Claude Code skill for Android APK reverse engineering — apktool, jadx, Frida workflows.
A skill bundle that teaches Claude how to do real Android reverse engineering: unpack APKs, decompile to Java with jadx, patch smali, hook with Frida. It chains the right tools instead of one-shotting jadx and giving up.
何時使用: You need to inspect a Flutter/OkHttp app's traffic and pinning blocks Burp.
前置條件
Server/skill installed and authenticated — See repo README
步驟
Identify pinning
Decompile target.apk and find all references to TrustManager / CertificatePinner / Flutter's HttpClient.✓ 已複製
→ List of hooks to patch
Patch + Frida
Generate a Frida script that no-ops checkServerTrusted across both Java and Flutter paths.✓ 已複製
→ Frida .js + run command
結果: Working MITM channel on a test target you own.
注意事項
Reversing apps you don't have rights to is illegal in most jurisdictions. The skill assumes you've documented authorization. — Reversing apps you don't have rights to is illegal in most jurisdictions. The skill assumes you've documented authorization.
成本與限制
運行它的成本
API 配額
See provider docs for rate limits
每次呼叫 Token 數
Varies by tool
費用
See repo README for pricing details
提示
Cache tool results and avoid repeated identical calls.
安全
權限、密鑰、影響範圍
憑證儲存: Use environment variables; never commit secrets
資料出站: Tool calls go to the provider's API as documented
故障排查
常見錯誤與修復
apktool fails to unpack
Use the latest apktool (≥2.9). Older versions miss new resource tables.
驗證: apktool --version ≥ 2.9
repack signs but won't install
Use uber-apk-signer with --allow-resign and target the right SDK level.