/ Diretório / Playground / Android Reverse Engineering Skill
← Todos os servidores ↗ GitHub
● Comunidade SimoneAvogadro ⚡ Instantâneo

Android Reverse Engineering Skill

por SimoneAvogadro · SimoneAvogadro/android-reverse-engineering-skill

Claude Code skill for Android APK reverse engineering — apktool, jadx, Frida workflows.

A skill bundle that teaches Claude how to do real Android reverse engineering: unpack APKs, decompile to Java with jadx, patch smali, hook with Frida. It chains the right tools instead of one-shotting jadx and giving up.

▶ Ver demo 📦 Instalar 💡 Casos de uso

Por que usar

Principais recursos

Demo ao vivo

Como fica na prática

android-reverse-engineering-skill.replay ▶ pronto
0/0

Instalar

Escolha seu cliente

~/Library/Application Support/Claude/claude_desktop_config.json  · Windows: %APPDATA%\Claude\claude_desktop_config.json
{
  "mcpServers": {
    "android-reverse-engineering-skill": {
      "command": "git",
      "args": [
        "clone",
        "https://github.com/SimoneAvogadro/android-reverse-engineering-skill",
        "~/.claude/skills/android-reverse-engineering-skill"
      ],
      "_inferred": true
    }
  }
}

Abra Claude Desktop → Settings → Developer → Edit Config. Reinicie após salvar.

~/.cursor/mcp.json · .cursor/mcp.json
{
  "mcpServers": {
    "android-reverse-engineering-skill": {
      "command": "git",
      "args": [
        "clone",
        "https://github.com/SimoneAvogadro/android-reverse-engineering-skill",
        "~/.claude/skills/android-reverse-engineering-skill"
      ],
      "_inferred": true
    }
  }
}

Cursor usa o mesmo esquema mcpServers que o Claude Desktop. Config de projeto vence a global.

VS Code → Cline → MCP Servers → Edit
{
  "mcpServers": {
    "android-reverse-engineering-skill": {
      "command": "git",
      "args": [
        "clone",
        "https://github.com/SimoneAvogadro/android-reverse-engineering-skill",
        "~/.claude/skills/android-reverse-engineering-skill"
      ],
      "_inferred": true
    }
  }
}

Clique no ícone MCP Servers na barra lateral do Cline, depois "Edit Configuration".

~/.codeium/windsurf/mcp_config.json
{
  "mcpServers": {
    "android-reverse-engineering-skill": {
      "command": "git",
      "args": [
        "clone",
        "https://github.com/SimoneAvogadro/android-reverse-engineering-skill",
        "~/.claude/skills/android-reverse-engineering-skill"
      ],
      "_inferred": true
    }
  }
}

Mesmo formato do Claude Desktop. Reinicie o Windsurf para aplicar.

~/.continue/config.json
{
  "mcpServers": [
    {
      "name": "android-reverse-engineering-skill",
      "command": "git",
      "args": [
        "clone",
        "https://github.com/SimoneAvogadro/android-reverse-engineering-skill",
        "~/.claude/skills/android-reverse-engineering-skill"
      ]
    }
  ]
}

O Continue usa um array de objetos de servidor em vez de um map.

~/.config/zed/settings.json
{
  "context_servers": {
    "android-reverse-engineering-skill": {
      "command": {
        "path": "git",
        "args": [
          "clone",
          "https://github.com/SimoneAvogadro/android-reverse-engineering-skill",
          "~/.claude/skills/android-reverse-engineering-skill"
        ]
      }
    }
  }
}

Adicione em context_servers. Zed recarrega automaticamente ao salvar.

claude mcp add android-reverse-engineering-skill -- git clone https://github.com/SimoneAvogadro/android-reverse-engineering-skill ~/.claude/skills/android-reverse-engineering-skill

Uma linha só. Verifique com claude mcp list. Remova com claude mcp remove.

Casos de uso

Usos do mundo real: Android Reverse Engineering Skill

Bypass cert pinning on a test app for MITM analysis

👤 Security researchers (with permission!) ⏱ ~15 min intermediate

Quando usar: You need to inspect a Flutter/OkHttp app's traffic and pinning blocks Burp.

Pré-requisitos
  • Server/skill installed and authenticated — See repo README
Fluxo
  1. Identify pinning
    Decompile target.apk and find all references to TrustManager / CertificatePinner / Flutter's HttpClient.✓ Copiado
    → List of hooks to patch
  2. Patch + Frida
    Generate a Frida script that no-ops checkServerTrusted across both Java and Flutter paths.✓ Copiado
    → Frida .js + run command

Resultado: Working MITM channel on a test target you own.

Armadilhas
  • Reversing apps you don't have rights to is illegal in most jurisdictions. The skill assumes you've documented authorization. — Reversing apps you don't have rights to is illegal in most jurisdictions. The skill assumes you've documented authorization.

Custo e limites

O que custa rodar

Cota de API
See provider docs for rate limits
Tokens por chamada
Varies by tool
Monetário
See repo README for pricing details
Dica
Cache tool results and avoid repeated identical calls.

Segurança

Permissões, segredos, alcance

Armazenamento de credenciais: Use environment variables; never commit secrets
Saída de dados: Tool calls go to the provider's API as documented

Solução de problemas

Erros comuns e correções

apktool fails to unpack

Use the latest apktool (≥2.9). Older versions miss new resource tables.

Verificar: apktool --version ≥ 2.9
repack signs but won't install

Use uber-apk-signer with --allow-resign and target the right SDK level.

Verificar: adb install -r app-signed.apk

Alternativas

Android Reverse Engineering Skill vs. outros

AlternativaQuando usarTroca
trailofbits/skillsYou want broader security skillsMore generic; less Android-specific

Mais

Recursos

📖 Leia o README oficial no GitHub

🐙 Ver issues abertas

🔍 Ver todos os 400+ servidores MCP e Skills