Analyze any Android/Java based app or game

Overview

ClassyShark

Introduction

alt text

ClassyShark is a standalone binary inspection tool for Android developers. It can reliably browse any Android executable and show important info such as class interfaces and members, dex counts and dependencies. ClassyShark supports multiple formats including libraries (.dex, .aar, .so), executables (.apk, .jar, .class) and all Android binary XMLs: AndroidManifest, resources, layouts etc.

Useful links

Download

To run, grab the latest JAR and run java -jar ClassyShark.jar.

Export data in text format

  • Exporter
  • API finder 🚧 work in progress

Develop

  1. Clone the repo
  2. Open in your favorite IDE/editor
  3. Build options:

Arch Linux

If you're running Arch Linux you can install the latest prebuilt jar from the AUR.

Dependencies

Support

If you've found an error, please file an issue:

https://github.com/google/android-classyshark/issues

Patches are encouraged, and may be submitted by forking this project and submitting a pull request through GitHub.

License

Copyright 2020 Google, Inc.

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

   http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
Comments
  • Security Policy violation Binary Artifacts

    Security Policy violation Binary Artifacts

    This issue was automatically created by Allstar.

    Security Policy Violation Project is out of compliance with Binary Artifacts policy: binaries present in source code

    Rule Description Binary Artifacts are an increased security risk in your repository. Binary artifacts cannot be reviewed, allowing the introduction of possibly obsolete or maliciously subverted executables. For more information see the Security Scorecards Documentation for Binary Artifacts.

    Remediation Steps To remediate, remove the generated executable artifacts from the repository.

    Artifacts Found

    • ClassySharkWS/gradle/wrapper/gradle-wrapper.jar
    • third_party/asmdex-1.0.jar
    • third_party/java-binutils.jar
    • third_party/util-2.0.6.jar

    Additional Information This policy is drawn from Security Scorecards, which is a tool that scores a project's adherence to security best practices. You may wish to run a Scorecards scan directly on this repository for more details.


    Allstar has been installed on all Google managed GitHub orgs. Policies are gradually being rolled out and enforced by the GOSST and OSPO teams. Learn more at http://go/allstar

    This issue will auto resolve when the policy is in compliance.

    Issue created by Allstar. See https://github.com/ossf/allstar/ for more information. For questions specific to the repository, please contact the owner or maintainer.

    allstar 
    opened by allstar-app[bot] 7
  • Request: offer as a library for Android, including de-obfuscation

    Request: offer as a library for Android, including de-obfuscation

    Currently this repository became very old, and we can use most of it on Android Studio anyway.

    Please update it, and offer to to get de-obfuscation of APK files, including ability to run it even on Android itself.

    opened by AndroidDeveloperLB 6
  • Crash Analyzing Godot Engine App

    Crash Analyzing Godot Engine App

    I was playing around with Classyshark and noticed that it crashes when attempting to analyze my Godot Engine game Carpe Diem.

    apk is available at https://www.inventati.org/1337gallery/games/carpediem/carpediem.html

    Source: https://github.com/ATryder/CarpeDiem

    opened by ATryder 4
  • Some minor clean-up in XmlDecompressor

    Some minor clean-up in XmlDecompressor

    Thanks for all the work on this project! :) I noticed some minor issues (mostly clean-up) in the XmlDecompressor. In summary, I removed unused imports and fixed typos in various comments and variable names.

    cla: yes 
    opened by JonForShort 4
  • ClassyShark doesn't match APK Analyzer in Android Studio

    ClassyShark doesn't match APK Analyzer in Android Studio

    Hello, I have added org.altbeacon:android-beacon-library gradle dependency. I have multidex turned on in my project. APK Analyzer in Android Studio shows org.altbeacon.beacon.powersave gradle in classes.dex. However, ClassyShark doesn't show the same in the classes folder.

    Do you know what could be causing this?

