InfluxDB 3 OSS is now GA. Transform, enrich, and act on time series data directly in the database. Automate critical tasks and eliminate the need to move data externally. Download now. Learn more →
Jadx Alternatives
Similar projects and alternatives to jadx
-
-
InfluxDB
InfluxDB – Built for High-Performance Time Series Workloads. InfluxDB 3 OSS is now GA. Transform, enrich, and act on time series data directly in the database. Automate critical tasks and eliminate the need to move data externally. Download now.
-
-
CyberChef
The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis
-
mitmproxy
An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.
-
-
-
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
-
-
-
-
-
-
-
Thingsboard
Open-source IoT Platform - Device management, data collection, processing and visualization.
-
-
apk2gold
CLI tool for decompiling Android apps to Java. It does resources! It does Java! Its real easy!
-
-
Uber Apk Signer
A cli tool that helps signing and zip aligning single or multiple Android application packages (APKs) with either debug or provided release certificates. It supports v1, v2 and v3 Android signing scheme has an embedded debug keystore and auto verifies after signing.
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
jadx discussion
jadx reviews and mentions
- Dex to Java Decompiler
-
Simple example of reverse .apk (removing Ads)
JADX - for discovering code in Java
-
Debugging an Undebuggable App
> I remember something like dex2jar also, which gave you a jar you could use in any java decompiler, like jdgui, procyon etc.
https://github.com/skylot/jadx is very handy for that nowadays. It also supports interactive variable/method/class name renaming to make the decomplied code easier to read. The decompiler isn't perfect, but I guess all available Java decompilers have their limitations with more complex bytecode…
-
Hunting the Hacker: A Deep Dive into Courier Fraud
Suspicious of the request, our colleague forwarded the APK to me, knowing my expertise in software development and cybersecurity. My investigation began by downloading and extracting the contents of the APK. Inside, I found several dex files, which I knew contained the app's compiled source code. Using a tool called jadx, (jadx -d extractedapkfile) I decompiled the APK to inspect its source code.
- Ingeniería inversa APK: Deusto App
- Apktool in kali
-
A popular Bluetooth car battery monitor that siphons up all your location data
The best way is to just start practicing. I would say pick some simple apps on your (Android) phone and dig straight in.
The great thing about Android applications is that often they generally decompile quite nice into human readable Java soo the barrier of entry can be quite low to start reversing.
Grab a copy of JADX[1] - it will decompress and decompile the APK files. If you don't have an Android handset, use an emulator and/or grab APKs from apkpure[2]
Dynamic analysis is a bit more challenging. In my blog post I use Frida[3] extensively.
If you get started on something and get stuck/looking for support, feel free to DM me on Twitter[4], more then happy to help.
[1] https://github.com/skylot/jadx
[2] https://frida.re/docs/android/
[3] https://m.apkpure.com/
[4] https://twitter.com/haxrob
-
Hardware Question
This may be overkill but you can use an oscilloscope to manually calculate the baudrate, i.e. like this. It looks like it could be UART serial data, but this is a good resource to reference. Sometimes http is used as a means for communicating, and not necessarily directly to a browser see here. This is pretty common in embedded applications actually. You can try using dirbuster to see what hidden endpoints there are that may be used for video. If there's an RC, you can try and do what you were doing before on the drone for that (see what dmesg says when plugged in, check any open ports, etc). If it's a phone you connect to, you can RE the mobile app. I like using jadx for APKs to get a lay of the land. If you don't want to pop the SPI flash like i suggested earlier (and I suggest don't do that except for last resort), you can grep for firmware urls in the mobile app to see if it does OTA updates, and see if you can directly download it and analyze it with a disassembler like Ghidra. Since it's WiFi, you can also MiTM the traffic from an AP you control like your computer. I'm guessing video is probably going to be something like RTSP at an IP address, so you can grep in the mobile app for that, and that might be good enough to get your video feed honestly.
-
improved nintype
Jadx - skylot/jadx: Dex to Java decompiler (github.com) - Used for decompiling the apk - make the code readable
-
How to securely set end point url and encryption keys in CN1 app
I realized when app is decompiled using JADX class names are recreated as shown in this screenshot of sample app
-
A note from our sponsor - InfluxDB
www.influxdata.com | 18 Jun 2025
Stats
skylot/jadx is an open source project licensed under Apache License 2.0 which is an OSI approved license.
The primary programming language of jadx is Java.