John Smith adcc04e8dd Initial import: Android-RE monorepo
Fresh re-import of the project. The prior history of the
Heretek-AI/Android-RE repository was rebuilt from a single squashed
initial commit per the project's vendor-neutrality policy (see
CLAUDE.md for the policy and translation table).

The audit trail for the rebuild is preserved at
/tmp/sanitize/pre-destroy/ on the analyst host. The redaction spec
is at /tmp/sanitize/redacts.json; the audit decision log is at
/tmp/sanitize/audit-decision.md.
2026-06-05 13:22:38 -04:00
2026-06-05 13:22:38 -04:00
2026-06-05 13:22:38 -04:00
2026-06-05 13:22:38 -04:00
2026-06-05 13:22:38 -04:00
2026-06-05 13:22:38 -04:00
2026-06-05 13:22:38 -04:00
2026-06-05 13:22:38 -04:00
2026-06-05 13:22:38 -04:00
2026-06-05 13:22:38 -04:00

Android-RE

Claude Code skills and MCP servers for Android APK reverse engineering. Drop in an APK, get a MASVS-aligned triage report in 60 seconds. Hook a method, get a working Frida session. Inspect a .so file, get a hardening report.

This is a monorepo containing:

  • 4 MCP servers (Python + TypeScript) that wrap and compose the existing Android RE ecosystem (Apktool, jadx, androguard, LIEF, Frida, ADB, etc.).
  • 11 Claude Code skills that orchestrate the MCP tools into high-value workflows (triage, decompile, dynamic hooking, MASVS reporting, etc.).
  • A shared Python core library (android_re_core) used by every Python MCP server so APK parsing, frida sessions, and tool paths are defined once.
  • A unified Output/ folder convention — every run lands its deliverables at Output/<apk>-<sha>/<subdir>/<file>. See docs/output-convention.md for the full convention and docs/getting-started.md for the first-APK walkthrough.

Repository Layout

Input/             drop APKs here (git-ignored)
Output/            every deliverable lands here (git-ignored, env-var-overridable)
android_re_core/   shared Python library (androguard, LIEF, frida, ADB)
mcp_servers/       4 Python MCP servers (static, native, dynamic, triage)
mcp_bridge/        1 TypeScript MCP server (ADB device bridge)
skills/            12 Claude Code skills (workflows that compose MCP tools)
bin/               install.sh, doctor.sh, pull-tools.sh, …
tools/             isolated subprocess runners (apkleaks, androwarn, …)
docs/              mkdocs site
examples/          end-to-end walkthroughs (deliberately-vulnerable training apps)
tests/             cross-component / E2E

Quick Start

Prerequisites: Python 3.12+, Node 24+, Java 17+, Android Platform Tools (adb), and a rooted device or emulator (only for dynamic analysis).

# Install everything: Python packages, Node package, vendored jars, skill symlinks
./bin/install.sh

# Verify the toolchain
./bin/doctor.sh

# Drop an APK in and triage it
claude
> /android-re-triage-orchestrator
> triage path/to/app.apk

To install just the skills (and rely on the user installing the MCP servers separately):

./bin/install.sh --skills-only

See docs/getting-started.md for the full guide.

Architecture

See docs/architecture.md for an up-to-date description of the components and how they fit together.

Skills (11)

Skill Purpose
android-re-triage-orchestrator Drop-in APK → MASVS report
android-re-static-triage 5-minute static overview
android-re-decompile Pull pseudocode/smali for specific methods
android-re-dynamic-hook Hook a method, observe behavior on device
android-re-native-triage Assess native library hardening
android-re-network-intercept Capture HTTPS from app
android-re-secrets-scan Deep secrets & risk findings
android-re-sslpinning-bypass Bypass SSL pinning on a target app
android-re-repackage Modify + repackage APK for testing
android-re-masvs-report Single MASVS-aligned report
android-re-frida-script-author Generate Frida scripts with helper templates

MCP Servers (5)

Server Language Purpose
android-re-static Python Static APK analysis (androguard)
android-re-native Python Native binary analysis (LIEF)
android-re-dynamic Python Device + Frida instrumentation
android-re-triage Python Orchestrates the other three
mcp_bridge TypeScript ADB / screencap / logcat / frida-ps

Status

Phase 1 (Foundation) is in progress. See the project plan in /home/john/.claude/plans/calm-juggling-clarke.md for the full 4-phase roadmap.

License

Apache-2.0. See LICENSE. Note that frida-server is bundled under the wxWindows Library Licence with a personal-use restriction; see LICENSE-3rdparty.md.

Contributing

See CONTRIBUTING.md.

Security

See SECURITY.md. Report vulnerabilities to security@heretek-ai.example (replace with the real address when the org sets up a security inbox).

S
Description
Languages
Python 91.8%
TypeScript 3.9%
Shell 2.8%
JavaScript 0.7%
Just 0.4%
Other 0.4%