    Thank you, Igor

    opened by IgorGanapolsky 4
  • Java 8

    Java 8

    Hi Team,

    The latest build seems to be only working on java 8. is it intentional or by mistake.

    Can i assume going forward all builds will be on java 8 only.

    BTW just so you are aware. We package and make available classyshark in AndroidTamer as well as on androidtamer debian compatible repository "https://repo.androidtamer.com/"

    opened by anantshri 3
  • Export individual files

    Export individual files

    I'm trying to extract the manifest from an APK. I imagine that after I open the APK, I could click on AndroidManifest.xml and then on the Export toolbar icon, but nothing happens when I click on it.

    image

    opened by dandv 3
  • Integrate ClassyShark with Proguard mappings.txt file

    Integrate ClassyShark with Proguard mappings.txt file

    Thanks https://github.com/Dorvaryn

    Steps:

    1. Read the mappings file
    2. Add callback here https://github.com/google/android-classyshark/blob/master/ClassySharkWS/src/com/google/classyshark/silverghost/translator/java/JavaTranslator.java
    opened by borisf 3
  • Methodcount from classyshark is different from [dex-method-count](https://github.com/mihaip/dex-method-counts)

    Methodcount from classyshark is different from [dex-method-count](https://github.com/mihaip/dex-method-counts)

    Dex-method-count will count all methods include defined methods and referenced methods. Note that referenced methods count against the 64K method limit too.

    Will Classyshark count the referenced method?

    opened by simpleton 2
  • Is it working on mac?

    Is it working on mac?

    Seem that most of the ui functions are not working in mac, like

    • changing the theme color
    • export file
    • expand method (all the text inside the method now become dot dot dot, not sure if it is the problem of using mac or not. Below is the sample display)
    import android.content.Context;
    import java.lang.String;
    import org.apache.http.Header;
    import org.apache.http.client.CookieStore;
    
    public class HttpCookies extends Object
    {
        //======================== F I E L D S ==================
    
    
          public static String baseurl;
          private static Header[] httpHeader;
          private static String httpProxyStr;
          private static int pageSize;
          private static CookieStore uCookie;
           Context context;
    
        //======================== C O N S T R U C T O R S ======
    
        public HttpCookies(Context) { ... }
    
        //======================== M E T H O D S ================
    
        static void <clinit>() { ... }
        public Header[] getHttpHeader() { ... }
        public String getHttpProxyStr() { ... }
        public int getPageSize() { ... }
        public CookieStore getuCookie() { ... }
        public void initHTTPProxy() { ... }
        public void setPageSize(int) { ... }
        public void setuCookie(CookieStore) { ... }
    
    } 
    
    opened by musso 2
  • UI and --methodcount flag report different numbers

    UI and --methodcount flag report different numbers

    The numbers of method in the UI component and those reported using -methodcounts flag report different numbers. Is this expected? Does the -methodcounts not report the dex method count?

    opened by marwanad 2
  • ArrayIndexOutOfBoundsException when trying to export

    ArrayIndexOutOfBoundsException when trying to export

    I've started ClassyShark using the command referenced in the README file, and in the left-hand tree, I'll click on a folder or file, then click the export button, and I get this error:

