Analyze any Android/Java based app or game

Overview

ClassyShark

Introduction

alt text

ClassyShark is a standalone binary inspection tool for Android developers. It can reliably browse any Android executable and show important info such as class interfaces and members, dex counts and dependencies. ClassyShark supports multiple formats including libraries (.dex, .aar, .so), executables (.apk, .jar, .class) and all Android binary XMLs: AndroidManifest, resources, layouts etc.

Useful links

Download

To run, grab the latest JAR and run java -jar ClassyShark.jar.

Export data in text format

  • Exporter
  • API finder 🚧 work in progress

Develop

  1. Clone the repo
  2. Open in your favorite IDE/editor
  3. Build options:

Arch Linux

If you're running Arch Linux you can install the latest prebuilt jar from the AUR.

Dependencies

Support

If you've found an error, please file an issue:

https://github.com/google/android-classyshark/issues

Patches are encouraged, and may be submitted by forking this project and submitting a pull request through GitHub.

License

Copyright 2020 Google, Inc.

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

   http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
Issues
  • Request: offer as a library for Android, including de-obfuscation

    Request: offer as a library for Android, including de-obfuscation

    Currently this repository became very old, and we can use most of it on Android Studio anyway.

    Please update it, and offer to to get de-obfuscation of APK files, including ability to run it even on Android itself.

    opened by AndroidDeveloperLB 6
  • Instructions to build ClassySharkWS?

    Instructions to build ClassySharkWS?

    Can you add instructions to build ClassySharkWS?

    opened by CaledoniaProject 5
  • Some minor clean-up in XmlDecompressor

    Some minor clean-up in XmlDecompressor

    Thanks for all the work on this project! :) I noticed some minor issues (mostly clean-up) in the XmlDecompressor. In summary, I removed unused imports and fixed typos in various comments and variable names.

    cla: yes 
    opened by JonForShort 4
  • ClassyShark doesn't match APK Analyzer in Android Studio

    ClassyShark doesn't match APK Analyzer in Android Studio

    Hello, I have added org.altbeacon:android-beacon-library gradle dependency. I have multidex turned on in my project. APK Analyzer in Android Studio shows org.altbeacon.beacon.powersave gradle in classes.dex. However, ClassyShark doesn't show the same in the classes folder.

    Do you know what could be causing this?

    Thank you, Igor

    opened by IgorGanapolsky 4
  • Opening a file, it shows wrong content

    Opening a file, it shows wrong content

    For example, I choose some drawable file, and I see manifest content:

    image

    It shows at the top as if I chose a manifest file, but I didn't.

    opened by AndroidDeveloperLB 3
  • Add command line support without loading the UI at all

    Add command line support without loading the UI at all

    Run ClassyShark from CLI java -jar ClassyShark.jar -export something.jar

    opened by borisf 3
  • Export individual files

    Export individual files

    I'm trying to extract the manifest from an APK. I imagine that after I open the APK, I could click on AndroidManifest.xml and then on the Export toolbar icon, but nothing happens when I click on it.

    image

    opened by dandv 3
  • Integrate ClassyShark with Proguard mappings.txt file

    Integrate ClassyShark with Proguard mappings.txt file

    Thanks https://github.com/Dorvaryn

    Steps:

    1. Read the mappings file
    2. Add callback here https://github.com/google/android-classyshark/blob/master/ClassySharkWS/src/com/google/classyshark/silverghost/translator/java/JavaTranslator.java
    opened by borisf 3
  • Update README.md

    Update README.md

    I've made a package to make it easy to install ClassySkark on Arch linux. Updating the Readme if you find it OK.

    cla: yes 
    opened by pedronveloso 3
  • how to quickly locate a certain class exists in which dex file

    how to quickly locate a certain class exists in which dex file

    Hello, how to quickly locate a certain class exists in which dex file?

    enhancement 
    opened by pannel 2
  • There is a vulnerability in OkHttp 3.8.1,upgrade recommended

    There is a vulnerability in OkHttp 3.8.1,upgrade recommended

    https://github.com/google/android-classyshark/blob/9c61d6df79c971a0b6c83795e7a91f2a375585cf/ClassySharkWS/build.gradle#L42

    CVE-2018-20200

    Recommended upgrade version:3.12.1

    opened by QiAnXinCodeSafe 0
  • There is a vulnerability in Guava: Google Core Libraries for Java 22.0,upgrade recommended

    There is a vulnerability in Guava: Google Core Libraries for Java 22.0,upgrade recommended

    https://github.com/google/android-classyshark/blob/9c61d6df79c971a0b6c83795e7a91f2a375585cf/ClassySharkWS/build.gradle#L41

    CVE-2018-10237 CVE-2020-8908

    Recommended upgrade version:24.1.1.jre

    opened by QiAnXinCodeSafe 0
  • There is a vulnerability insquare-retrofit  2.3.0,upgrade recommended

    There is a vulnerability insquare-retrofit 2.3.0,upgrade recommended

    https://github.com/google/android-classyshark/blob/9c61d6df79c971a0b6c83795e7a91f2a375585cf/ClassySharkWS/build.gradle#L44

    CVE-2018-1000850 Recommended upgrade version: 2.5.0

    opened by QiAnXinCodeSafe 1
  • Add download sizes similar to Android Studio Apk analyzer

    Add download sizes similar to Android Studio Apk analyzer

    Is there a way to check the download size of native libraries (.so objects) for each build? Android Studio provides the download sizes for each of these, but we want to keep record of it internally. So we're looking to turn these values into JSON objects.

