Two new items, both rooted in the 2026-06-05 survey of the 5 revanced-* repos in Input/ and the sibling RE-Library site: 1. RE-Library (MIT) is now peer-registered as the 6th MCP server in .mcp.json. The peer is opt-in via `just install-re-library` and is read-only. Five high-traffic skills each gain a "Background reading (peer MCP)" subsection that calls mcp__re-library__* for generic RE patterns before writing Frida hooks or MASVS reports. 15 new tests in tests/test_mcp_config.py lock the wiring in. 2. The dynamic MCP server's install_apk tool now runs a clean-room 3-strategy install ladder (adb_install -> push_then_pm_install -> staged_install) so it works on Android 14+ devices where the one-shot `adb install` is rejected with INSTALL_FAILED_OWNER_BLOCKED. Implementation is written from AOSP docs, not lifted from the GPLv3 source. 11 new unit tests + 2 new dry-run tests + 3 new @pytest.mark.device e2e tests. Survey review lives at docs/research/2026-06-05-revanced-input-survey.md. Side fix: remove unused `asyncio_mode = "auto"` from pyproject.toml (no test in the suite uses @pytest.mark.asyncio, and the line fails --strict-config under pytest 9 + pytest-asyncio 1.4). Verification: 176 passed, 1 skipped, 5 deselected (e2e). ruff clean, mypy --strict on the new module clean. No named commercial apps / vendors / DRM schemes in any new artifact per the no-named-apps policy. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Android-RE
Claude Code skills and MCP servers for Android APK reverse engineering. Drop
in an APK, get a MASVS-aligned triage report in 60 seconds. Hook a method,
get a working Frida session. Inspect a .so file, get a hardening report.
This is a monorepo containing:
- 4 MCP servers (Python + TypeScript) that wrap and compose the existing Android RE ecosystem (Apktool, jadx, androguard, LIEF, Frida, ADB, etc.).
- 11 Claude Code skills that orchestrate the MCP tools into high-value workflows (triage, decompile, dynamic hooking, MASVS reporting, etc.).
- A shared Python core library (
android_re_core) used by every Python MCP server so APK parsing, frida sessions, and tool paths are defined once. - A unified
Output/folder convention — every run lands its deliverables atOutput/<apk>-<sha>/<subdir>/<file>. Seedocs/output-convention.mdfor the full convention anddocs/getting-started.mdfor the first-APK walkthrough. - An optional 6th peer MCP server —
re-library(MIT) is registered in.mcp.jsonfor generic RE knowledge-base lookups (search_re/get_entry/list_categories). Opt-in install withjust install-re-library; not required for the other 5 servers.
Repository Layout
Input/ drop APKs here (git-ignored)
Output/ every deliverable lands here (git-ignored, env-var-overridable)
android_re_core/ shared Python library (androguard, LIEF, frida, ADB)
mcp_servers/ 4 Python MCP servers (static, native, dynamic, triage)
mcp_bridge/ 1 TypeScript MCP server (ADB device bridge)
skills/ 12 Claude Code skills (workflows that compose MCP tools)
bin/ install.sh, doctor.sh, pull-tools.sh, …
tools/ isolated subprocess runners (apkleaks, androwarn, …)
docs/ mkdocs site
examples/ end-to-end walkthroughs (deliberately-vulnerable training apps)
tests/ cross-component / E2E
Quick Start
Prerequisites: Python 3.12+, Node 24+, Java 17+, Android Platform Tools
(adb), and a rooted device or emulator (only for dynamic analysis).
# Install everything: Python packages, Node package, vendored jars, skill symlinks
./bin/install.sh
# Verify the toolchain
./bin/doctor.sh
# Drop an APK in and triage it
claude
> /android-re-triage-orchestrator
> triage path/to/app.apk
To install just the skills (and rely on the user installing the MCP servers separately):
./bin/install.sh --skills-only
See docs/getting-started.md for the full guide.
Architecture
See docs/architecture.md for an up-to-date
description of the components and how they fit together.
Skills (11)
| Skill | Purpose |
|---|---|
android-re-triage-orchestrator |
Drop-in APK → MASVS report |
android-re-static-triage |
5-minute static overview |
android-re-decompile |
Pull pseudocode/smali for specific methods |
android-re-dynamic-hook |
Hook a method, observe behavior on device |
android-re-native-triage |
Assess native library hardening |
android-re-network-intercept |
Capture HTTPS from app |
android-re-secrets-scan |
Deep secrets & risk findings |
android-re-sslpinning-bypass |
Bypass SSL pinning on a target app |
android-re-repackage |
Modify + repackage APK for testing |
android-re-masvs-report |
Single MASVS-aligned report |
android-re-frida-script-author |
Generate Frida scripts with helper templates |
MCP Servers (5)
| Server | Language | Purpose |
|---|---|---|
android-re-static |
Python | Static APK analysis (androguard) |
android-re-native |
Python | Native binary analysis (LIEF) |
android-re-dynamic |
Python | Device + Frida instrumentation |
android-re-triage |
Python | Orchestrates the other three |
mcp_bridge |
TypeScript | ADB / screencap / logcat / frida-ps |
Status
Phase 1 (Foundation) is in progress. See the project plan in
/home/john/.claude/plans/calm-juggling-clarke.md for the full 4-phase roadmap.
License
Apache-2.0. See LICENSE. Note that frida-server is bundled
under the wxWindows Library Licence with a personal-use restriction; see
LICENSE-3rdparty.md.
Contributing
See CONTRIBUTING.md.
Security
See SECURITY.md. Report vulnerabilities to
security@heretek-ai.example (replace with the real address when the org
sets up a security inbox).