apk.sh
objection
apk.sh | objection | |
---|---|---|
15 | 17 | |
3,143 | 7,024 | |
- | 1.4% | |
5.5 | 1.6 | |
2 months ago | 4 days ago | |
Shell | Python | |
GNU General Public License v3.0 only | GNU General Public License v3.0 only |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
apk.sh
- Android Reverse Engineering - apk.sh v1.0.8 is out!
- apk.sh makes reverse engineering Android apps easier, automating some repetitive tasks like pulling, decoding, rebuilding and patching an APK.
- GitHub - ax/apk.sh: 🕹️ apk.sh makes reverse engineering Android apps easier, automating some repetitive tasks like pulling, decoding, rebuilding and patching an APK.
- Have you ever heard of apk.sh? It makes reverse engineering Android apps easier.
-
🕹apk.sh v.1.0.4 is OUT! Makes reverse engineering Android apps easier!
🔥 Check v1.0.4 out at https://github.com/ax/apk.sh! 🔥
-
How secure is Android apps fingerprint authentication in 2023?
You can easily use 🕹 apk.sh and the updated script from https://github.com/ax/android-fingerprint-bypass to test the fingerprint authentication of any Android app (on non-rooted devices).
- Apk.sh is a Bash script that makes reverse engineering Android apps easier
objection
- apk.sh, make reverse engineering Android apps easier!
- Prerequisites for reverse engineering?
-
Mitmproxy 8
This is true, by default Android apps do not trust user-installed certificate authorities. IMO the easiest solution if you're doing security testing on a dedicated device is MagiskTrustUserCerts[1]. If you're not testing on a dedicated device or you don't want to root the device, I'd recommend using the objection[2] tool which has a guided mode for patching an apk, and you can modify the manifest to add your CA or to trust all user-installed CAs.
[1]: https://github.com/NVISOsecurity/MagiskTrustUserCerts
[2]: https://github.com/sensepost/objection/wiki/Patching-Android...
-
Is this networking knowledge enough ?
Then use runtime tools like Runtime Mobile Security, Grapefruit, and Objection to see stuff in action and practice Frida along with as these tools usually support loading custom Frida scripts.
-
Okhttp3 SSL pinning bypass
you might have more luck in some whitehat hacking groups etc. ive used https://github.com/sensepost/objection to try out my own app.
-
Beststar all songs + unlimited play v1.1
In some form yes. Internally this is just a Frida gadget script which you can see here does support IOS.
What are some alternatives?
dexcom-g7-apk-patcher - Dexcom G7 .apk patcher | ✅ AAPS Broadcasting ✅ Disable compatibility checks ✅ Enable Screenshots ✅ Decrease required android version
frida - Clone this repo to build Frida
APKLab - Android Reverse-Engineering Workbench for VS Code
drozer - The Leading Security Assessment Framework for Android.
awesome-frida - Awesome Frida - A curated list of Frida resources http://www.frida.re/ (https://github.com/frida/frida)
Free-RASP-Community - SDK providing app protection and threat monitoring for mobile devices, available for Flutter, Cordova, Android and iOS.
magisk-frida - 🔐 Run frida-server on boot with Magisk, always up-to-date
apkmagician
Apktool - A tool for reverse engineering Android apk files
patch-apk - Wrapper to inject an Objection/Frida gadget into an APK, with support for app bundles/split APKs.
pwndbg - Exploit Development and Reverse Engineering with GDB Made Easy