    https://github.com/JetBrains/android/tree/master/apkanalyzer Screen Shot 2020-08-10 at 11 59 44 AM

    enhancement 
    opened by kmadsen 4
  • Export does not work

    Export does not work

    opened by naveenkumar1290 1
  • error loading archive

    error loading archive

    When i was decompiling a apk file. ClassyShark hint "error loading archive"

    error message

    package java.lang;
    
    import java.lang.String;
    import java.lang.Throwable;
    
    
    public class Exception extends Throwable
    
    {
        //======================== F I E L D S ==================
    
          static final long serialVersionUID;
    
        //======================== C O N S T R U C T O R S ======
    
        protected Exception(String, 
            Throwable, 
            boolean, 
            boolean) { ... }
        public Exception(Throwable) { ... }
        public Exception(String, 
            Throwable) { ... }
        public Exception(String) { ... }
        public Exception() { ... }
    
        //======================== M E T H O D S ================
    
    
    } 
    
    opened by luckseal 1
  • A Display bug

    A Display bug

    Dear developer In the process of using, I found a bug in layout / display. As shown in the figure, the lower part of the name of the app in the homepage list is blocked, which may be an adaptation problem. App version is 1.0-12, my mobile phone is Google nexus 6, screen resolution setting is 1440 * 2560, font size is the largest, Android system is 8.0. The above is a description of the problem. The overall experience of the software is good. You can see that the design is very attentive. Thank you very much for the efforts of the developers all the time. I hope to receive a reply. Thank you! image

    opened by franklinbill 1
  • error loading archive

    error loading archive

    When i was decompiling douban.apk, I can not see Classes. ClassyShark hint "error loading archive".

    opened by stevenwsg 4
  • Feature Request: Simple string search in the current file

    Feature Request: Simple string search in the current file

    It will be great to have simple text search in the selected file.

    opened by nikhilgeo 1
Releases(8.2)
Owner
Google
Google ❤️ Open Source
Google
Analyze any Android/Java based app or game

ClassyShark Introduction ClassyShark is a standalone binary inspection tool for Android developers. It can reliably browse any Android executable and

Google 6.8k Jul 28, 2021
A collection of android security related resources

android-security-awesome A collection of android security related resources. Tools Academic/Research/Publications/Books Exploits/Vulnerabilities/Bugs

Ashish Bhatia 5.4k Jul 26, 2021
Easy to use cryptographic framework for data protection: secure messaging with forward secrecy and secure data storage. Has unified APIs across 14 platforms.

Themis provides strong, usable cryptography for busy people General purpose cryptographic library for storage and messaging for iOS (Swift, Obj-C), An

Cossack Labs 1.3k Jul 26, 2021
Android virtual machine and deobfuscator

Simplify Generic Android Deobfuscator Simplify virtually executes an app to understand its behavior and then tries to optimize the code so that it beh

Caleb Fenton 3.8k Jul 31, 2021
TweetNaCl in Java - a port of TweetNaCl-js

TweetNacl in Java: port of tweetnacl-js API/Usage Suggest always use TweetNaclFast implementation Public key authenticated encryption get key pair: Bo

AppNet.Link 32 Jun 29, 2021
a version of the official Android openssl setup to build standalone for use in app

OpenSSL on the Android platform. --- The code in this directory is based on $OPENSSL_VERSION in the file openssl.version. See patches/README for more

Guardian Project 364 Mar 28, 2021
A simple library that can help you detect if you app is modded or tampered with

Android Tamper Detector A simple library that can help you detect if you app is modded or tampered with. This adds a security level that makes it diff

Mukesh Solanki 33 Jul 6, 2021
Dex to Java decompiler

JADX jadx - Dex to Java decompiler Command line and GUI tools for producing Java source code from Android Dex and Apk files Main features: decompile D

null 26.7k Aug 3, 2021
A port of gnupg to Android (UNMAINTAINED!)

Gnu Privacy Guard for Android A port of the whole GnuPG 2.1 suite to Android. If you are using these tools in your own apps, we'd love to hear about i

Guardian Project 265 Jun 11, 2021
Simple API to perform AES encryption on Android. This is the Android counterpart to the AESCrypt library Ruby and Obj-C (with the same weak security defaults :( ) created by Gurpartap Singh. https://github.com/Gurpartap/aescrypt

AESCrypt-Android Simple API to perform AES encryption on Android with no dependancies. This is the Android counterpart to the AESCrypt library Ruby an

Scott Alexander-Bown 618 Jul 6, 2021
A Java ePub reader and parser framework for Android.

FolioReader-Android is an EPUB reader written in Java and Kotlin. Features Custom Fonts Custom Text Size Themes / Day mode / Night mode Text Highlight

FolioReader 2k Jul 27, 2021
Unlock an Android phone (or device) by bruteforcing the lockscreen PIN.

Unlock an Android phone (or device) by bruteforcing the lockscreen PIN. Turn your Kali Nethunter phone into a bruteforce PIN cracker for Android devices! (no root, no adb)

Andrew Horton 1.5k Aug 3, 2021
CLI tool for decompiling Android apps to Java. It does resources! It does Java! Its real easy!

Easy-as-pie Android Decompiler Why One stop shop I got pretty tired of decompiling Android apps with a bunch of steps that I had to remember all the t

Alex Davis 593 Jul 24, 2021
Grab’n Run, a simple and effective Java Library for Android projects to secure dynamic code loading.

Grab’n Run, a simple and effective Java Library for Android projects to secure dynamic code loading.

Luca Falsina 414 Jul 23, 2021