John Smith 8722cd710c feat: RE-Library peer MCP + SDK-34+ aware APK install (clean-room)
Two new items, both rooted in the 2026-06-05 survey of the 5
revanced-* repos in Input/ and the sibling RE-Library site:

1. RE-Library (MIT) is now peer-registered as the 6th MCP server
   in .mcp.json. The peer is opt-in via `just install-re-library`
   and is read-only. Five high-traffic skills each gain a
   "Background reading (peer MCP)" subsection that calls
   mcp__re-library__* for generic RE patterns before writing
   Frida hooks or MASVS reports. 15 new tests in
   tests/test_mcp_config.py lock the wiring in.

2. The dynamic MCP server's install_apk tool now runs a clean-room
   3-strategy install ladder (adb_install -> push_then_pm_install
   -> staged_install) so it works on Android 14+ devices where
   the one-shot `adb install` is rejected with
   INSTALL_FAILED_OWNER_BLOCKED. Implementation is written from
   AOSP docs, not lifted from the GPLv3 source. 11 new unit tests
   + 2 new dry-run tests + 3 new @pytest.mark.device e2e tests.

Survey review lives at docs/research/2026-06-05-revanced-input-survey.md.

Side fix: remove unused `asyncio_mode = "auto"` from
pyproject.toml (no test in the suite uses @pytest.mark.asyncio,
and the line fails --strict-config under pytest 9 + pytest-asyncio 1.4).

Verification: 176 passed, 1 skipped, 5 deselected (e2e).
ruff clean, mypy --strict on the new module clean.
No named commercial apps / vendors / DRM schemes in any new
artifact per the no-named-apps policy.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-05 16:22:01 -04:00
2026-06-05 13:51:51 -04:00
2026-06-05 13:51:51 -04:00
2026-06-05 13:51:51 -04:00
2026-06-05 13:51:51 -04:00
2026-06-05 13:51:51 -04:00
2026-06-05 13:51:51 -04:00

Android-RE

Claude Code skills and MCP servers for Android APK reverse engineering. Drop in an APK, get a MASVS-aligned triage report in 60 seconds. Hook a method, get a working Frida session. Inspect a .so file, get a hardening report.

This is a monorepo containing:

  • 4 MCP servers (Python + TypeScript) that wrap and compose the existing Android RE ecosystem (Apktool, jadx, androguard, LIEF, Frida, ADB, etc.).
  • 11 Claude Code skills that orchestrate the MCP tools into high-value workflows (triage, decompile, dynamic hooking, MASVS reporting, etc.).
  • A shared Python core library (android_re_core) used by every Python MCP server so APK parsing, frida sessions, and tool paths are defined once.
  • A unified Output/ folder convention — every run lands its deliverables at Output/<apk>-<sha>/<subdir>/<file>. See docs/output-convention.md for the full convention and docs/getting-started.md for the first-APK walkthrough.
  • An optional 6th peer MCP serverre-library (MIT) is registered in .mcp.json for generic RE knowledge-base lookups (search_re / get_entry / list_categories). Opt-in install with just install-re-library; not required for the other 5 servers.

Repository Layout

Input/             drop APKs here (git-ignored)
Output/            every deliverable lands here (git-ignored, env-var-overridable)
android_re_core/   shared Python library (androguard, LIEF, frida, ADB)
mcp_servers/       4 Python MCP servers (static, native, dynamic, triage)
mcp_bridge/        1 TypeScript MCP server (ADB device bridge)
skills/            12 Claude Code skills (workflows that compose MCP tools)
bin/               install.sh, doctor.sh, pull-tools.sh, …
tools/             isolated subprocess runners (apkleaks, androwarn, …)
docs/              mkdocs site
examples/          end-to-end walkthroughs (deliberately-vulnerable training apps)
tests/             cross-component / E2E

Quick Start

Prerequisites: Python 3.12+, Node 24+, Java 17+, Android Platform Tools (adb), and a rooted device or emulator (only for dynamic analysis).

# Install everything: Python packages, Node package, vendored jars, skill symlinks
./bin/install.sh

# Verify the toolchain
./bin/doctor.sh

# Drop an APK in and triage it
claude
> /android-re-triage-orchestrator
> triage path/to/app.apk

To install just the skills (and rely on the user installing the MCP servers separately):

./bin/install.sh --skills-only

See docs/getting-started.md for the full guide.

Architecture

See docs/architecture.md for an up-to-date description of the components and how they fit together.

Skills (11)

Skill Purpose
android-re-triage-orchestrator Drop-in APK → MASVS report
android-re-static-triage 5-minute static overview
android-re-decompile Pull pseudocode/smali for specific methods
android-re-dynamic-hook Hook a method, observe behavior on device
android-re-native-triage Assess native library hardening
android-re-network-intercept Capture HTTPS from app
android-re-secrets-scan Deep secrets & risk findings
android-re-sslpinning-bypass Bypass SSL pinning on a target app
android-re-repackage Modify + repackage APK for testing
android-re-masvs-report Single MASVS-aligned report
android-re-frida-script-author Generate Frida scripts with helper templates

MCP Servers (5)

Server Language Purpose
android-re-static Python Static APK analysis (androguard)
android-re-native Python Native binary analysis (LIEF)
android-re-dynamic Python Device + Frida instrumentation
android-re-triage Python Orchestrates the other three
mcp_bridge TypeScript ADB / screencap / logcat / frida-ps

Status

Phase 1 (Foundation) is in progress. See the project plan in /home/john/.claude/plans/calm-juggling-clarke.md for the full 4-phase roadmap.

License

Apache-2.0. See LICENSE. Note that frida-server is bundled under the wxWindows Library Licence with a personal-use restriction; see LICENSE-3rdparty.md.

Contributing

See CONTRIBUTING.md.

Security

See SECURITY.md. Report vulnerabilities to security@heretek-ai.example (replace with the real address when the org sets up a security inbox).

S
Description
Languages
Python 91.8%
TypeScript 3.9%
Shell 2.8%
JavaScript 0.7%
Just 0.4%
Other 0.4%