Claude Code skill for Android APK reverse engineering — apktool, jadx, Frida workflows.
A skill bundle that teaches Claude how to do real Android reverse engineering: unpack APKs, decompile to Java with jadx, patch smali, hook with Frida. It chains the right tools instead of one-shotting jadx and giving up.
何时使用: You need to inspect a Flutter/OkHttp app's traffic and pinning blocks Burp.
前置条件
Server/skill installed and authenticated — See repo README
步骤
Identify pinning
Decompile target.apk and find all references to TrustManager / CertificatePinner / Flutter's HttpClient.✓ 已复制
→ List of hooks to patch
Patch + Frida
Generate a Frida script that no-ops checkServerTrusted across both Java and Flutter paths.✓ 已复制
→ Frida .js + run command
结果: Working MITM channel on a test target you own.
注意事项
Reversing apps you don't have rights to is illegal in most jurisdictions. The skill assumes you've documented authorization. — Reversing apps you don't have rights to is illegal in most jurisdictions. The skill assumes you've documented authorization.
成本与限制
运行它的成本
API 配额
See provider docs for rate limits
每次调用 Token 数
Varies by tool
费用
See repo README for pricing details
提示
Cache tool results and avoid repeated identical calls.
安全
权限、密钥、影响范围
凭据存储: Use environment variables; never commit secrets
数据出站: Tool calls go to the provider's API as documented
故障排查
常见错误与修复
apktool fails to unpack
Use the latest apktool (≥2.9). Older versions miss new resource tables.
验证: apktool --version ≥ 2.9
repack signs but won't install
Use uber-apk-signer with --allow-resign and target the right SDK level.