androidReverse On-device Android reverse engineering suite

[carlospolop]

🤖 Automated Content Update

This PR was automatically generated by the HackTricks News Bot based on a technical blog post.

📝 Source Information

• Blog URL: https://github.com/UltraSina/androidReverse
• Blog Title: androidReverse: On-device Android reverse engineering suite
• Suggested Section: Mobile Pentesting > Android Applications Pentesting > APK decompilers; optionally cross-reference Reversing Native Libraries, Smali, Flutter, and Android malware/static analysis workflows

🎯 Content Summary

androidReverse is an Android reverse-engineering suite designed to run entirely on-device. Its main value is enabling APK extraction, Java/Kotlin decompilation, Smali inspection, native binary analysis, resource decoding, cross-platform app analysis, and note-taking directly from an Android phone or tablet, without requiring a PC, ADB, or desktop reverse-engineering tools.

Security relevance and impact: this is not a vulnerability write-up and does not ...

🔧 Technical Details

On-device Android application triage: A practical mobile reversing workflow is to extract .apk, .xapk, and split .apks packages directly from local storage or installed applications, then inspect Java/Kotlin output, Smali, resources, and native libraries without ADB or a desktop system. This is useful when analysts need quick field triage of suspicious apps, installed malware, or customer-provided APKs directly on an Android device.

Multi-decompiler comparison for obfuscated bytecode: When Java/Kotlin decompilation is affected by obfuscation, malformed bytecode, compiler-generated constructs, lambdas, generics, or complex control flow, compare the same class across multiple engines instead of trusting one output. androidReverse supports CFR, Procyon, JD-Core, Krakatau, Vineflower, Jadx, Jadx Fallback, and Jadx...

🤖 Agent Actions

Updated src/mobile-pentesting/android-app-pentesting/apk-decompilers.md.

Added a concise androidReverse section covering:

• on-device APK / XAPK / split-APKS triage
• multi-decompiler comparison workflow
• manifest/resource recovery via AXML/ARSC parsing
• JNI/native .so analysis pivot with radare2
• Flutter/Unity-specific reversing notes

Also added a ## References section with:

• the official repository
• the latest release page (release11, published June 21, 2026)

I validated the diff and confirmed only that single file was modified.

---

This PR was automatically created by the HackTricks Feed Bot. Please review the changes carefully before merging.

[carlospolop]

🔗 Additional Context

Original Blog Post: https://github.com/UltraSina/androidReverse

Content Categories: Based on the analysis, this content was categorized under "Mobile Pentesting > Android Applications Pentesting > APK decompilers; optionally cross-reference Reversing Native Libraries, Smali, Flutter, and Android malware/static analysis workflows".

Repository Maintenance:

• MD Files Formatting: 977 files processed

Review Notes:

• This content was automatically processed and may require human review for accuracy
• Check that the placement within the repository structure is appropriate
• Verify that all technical details are correct and up-to-date
• All .md files have been checked for proper formatting (headers, includes, etc.)

Bot Version: HackTricks News Bot v1.0