240
edits
Changes
m
heap of fixes + more shit
::*[https://github.com/smourier/TraceSpy TraceSpy] - is a open source and free, alternative to the very popular SysInternals DebugView tool.
=====JAVA (JVM)Decompilers=====
:*[https://github.com/Col-E/Recaf Recaf] - Recaf is an open-source Java bytecode editor that simplifies the process of editing compiled Java applications.
======JAVA (ART/APK)======
The tooling you need for Android application reverse engineering of the Java virtual machine bytecode. Traditional Java Virtual Machine (JVM) and Android Runtime (ART) that utilizes AOT compilation over JIT.
:*[https://github.com/skylot/jadx Jadx] - Dex to Java decompiler. Command-line and GUI tools for producing Java source code from Android Dex and apk files.
:*[https://github.com/honeynet/apkinspector/ APKinspector] - is a powerful GUI tool for analysts to analyze the Android applications.
:*[https://apktool.org/ Apktool] - A tool for reverse engineering Android apk files.
:*[https://github.com/androguard/androguard Androguard] - is a full python tool to play with Android files. DEX, ODEX; APK; Android's binary xml; Android resources; Disassemble DEX/ODEX bytecodes.
:*[https://github.com/Konloch/bytecode-viewer Bytecode viewer] - is a Java 8+ Jar & Android APK Reverse Engineering Suite (Decompiler, Editor, Debugger & More)
:*[https://github.com/niranjan94/show-java ShowJava] - is an APK (android application), JAR & Dex decompiler for android.
:*[https://github.com/JesusFreke/smali smali/baksmali] - is an assembler/disassembler for the dex format used by dalvik, Android's Java VM implementation. The syntax is loosely based on Jasmin's/dedexer's syntax.
=====React Native Hermes bytecode=RASP (Runtime Application Self-Protection) Android======To effectively audit applications, testers often intentionally make their devices vulnerable to simplify testing.<br>:*[https://githubIn response, application developers implement countermeasures such as detecting emulators, debuggers, and checking if the device is secure and not rooted.com/P1sec/hermes-dec hermes-dec] - A reverse engineering tool for decompiling <br>The current focus of this technology is on the vulnerabilities of Java and disassembling the React Native Hermes bytecode.NET platforms.:*[https://githubarxiv.comorg/Pilferpdf/hermes_rs hermes_rs2312.17726 arXiv:2312.17726 (cs.CR)] - Bytecode disassembler is a paper regarding Interactive Application Security Testing (IAST) and assemblerRASP Tools.:*[https://github.com/bongtropsecurevale/hbctool hbctoolandroid-rasp Android-RASP] - Hermes Bytecode Reverse Engineering Tool (Assemble/Disassemble Hermes Bytecode)is a solution for protecting Android apps against being run on vulnerable devices.
======JAVA deobfuscators (mixed platforms)======
There is nothing more annoying than coroutines (ProGuard), c-flow, function virtualization, class and name renaming and junk code while decompiling code. Here are a few off the shelf deobfuscators.
:*[https://github.com/CalebFenton/simplify simplify] - Android virtual machine and generic deobfuscator.
:*[https://github.com/java-deobfuscator/deobfuscator deobfuscator] - is a project that aims to deobfuscate most commercially-available obfuscators for Java. [https://github.com/java-deobfuscator/deobfuscator-gui GUI version github]
:*[https://github.com/GraxCode/threadtear Threadtear] - is a multifunctional deobfuscation tool for java, ZKM and Stringer support, Android support is in development.
:*[https://github.com/narumii/Deobfuscator Another Deobfuscator] - Some deobfuscator for java. Supports superblaubeere27 / JObf / sb27, Paramorphism 2.1.2_9, Caesium, Monsey, Skid/qProtect, Scuti, CheatBreaker, Bozar, ...
=====React Native Hermes bytecode=====
If you plan on looking inside a compiled React Native Asset for doing a security audit, these tools come handy.
:*[https://github.com/P1sec/hermes-dec hermes-dec] - A reverse engineering tool for decompiling and disassembling the React Native Hermes bytecode.
:*[https://github.com/Pilfer/hermes_rs hermes_rs] - Bytecode disassembler and assembler.
:*[https://github.com/bongtrop/hbctool hbctool] - Hermes Bytecode Reverse Engineering Tool (Assemble/Disassemble Hermes Bytecode).
=====PYTHON=====
All the software you need for working with Python bytecode. Disassemblers, decompilers, debuggers and toolkits.
:*[https://github.com/rocky/python-uncompyle6 uncompyle6] - is a native Python cross-version decompiler and fragment decompiler. The successor to decompyle, uncompyle, and uncompyle2.
:*[https://github.com/zrax/pycdc pycdc] - is a C++ python bytecode disassembler and decompiler.
====Mobile exploration frameworks====
*[https://github.com/MobSF/Mobile-Security-Framework-MobSF MobSF] - Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
*[https://frida.re/ Frida] - Dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers.