android-reverse-engineering-skill
这个Claude Code技能专为Android应用逆向工程设计。它能自动反编译APK/XAPK/JAR/AAR文件,并智能提取应用中使用的HTTP API,包括Retrofit端点、OkHttp调用、硬编码URL及认证模式。该技能还能追踪调用流程、分析应用结构并处理混淆代码,帮助开发者在没有源代码的情况下理解和复现应用功能,显著提升API文档化和重现效率。
/plugin marketplace add SimoneAvogadro/android-reverse-engineering-skilBefore / After 效果对比
1 组传统上,手动反编译Android应用并逐行分析代码以识别和记录API,耗时费力,且难以应对混淆代码和复杂调用链。
借助AI技能,自动完成反编译、API提取、调用流追踪及认证模式识别,大幅提升分析速度和准确性,轻松处理复杂应用。
description SKILL.md
Android Reverse Engineering & API Extraction — Claude Code skill
A Claude Code skill that decompiles Android APK/XAPK/JAR/AAR files and extracts the HTTP APIs used by the app — Retrofit endpoints, OkHttp calls, hardcoded URLs, authentication patterns — so you can document and reproduce them without the original source code.
What it does
- Decompiles APK, XAPK, JAR, and AAR files using jadx and Fernflower/Vineflower (single engine or side-by-side comparison)
- Extracts and documents APIs: Retrofit endpoints, OkHttp calls, hardcoded URLs, auth headers and tokens
- Traces call flows from Activities/Fragments through ViewModels and repositories down to HTTP calls
- Analyzes app structure: manifest, packages, architecture patterns
- Handles obfuscated code: strategies for navigating ProGuard/R8 output
Requirements
Required:
- Java JDK 17+
- jadx (CLI)
Optional (recommended):
- Vineflower or Fernflower — better output on complex Java code
- dex2jar — needed to use Fernflower on APK/DEX files
See plugins/android-reverse-engineering/skills/android-reverse-engineering/references/setup-guide.md for detailed installation instructions.
Installation
From GitHub (recommended)
Inside Claude Code, run:
/plugin marketplace add SimoneAvogadro/android-reverse-engineering-skill
/plugin install android-reverse-engineering@android-reverse-engineering-skill
The skill will be permanently available in all future sessions.
From a local clone
git clone https://github.com/SimoneAvogadro/android-reverse-engineering-skill.git
Then in Claude Code:
/plugin marketplace add /path/to/android-reverse-engineering-skill
/plugin install android-reverse-engineering@android-reverse-engineering-skill
Usage
Slash command
/decompile path/to/app.apk
This runs the full workflow: dependency check, decompilation, and initial structure analysis.
Natural language
The skill activates on phrases like:
- "Decompile this APK"
- "Reverse engineer this Android app"
- "Extract API endpoints from this app"
- "Follow the call flow from LoginActivity"
- "Analyze this AAR library"
Manual scripts
The scripts can also be used standalone:
# Check dependencies
bash plugins/android-reverse-engineering/skills/android-reverse-engineering/scripts/check-deps.sh
# Install a missing dependency (auto-detects OS and package manager)
bash plugins/android-reverse-engineering/skills/android-reverse-engineering/scripts/install-dep.sh jadx
bash plugins/android-reverse-engineering/skills/android-reverse-engineering/scripts/install-dep.sh vineflower
# Decompile APK with jadx (default)
bash plugins/android-reverse-engineering/skills/android-reverse-engineering/scripts/decompile.sh app.apk
# Decompile XAPK (auto-extracts and decompiles each APK inside)
bash plugins/android-reverse-engineering/skills/android-reverse-engineering/scripts/decompile.sh app-bundle.xapk
# Decompile with Fernflower
bash plugins/android-reverse-engineering/skills/android-reverse-engineering/scripts/decompile.sh --engine fernflower library.jar
# Run both engines and compare
bash plugins/android-reverse-engineering/skills/android-reverse-engineering/scripts/decompile.sh --engine both --deobf app.apk
# Find API calls
bash plugins/android-reverse-engineering/skills/android-reverse-engineering/scripts/find-api-calls.sh output/sources/
bash plugins/android-reverse-engineering/skills/android-reverse-engineering/scripts/find-api-calls.sh output/sources/ --retrofit
bash plugins/android-reverse-engineering/skills/android-reverse-engineering/scripts/find-api-calls.sh output/sources/ --urls
Repository Structure
android-reverse-engineering-skill/
├── .claude-plugin/
│ └── marketplace.json # Marketplace catalog
├── plugins/
│ └── android-reverse-engineering/
│ ├── .claude-plugin/
│ │ └── plugin.json # Plugin manifest
│ ├── skills/
│ │ └── android-reverse-engineering/
│ │ ├── SKILL.md # Core workflow (5 phases)
│ │ ├── references/
│ │ │ ├── setup-guide.md
│ │ │ ├── jadx-usage.md
│ │ │ ├── fernflower-usage.md
│ │ │ ├── api-extraction-patterns.md
│ │ │ └── call-flow-analysis.md
│ │ └── scripts/
│ │ ├── check-deps.sh
│ │ ├── install-dep.sh
│ │ ├── decompile.sh
│ │ └── find-api-calls.sh
│ └── commands/
│ └── decompile.md # /decompile slash command
├── LICENSE
└── README.md
References
- jadx — Dex to Java decompiler
- Fernflower — JetBrains analytical decompiler
- Vineflower — Fernflower community fork
- dex2jar — DEX to JAR converter
- apktool — Android resource decoder
Disclaimer
This plugin is provided strictly for lawful purposes, including but not limited to:
- Security research and authorized penetration testing
- Interoperability analysis permitted under applicable law (e.g., EU Directive 2009/24/EC, US DMCA §1201(f))
- Malware analysis and incident response
- Educational use and CTF competitions
You are solely responsible for ensuring that your use of this tool complies with all applicable laws, regulations, and terms of service. Unauthorized reverse engineering of software you do not own or do not have permission to analyze may violate intellectual property laws and computer fraud statutes in your jurisdiction.
The authors disclaim any liability for misuse of this tool.
License
Apache 2.0 — see LICENSE
forum用户评价 (0)
发表评价
暂无评价
统计数据
用户评分
为此 Skill 评分