    java.lang.ArrayIndexOutOfBoundsException: 6392800
    	at org.ow2.asmdex.lowLevelUtils.DexFileReader.getStringItemFromStringIndex(DexFileReader.java:104)
    	at org.ow2.asmdex.ApplicationReader.readAnnotationElement(ApplicationReader.java:1493)
    	at org.ow2.asmdex.ApplicationReader.readEncodedAnnotation(ApplicationReader.java:1518)
    	at org.ow2.asmdex.ApplicationReader.readEncodedValue(ApplicationReader.java:861)
    	at org.ow2.asmdex.ApplicationReader.readAnnotationElement(ApplicationReader.java:1494)
    	at org.ow2.asmdex.ApplicationReader.parseSpecificAnnotations(ApplicationReader.java:1473)
    	at org.ow2.asmdex.ApplicationReader.readDefaultAnnotations(ApplicationReader.java:1271)
    	at org.ow2.asmdex.ApplicationReader.visitClass(ApplicationReader.java:561)
    	at org.ow2.asmdex.ApplicationReader.accept(ApplicationReader.java:437)
    	at org.ow2.asmdex.ApplicationReader.accept(ApplicationReader.java:338)
    	at com.google.classyshark.silverghost.translator.dex.DexMethodsDumper.fillAnalysis(DexMethodsDumper.java:106)
    	at com.google.classyshark.silverghost.translator.dex.DexMethodsDumper.dumpMethods(DexMethodsDumper.java:84)
    	at com.google.classyshark.silverghost.exporter.Exporter.writeMethods(Exporter.java:89)
    	at com.google.classyshark.silverghost.exporter.Exporter.writeArchive(Exporter.java:47)
    	at com.google.classyshark.gui.panel.ClassySharkPanel$3.doInBackground(ClassySharkPanel.java:207)
    	at com.google.classyshark.gui.panel.ClassySharkPanel$3.doInBackground(ClassySharkPanel.java:202)
    	at javax.swing.SwingWorker$1.call(SwingWorker.java:295)
    	at java.util.concurrent.FutureTask.run(FutureTask.java:266)
    	at javax.swing.SwingWorker.run(SwingWorker.java:334)
    	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
    	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
    	at java.lang.Thread.run(Thread.java:748)
    

    Based on the stacktrace, it looks like the error is occurring somewhere around here: https://github.com/google/android-classyshark/blob/9c61d6df79c971a0b6c83795e7a91f2a375585cf/ClassySharkWS/src/com/google/classyshark/silverghost/translator/dex/DexMethodsDumper.java#L84

    opened by joshterrill 7
  • ASMDEX is archived any plans to change the dependency

    ASMDEX is archived any plans to change the dependency

    ASMdex.jar which is a local jar dependency for this project is created using asmdex project Only known reference of it that i can find is this https://gitlab.ow2.org/asm/asmdex archived project. suffice to say the project is dead for a long time. Is there any alternative or is classyshark going to keep using the old project. if yes then it might be a better idea to restore the jar file in the repository as there is no other simpler way for someone to compile the project.

    opened by anantshri 2
  • After deletion of jar files this project is not compilable

    After deletion of jar files this project is not compilable

    While i am trying to compile it is simply looking for the jar in local folder. Any specific reason why last 4-5 commits deleted jar files including gradle-wrapper.jar these are all esential for building jar from source if someone wants to.

    opened by anantshri 1
  • There is a vulnerability in OkHttp 3.8.1,upgrade recommended

    There is a vulnerability in OkHttp 3.8.1,upgrade recommended

    https://github.com/google/android-classyshark/blob/9c61d6df79c971a0b6c83795e7a91f2a375585cf/ClassySharkWS/build.gradle#L42

    CVE-2018-20200

    Recommended upgrade version:3.12.1

    opened by QiAnXinCodeSafe 0
  • There is a vulnerability in Guava: Google Core Libraries for Java 22.0,upgrade recommended

    There is a vulnerability in Guava: Google Core Libraries for Java 22.0,upgrade recommended

    https://github.com/google/android-classyshark/blob/9c61d6df79c971a0b6c83795e7a91f2a375585cf/ClassySharkWS/build.gradle#L41

    CVE-2018-10237 CVE-2020-8908

    Recommended upgrade version:24.1.1.jre

    opened by QiAnXinCodeSafe 0
Releases(8.2)
Owner
Google
Google ❤️ Open Source
Google
BlackDex is an Android unpack tool, it supports Android 5.0~12 and need not rely to any environment. BlackDex can run on any Android mobile phones or emulators, you can unpack APK File in several seconds.

