Apk Reverse

Name: Apk Reverse
Author: zhaoxuya520

zhaoxuya520/reverse-skill

Guide an agent through Android APK reverse-engineering tasks when you need to inspect or audit a mobile app package.

Install

npx skills add https://github.com/zhaoxuya520/reverse-skill --skill apk-reverse

What is this skill?

Named for APK reverse-engineering workflows in the reverse-skill collection
Intended for mobile Android package analysis rather than server API design
Fits security-minded solo builders validating app behavior or third-party SDKs
Pair with legal/ethical constraints—only analyze apps you own or are authorized to test
Prism listing lacks readable SKILL.md body; verify steps inside the repo before production use

Adoption & trust: 1 installs on skills.sh; 1.3k GitHub stars; trending (+100% hot-view momentum).

Recommended Skills

Vercel React Native Skillsvercel-labs/agent-skills

Agent-oriented React Native performance playbook spanning core rendering, list optimization, and incremental tuning for …137k installs·27.7k stars

Firebase Basicsfirebase/agent-skills

Firebase-basics is an agent skill that walks solo builders through standing up Firebase for an Android application using…76.3k installs·345 stars

Building Native Uiexpo/skills

building-native-ui is an Expo-oriented agent skill that steers solo builders toward React Native Reanimated v4 for anima…46.9k installs·2k stars

Firebase Ai Logic Basicsfirebase/agent-skills

firebase-ai-logic-basics is a Firebase agent skill for solo builders shipping Flutter apps who want Google Gemini throug…39.7k installs·345 stars

Native Data Fetchingexpo/skills

Native Data Fetching is an Expo agent skill that governs how solo builders implement and troubleshoot every network requ…37.2k installs·2k stars

Firebase Firestorefirebase/agent-skills

Firebase-firestore is a narrow Firebase agent skill for solo builders shipping Android apps in Kotlin who need Cloud Fir…37k installs·345 stars

Journey fit

Primary fit

APK analysis is typically done before release or when assessing third-party app risk—aligned with Ship security review rather than greenfield UI build. Reverse engineering supports vulnerability discovery, permission review, and binary inspection under application security workflows.

SKILL.md

READMESKILL.md - Apk Reverse

0�
f0�
	*�H��
��
�	�0�	�0��	*�H��
�����0��0��*�H��

��@0�<0f	*�H��

0Y08	*�H��
0+
6�݋iv��S�-Gh#���9' 0*�H��
	0	`�He*3��Gd�+�ڃb?�q���xu���,~b�zmg���
+ܣ2��,���t�6�7/�W$3����}w�ؐ�ζ�����
Hߞ���r��!���!�y�R:�r6�J9~��)�R�f�����Ae��۹Q�@�+=O��@F���1s4�����K�Bb3.��}�{��y!�&�@bk�}�8f�g�u����:����WZ��g�-C��S��Nϛ�Ie�q�=i��3�^%�t��v~x@�-06�>�@X�*������StڴG��ۆ[�b�H�q�@�1�eaoȩ����vi�a1qsK�8ֲ?�:��*6K��Q�SP��j���YN�IT�ONX��4��
�I��k.�b���.}�\v�p�$%�?��:5Z�(`i��B��o�u��u�U���=�@/��GrAr�L���&��W�2F���dc�u�.�����;�f���>բD�� ��q�:�3k���V��Y0̶�c�&����}�l!-۠��~��j��@��o��_!��u)��RF���svv����T�6�ۋ߅X�+hؾ��KŚ���x¢L���u�����M�
��;IoS�I>��T�%Ū�ũ�킔�?A�U`��W�^`��b�H�l�:p�*���]ъ�U�9�=©5,i �#
aNډ��p�oPi&�E͏􂘒�L~ʕ.���z6zv���)l9��bN�?�!of��i������>�^�C1]�tV��5��]�7����q:��6��hi��=6�U���<\����"�I�q��T���M���n�%Ֆ0Y�+����՜3Ӆ$%�IU�a��?�K��!��N5�.K�*�;�(�
6�O٣ž��j�?���~K��^�[���$��&��J��U�Cf���n�l���4�<�W0��BQHIP�F�,�"a�Aoy��D�*�=Aփv�؃E0ؿJ��~~�M�E��=T^���������k��J�i�#����1�X����հFC� �Y���k���[�(B�:WG�ti�l�'����͢DS��h�3;�
$n����i�lrI|3�s��C��[�V�j�Q@h�6��^���~��襦sP>�9��m��m5��%6��ˢ���JG���\�9��hV<Z+^?y$v��wY�9�|F���-'��[�ӊiT�	0�+Ͷ��a���"qYǚ��Nք�x�ɏ���M��-�1R0-	*�H��
	1 androiddebugkey0!	*�H��
	1Time 17782373978780�1	*�H��
��"0�0�	*�H��
0f	*�H��

