RomanNum3ral
/
android-reverse-engineering-skill
mirror of https://github.com/SimoneAvogadro/android-reverse-engineering-skill.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
android-reverse-engineering.../.windsurf/rules/android-reverse-engineering.md

55 lines
2.2 KiB
Markdown
Raw Blame History

# Android Reverse Engineering
Decompile Android APK, XAPK, JAR, and AAR files using jadx and Fernflower/Vineflower. Extract Retrofit endpoints, OkHttp calls, hardcoded URLs, and authentication patterns.
## Dependencies
Run the dependency checker before decompiling:
```bash
bash plugins/android-reverse-engineering/skills/android-reverse-engineering/scripts/check-deps.sh
```
Required: Java JDK 17+, jadx.
Optional: Fernflower/Vineflower, dex2jar, apktool.
Install missing:
```bash
bash plugins/android-reverse-engineering/skills/android-reverse-engineering/scripts/install-dep.sh <dep>
```
## Workflow
1. **Check deps**: `check-deps.sh` → outputs `INSTALL_REQUIRED:<dep>` for missing tools
2. **Decompile**: `decompile.sh <file>` with `--engine jadx|fernflower|both`, `--deobf`
3. **Analyze**: Review AndroidManifest.xml, package structure, architecture patterns
4. **Trace flows**: Follow Activity → ViewModel → Repository → Retrofit/OkHttp → HTTP
5. **Extract APIs**: `find-api-calls.sh <dir>` with `--retrofit`, `--okhttp`, `--urls`, `--auth`
## Script Locations
All scripts are at: `plugins/android-reverse-engineering/skills/android-reverse-engineering/scripts/`
- `check-deps.sh` — verify dependencies
- `install-dep.sh` — install a dependency
- `decompile.sh` — main decompile wrapper
- `find-api-calls.sh` — API call search
## Reference Documentation
- `plugins/android-reverse-engineering/skills/android-reverse-engineering/references/setup-guide.md`
- `plugins/android-reverse-engineering/skills/android-reverse-engineering/references/jadx-usage.md`
- `plugins/android-reverse-engineering/skills/android-reverse-engineering/references/fernflower-usage.md`
- `plugins/android-reverse-engineering/skills/android-reverse-engineering/references/api-extraction-patterns.md`
- `plugins/android-reverse-engineering/skills/android-reverse-engineering/references/call-flow-analysis.md`
## Output Format
Document each API endpoint as:
```markdown
### `METHOD /api/endpoint`
- **Source**: ClassName.java:42
- **Retrofit**: @POST("/api/endpoint")
- **Headers**: Authorization: Bearer {token}
- **Body**: { "key": "value" }
- **Called from**: Activity → ViewModel → Repository → ApiService
```
Reference in New Issue View Git Blame Copy Permalink