BlackDex is an Android unpack tool, it supports Android 5.0~12 and need not rely to any environment. BlackDex can run on any Android mobile phones or emulators, you can unpack APK File in several seconds.

null 4.3k Jan 2, 2023
CLI tool for decompiling Android apps to Java. It does resources! It does Java! Its real easy!

Easy-as-pie Android Decompiler Why One stop shop I got pretty tired of decompiling Android apps with a bunch of steps that I had to remember all the t

Alex Davis 619 Dec 27, 2022
A tool translate a apk file to stantard android project include so hook api and il2cpp c++ scaffolding when apk is a unity il2cpp game. Write code on a apk file elegantly.

FakerAndroid (FakerAndroid.jar or FakerAndroid-AS) A tool translate a apk file to stantard android project include so hook api and il2cpp c++ scaffold

null 231 Dec 29, 2022
Wordle is an interesting game. Let's solve it!

wordle Wordle is an interesting game. Let's solve it! Algorithm The algorithm is simple: On the first attempt, guess the highest ranked word in the di

Jonathan 1 Jan 14, 2022
Signal Protocol library for Java/Android

Overview A ratcheting forward secrecy protocol that works in synchronous and asynchronous messaging environments. PreKeys This protocol uses a concept

Signal 1.8k Dec 24, 2022
Grab’n Run, a simple and effective Java Library for Android projects to secure dynamic code loading.

Grab’n Run, a simple and effective Java Library for Android projects to secure dynamic code loading.

Luca Falsina 418 Dec 29, 2022
A Java ePub reader and parser framework for Android.

FolioReader-Android is an EPUB reader written in Java and Kotlin. Features Custom Fonts Custom Text Size Themes / Day mode / Night mode Text Highlight

FolioReader 2.1k Jan 3, 2023
A program analysis tool to find cryptographic misuse in Java and Android.

A program analysis tool to find cryptographic misuse in Java and Android.

null 92 Dec 15, 2022
CRYLOGGER: Detecting Crypto Misuses for Android and Java Apps Dynamically

CRYLOGGER: Detecting Crypto Misuses for Android and Java Apps Dynamically

Luca Piccolboni 139 Dec 12, 2022
Appdbg - make it possible to run android dex file in original Java Virtual Machine

Appdbg - make it possible to run android dex file in original Java Virtual Machine

null 137 Dec 20, 2022
Smali/baksmali is an assembler/disassembler for the dex format used by dalvik, Android's Java VM implementation

About smali/baksmali is an assembler/disassembler for the dex format used by dalvik, Android's Java VM implementation. The syntax is loosely based on

Ben Gruver 5.7k Dec 27, 2022
TweetNaCl in Java - a port of TweetNaCl-js

TweetNacl in Java: port of tweetnacl-js API/Usage Suggest always use TweetNaclFast implementation Public key authenticated encryption get key pair: Bo

AppNet.Link 40 Nov 10, 2022
Dex to Java decompiler

JADX jadx - Dex to Java decompiler Command line and GUI tools for producing Java source code from Android Dex and Apk files Main features: decompile D

null 32.8k Jan 2, 2023
Java bytecode obfuscator created by x4e.

Binscure Java bytecode obfuscator created by x4e. Usage First, create a config file, (example config here). When you have a config file, run binscure

null 35 Nov 22, 2022
A RSA Cipher implementation for Kotlin/Java

A RSA Cipher implementation for Kotlin/Java.

Lyzev 3 Aug 22, 2022
Soot - A Java optimization framework

Using Soot? Let us know about it! We are regularly applying for funding to help us maintain Soot. You can help us immensely by letting us know about p

Soot Program Analysis Framework 2.5k Jan 2, 2023
Find Security Bugs is the SpotBugs plugin for security audits of Java web applications

The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)

OWASP Find Security Bugs 2k Jan 6, 2023
Catch common Java mistakes as compile-time errors

Error Prone Error Prone is a static analysis tool for Java that catches common programming mistakes at compile-time. public class ShortSet { public

Google 6.3k Dec 23, 2022