0Y08	*�H��
0+�B+wЁ+G����

�F��' 0*�H��
	0	`�He*Kyd�ج�8u}�������-�ߗS�� �=��F[b;�ڳT���ѷw�sr��յ�>~_X�F��~s.�%���p��~=��p��a����)vv^��V�����iK�2x]S�5�@4��a&���ĝ�_x��U��z�%���.�2~�H���K3F�q�Z�����T����rj-
^*lQ���QM�?�Lu���0�O��D��mNZ-����ko����@��jڽH�rV5����{ւ���y�8��o'�u�Ks�[G߰��6�%�����K.���n���S�)�q��c_�D��|��p�ȝ���5Ŏи���;�4A���׌�ɥ&�V�l�O7o�\:�t�r������'R��1��AW9��"��8<�\hkw�o�H�/�p��1�0{�9��An����%w4ӵ��&|�{-p�=6�����ˊ�_L/nz?18*y/�%h��{X
ql�A�����Vc���]h�iW���1��3�v<	�|��w�f%%rY�u틢o�U�%��T�ת�
z}C9��8%S�Z�gɰwX5V������wL�[j[�|S9�;V��(*Kڽ6V9�W�,��U�L2��l�_�Bb;���.�l��ຢa�Ȥh4�D�0	����`���|~n.`�Vp�,��(��Ez5f��=�	����;@�j�rtB�Y�}���7�s%d��(��4��@6��h�T��@*�"�"UC|>������"KM�.%"�	�<z�l�?e@:*)4jr[R�
�e��`���(��'��kf�[��b�d������X�К�K��A�K�g���/��fȋ�(S��ďܘO~x]94b�ߊiA�������zh�Β���c�6h�a���{��vhpVl`�'�3����&H�-Ma,%X��|5L�Jڜ���k����0M010
	`�He ︍+>ˉ���q���7+3꟢�<�3����\3��u�<��������{�b'

# Android 高级逆向参考

> 覆盖 Native SO 分析、Frida 高级用法、SSL Pinning 绕过、Root 检测对抗、加固脱壳、Flutter/React Native 逆向。

---

## Native SO 逆向

### 分析流程

```text
1. 从 APK 中提取 .so 文件
   unzip app.apk lib/arm64-v8a/*.so -d extracted/

2. 确认架构和基本信息
   file libxxx.so
   rabin2 -I libxxx.so

3. 找 JNI 入口
   - 搜索 JNI_OnLoad（动态注册）
   - 搜索 Java_com_xxx_yyy（静态注册）
   - nm -D libxxx.so | grep -i java

4. IDA/Ghidra 加载分析
   - 导入 JNI 头文件（jni.h 类型）
   - 标注 JNIEnv* 参数
   - 找 RegisterNatives 调用（动态注册的函数表）

5. 定位关键逻辑
   - 从 Java 层 native 方法名追踪
   - 从字符串（密钥、URL、错误信息）交叉引用
   - 从 crypto 库函数（AES/MD5/SHA）调用追踪
```

### JNI 函数注册

```c
// 静态注册：函数名 = Java_包名_类名_方法名
JNIEXPORT jstring JNICALL Java_com_example_app_Security_getSign(
    JNIEnv *env, jobject thiz, jstring input) { ... }

// 动态注册：在 JNI_OnLoad 中调用 RegisterNatives
static JNINativeMethod methods[] = {
    {"getSign", "(Ljava/lang/String;)Ljava/lang/String;", (void*)native_getSign},
};

JNIEXPORT jint JNI_OnLoad(JavaVM *vm, void *reserved) {
    JNIEnv *env;
    vm->GetEnv((void**)&env, JNI_VERSION_1_6);
    jclass clazz = env->FindClass("com/example/app/Security");
    env->RegisterNatives(clazz, methods, sizeof(methods)/sizeof(methods[0]));
    return JNI_VERSION_1_6;
}
```

