scripts to simplify the setup of required tools like dex2jar and decompilation engines.

// use cases

01
Automated decompilation of Android binaries using multiple engine options
02
Extraction and documentation of HTTP APIs, Retrofit endpoints, and auth tokens
03
Tracing application call flows from UI components down to network requests

// getting started

To begin, ensure you have Java JDK 17+ installed and add the skill to Claude Code via the marketplace command or by cloning the repository locally. Once installed, you can trigger the workflow using the '/decompile' slash command followed by your target file path, or by using natural language prompts to request specific API extractions.