### IDA 中分析 JNI 的技巧

```text
1. 导入 JNI 类型库
   File → Load File → Parse C Header → jni.h

2. 标注第一个参数为 JNIEnv*
   右键参数 → Set type → JNIEnv*
   这样 env->FindClass / env->GetMethodID 等调用会自动识别

3. 找 RegisterNatives
   搜索对 JNIEnv vtable offset 0x35C (ARM64)

What is this skill?

Named for APK reverse-engineering workflows in the reverse-skill collection

Intended for mobile Android package analysis rather than server API design

Fits security-minded solo builders validating app behavior or third-party SDKs

Pair with legal/ethical constraints—only analyze apps you own or are authorized to test

Prism listing lacks readable SKILL.md body; verify steps inside the repo before production use

Adoption & trust: 1 installs on skills.sh; 1.3k GitHub stars; trending (+100% hot-view momentum).

Journey fit

Primary fit

SKILL.md

READMESKILL.md - Apk Reverse

0�
f0�
	*�H��
��
�	�0�	�0��	*�H��
�����0��0��*�H��

��@0�<0f	*�H��

0Y08	*�H��
0+
6�݋iv��S�-Gh#���9' 0*�H��
	0	`�He*3��Gd�+�ڃb?�q���xu���,~b�zmg���
+ܣ2��,���t�6�7/�W$3����}w�ؐ�ζ�����
Hߞ���r��!���!�y�R:�r6�J9~��)�R�f�����Ae��۹Q�@�+=O��@F���1s4�����K�Bb3.��}�{��y!�&�@bk�}�8f�g�u����:����WZ��g�-C��S��Nϛ�Ie�q�=i��3�^%�t��v~x@�-06�>�@X�*������StڴG��ۆ[�b�H�q�@�1�eaoȩ����vi�a1qsK�8ֲ?�:��*6K��Q�SP��j���YN�IT�ONX��4��
�I��k.�b���.}�\v�p�$%�?��:5Z�(`i��B��o�u��u�U���=�@/��GrAr�L���&��W�2F���dc�u�.�����;�f���>բD�� ��q�:�3k���V��Y0̶�c�&����}�l!-۠��~��j��@��o��_!��u)��RF���svv����T�6�ۋ߅X�+hؾ��KŚ���x¢L���u�����M�
��;IoS�I>��T�%Ū�ũ�킔�?A�U`��W�^`��b�H�l�:p�*���]ъ�U�9�=©5,i �#
aNډ��p�oPi&�E͏􂘒�L~ʕ.���z6zv���)l9��bN�?�!of��i������>�^�C1]�tV��5��]�7����q:��6��hi��=6�U���<\����"�I�q��T���M���n�%Ֆ0Y�+����՜3Ӆ$%�IU�a��?�K��!��N5�.K�*�;�(�
6�O٣ž��j�?���~K��^�[���$��&��J��U�Cf���n�l���4�<�W0��BQHIP�F�,�"a�Aoy��D�*�=Aփv�؃E0ؿJ��~~�M�E��=T^���������k��J�i�#����1�X����հFC� �Y���k���[�(B�:WG�ti�l�'����͢DS��h�3;�
$n����i�lrI|3�s��C��[�V�j�Q@h�6��^���~��襦sP>�9��m��m5��%6��ˢ���JG���\�9��hV<Z+^?y$v��wY�9�|F���-'��[�ӊiT�	0�+Ͷ��a���"qYǚ��Nք�x�ɏ���M��-�1R0-	*�H��
	1 androiddebugkey0!	*�H��
	1Time 17782373978780�1	*�H��
��"0�0�	*�H��
0f	*�H��

0Y08	*�H��
0+�B+wЁ+G����

�F��' 0*�H��
	0	`�He*Kyd�ج�8u}�������-�ߗS�� �=��F[b;�ڳT���ѷw�sr��յ�>~_X�F��~s.�%���p��~=��p��a����)vv^��V�����iK�2x]S�5�@4��a&���ĝ�_x��U��z�%���.�2~�H���K3F�q�Z�����T����rj-
^*lQ���QM�?�Lu���0�O��D��mNZ-����ko����@��jڽH�rV5����{ւ���y�8��o'�u�Ks�[G߰��6�%�����K.���n���S�)�q��c_�D��|��p�ȝ���5Ŏи���;�4A���׌�ɥ&�V�l�O7o�\:�t�r������'R��1��AW9��"��8<�\hkw�o�H�/�p��1�0{�9��An����%w4ӵ��&|�{-p�=6�����ˊ�_L/nz?18*y/�%h��{X
ql�A�����Vc���]h�iW���1��3�v<	�|��w�f%%rY�u틢o�U�%��T�ת�
z}C9��8%S�Z�gɰwX5V������wL�[j[�|S9�;V��(*Kڽ6V9�W�,��U�L2��l�_�Bb;���.�l��ຢa�Ȥh4�D�0	����`���|~n.`�Vp�,��(��Ez5f��=�	����;@�j�rtB�Y�}���7�s%d��(��4��@6��h�T��@*�"�"UC|>������"KM�.%"�	�<z�l�?e@:*)4jr[R�
�e��`���(��'��kf�[��b�d������X�К�K��A�K�g���/��fȋ�(S��ďܘO~x]94b�ߊiA�������zh�Β���c�6h�a���{��vhpVl`�'�3����&H�-Ma,%X��|5L�Jڜ���k����0M010
	`�He ︍+>ˉ���q���7+3꟢�<�3����\3��u�<��������{�b'

# Android 高级逆向参考

> 覆盖 Native SO 分析、Frida 高级用法、SSL Pinning 绕过、Root 检测对抗、加固脱壳、Flutter/React Native 逆向。

---

## Native SO 逆向

### 分析流程

```text
1. 从 APK 中提取 .so 文件
   unzip app.apk lib/arm64-v8a/*.so -d extracted/

2. 确认架构和基本信息
   file libxxx.so
   rabin2 -I libxxx.so

3. 找 JNI 入口
   - 搜索 JNI_OnLoad（动态注册）
   - 搜索 Java_com_xxx_yyy（静态注册）
   - nm -D libxxx.so | grep -i java

4. IDA/Ghidra 加载分析
   - 导入 JNI 头文件（jni.h 类型）
   - 标注 JNIEnv* 参数
   - 找 RegisterNatives 调用（动态注册的函数表）

5. 定位关键逻辑
   - 从 Java 层 native 方法名追踪
   - 从字符串（密钥、URL、错误信息）交叉引用
   - 从 crypto 库函数（AES/MD5/SHA）调用追踪
```

### JNI 函数注册

```c
// 静态注册：函数名 = Java_包名_类名_方法名
JNIEXPORT jstring JNICALL Java_com_example_app_Security_getSign(
    JNIEnv *env, jobject thiz, jstring input) { ... }

// 动态注册：在 JNI_OnLoad 中调用 RegisterNatives
static JNINativeMethod methods[] = {
    {"getSign", "(Ljava/lang/String;)Ljava/lang/String;", (void*)native_getSign},
};

JNIEXPORT jint JNI_OnLoad(JavaVM *vm, void *reserved) {
    JNIEnv *env;
    vm->GetEnv((void**)&env, JNI_VERSION_1_6);
    jclass clazz = env->FindClass("com/example/app/Security");
    env->RegisterNatives(clazz, methods, sizeof(methods)/sizeof(methods[0]));
    return JNI_VERSION_1_6;
}
```

### IDA 中分析 JNI 的技巧

```text
1. 导入 JNI 类型库
   File → Load File → Parse C Header → jni.h

2. 标注第一个参数为 JNIEnv*
   右键参数 → Set type → JNIEnv*
   这样 env->FindClass / env->GetMethodID 等调用会自动识别

3. 找 RegisterNatives
   搜索对 JNIEnv vtable offset 0x35C (ARM64)

Install

What is this skill?

Recommended Skills

Journey fit

SKILL.md

This week for builders

Install

What is this skill?

Recommended Skills

Journey fit

SKILL.md